Score:1

Coin tosses in the context of commitment schemes

cn flag

I was reading the “Fast Multiparty Threshold ECDSA with Fast Trustless Setup” paper by Gennaro & Goldfeder, 2018 and I encountered this portion (Sect. 2.4, p.6):

Portion of the paper that talks about Com protocol

This excerpt leaves me slightly confused. First, there’s seemingly a mismatch (a typo?) between r and R — or is it that R is the set from which r is sampled? Second, most important, what are these coin tosses? There’s no mention of coin tosses anywhere else in the paper and after reading some external sources on commitment schemes the only references to coin tosses are in sample applications of commitment, e.g., in an async coin toss scenario.

To summarize, what are these coin tosses and what is R?

Score:1
sa flag

Normally, coin tosses are random variables $r$ drawn (usually uniformly unless otherwise specified) from a finite set $R.$

In this case however $R=g^{k^{-1}}$ where $r=H’(R)$ and $H’$ is a hash function from a cyclic group of prime order into $Z_q$ and $k$ is a uniformly distributed random variable from $Z_q.$ So $R$ is a random variable which is a function of the random variable $k$ and $r$ is a random variable derived from $R,$ so it also depends on $k.$

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.