Pedersen Commitment扫盲及sage和python脚本

1. What is Pedersen Commitment

The Pedersen commitment allows us to commit to a message, but not actually reveal it until some time in the future. We can also use the Pedersen commitment to add commitment values (and thus implement partial homomorphic encryption).具有加法同态性。

Pedersen Commitment扫盲及sage和python脚本_第1张图片
Pedersen Commitment扫盲及sage和python脚本_第2张图片
Pedersen Commitment扫盲及sage和python脚本_第3张图片

In the Pedersen commitment we take two large prime numbers (p and q) and and we create a generator value (g) which is of the order of q and a subgroup of Z∗p. Then s becomes a secret from 0 to Zq, and we calculate:

h=gs(mod q)
The sender now creates a commitment for a message (m) and with a random number ( r ):

c=gmhr(mod p)
The sender can then send c to the receiver. Next, the sender will then reveal m and r for the commitment, and the receiver verifies with:

c=gmhr(mod p)
If the values match, the receiver has proven the commitment.

We can also use as homomorphic encryption, and where we multiply commitments, and which is equivalent to adding the secret values.

2. Pedersen python 脚本执行Pedersen Commitment扫盲及sage和python脚本_第4张图片

p= 1073531987797777397076650318414874311961015828617
q= 2147063975595554794153300636829748623922031657235
g= 946803554106596685676502448930669957665485262726
h= 671984317881331060476673916863129879834637502061

Msg1: 13
Msg2: 70

c1,r1: 857781029884810220708332123163722051098254933631 , 1246282773499086909695272704868577897646685678593
c2,r2: 222059838429680874301144020481740005725229156931 , 1826948506509556503709301308806172751966928148498

We can now multiply c1 and c2, which is same as adding Msg1 and Msg2

Commitment of adding (Msg1+Msg2):	934657132489851996342715237746899886185147042551

Result of verifying c1:		True
Result of verifying c2:		True
Result of verifying Msg1+Msg2:	True

3. 针对2的sage脚本验证

sage: p= 1073531987797777397076650318414874311961015828617
....: q= 2147063975595554794153300636829748623922031657235
....: c1=857781029884810220708332123163722051098254933631
....: c2=222059838429680874301144020481740005725229156931
....: mod(c1*c2,q)
....:
934657132489851996342715237746899886185147042551
sage: g= 946803554106596685676502448930669957665485262726
sage: h= 671984317881331060476673916863129879834637502061
sage: s=72544735974999042264134024833082775617554105431
sage: power_mod(g,s,q)
671984317881331060476673916863129879834637502061
sage: m=13
sage: r=1246282773499086909695272704868577897646685678593
sage: mod(power_mod(g,m,q)*power_mod(h,r,q),q)
857781029884810220708332123163722051098254933631

参考资料:
[1] https://asecuritysite.com/encryption/ped
[2] https://github.com/ssuminpark/2018_UCT_Crypto/blob/master/Codes/Commitment/pedersen.py
[3] https://www.youtube.com/watch?time_continue=34&v=J9SOk9dIOCk

你可能感兴趣的:(Pedersen Commitment扫盲及sage和python脚本)