#StackBounty: #reference-request #commitments Computationally binding commitment

Bounty: 100

A Computationally Binding commitment scheme is defined as a tuple of protocols $(mathsf{Keygen}, mathsf{Com}, mathsf{Open})$, that along with correctness guarantees that for all PPT algorithms the probability that, given a correctly generated commitment key $k$, it outputs a commitment and two different openings is negligible.

Now, if the receiver sends a message $R$ between the committing phase and the opening phase, called $m$ the message revealed, then it’s almost never the case that $m$ and $R$ are independent (with negligible probability the adversary could open to a function of $R$). Can we at least say that $m$ and $R$ are "almost independent" (in this question I proposed a way to have relaxed independence)?

In case the answer is negative, what are computationally binding commitments used for?


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.