Commitment Scheme

Cryptographic Commitment Scheme

A commitment scheme lets one party (the committer) lock in a value without revealing it, then later prove they committed to that specific value. Think of sealing a prediction in an envelope — you can't change it after the fact, but the recipient can't see it yet.

Properties

• Hiding: the commitment $C$ reveals nothing about the value $v$
• Binding: once committed, the committer cannot change $v$ to a different value that produces the same $C$

Construction with a Nonce

To commit to value $v$, choose a random nonce (number used once) $r$:

$C = H(v, r)$

To reveal: publish $(v, r)$. Anyone can verify by recomputing $H(v, r) = C$.

The nonce prevents dictionary attacks: without $r$, guessing $v$ from $C$ is infeasible.

Applications

• Mental poker — commit to cards before any player reveals theirs
• Coin flipping over the wire — both parties commit to random bits, then reveal simultaneously
• Zero-knowledge proofs — commitments are a core building block
• Auction systems — sealed bids that are opened simultaneously

Our Simulation

We simulate commitment with a simple hash:

$\text{commit}(v, r) = (v \times 1000003 \oplus r) \bmod 2^{32}$

(1000003 is a prime that gives good mixing.)

Your Task

Implement:

• commit(value, nonce) → (value * 1000003 ^ nonce) & 0xFFFFFFFF
• reveal(commitment, value, nonce) → bool: check if recomputing gives the same commitment