Join Log in
Score:0
avatar Crypto

How to select $r$ in Pedersen commitment scheme?

nz flag
Ilia Sidorenko

I'm implementing Pedersen commitment scheme in order to enhance entropy of a pre-image of a hash. I'm using secp256k1 for my curve parameters.

I am following naming conventions from here: What is a Pedersen commitment?

I am performing a commit $C = (m, r)$ and then another commit $C' = (m, r')$

Then I do the blind equality check $C - C' = (r - r')G.$

I got the blind equality check working, but only for some values of $r$. It looks like it works better when $r$ is a prime or when $r$ and $r'$ don't have common divisors.

What's the proper way to select $r$ values? Right now I am just selecting random values in between 0 and 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f

72
0 + 0
knaccc avatar
es flag
knaccc
are you doing $r-r'\ mod\ q$?
1
Reply
nz flag
Ilia Sidorenko
Hmm, I'm doing `uint256 _r3 = submodP( _r1 , _r2 )`. I'm not sure what $q$ is, to be honest. Maybe `submodP` is not enough on its own and I do need to $mod q$ on top of it. Thank you, I'll research that further.
0
Reply
knaccc avatar
es flag
knaccc
For secp256k1, your group order $q$ is 115792089237316195423570985008687907852837564279074904382605163141518161494337. You should not be doing mod p and mod q, only mod q.
1
Reply
nz flag
Ilia Sidorenko
Hi @knaccc you're right. Turns out I was doing `mod 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F` and I had to just change it to `mod 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141` and it now works fine. That solved my issue.
1
Reply
Score:1
Ievgeni avatar Crypto
cn flag
Ievgeni

According to this paper, $r$ ($t$ in the paper) should be picked uniformly at random in $\mathbb{Z}_q$ (i.e $\big\{0, \dots, (q-1)\big\}$), with $q$ the order of $\mathbb{G}$.

According to this link the order is:

FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141

Then you have to select a random value in between $0$ and

FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364140 include.

0 + 0
nz flag
Ilia Sidorenko
That's a great paper, I'll research that further and figure out what I'm missing, thank you!
0
Reply
Score:0
avatar Crypto
nz flag
Ilia Sidorenko

I was doing mod 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F for $(r - r')$ and I just had to change it to mod 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141. Not an issue with $r$ selection per se, but with computing $(r - r')$.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.