A Commitment Scheme library for Coin Flipping/Tossing algorithms and sort.
This project implements Commitment Schemes using the Galois/Counter Mode (GCM) of secret-key encryption. Because this AES encryption mode provides both Message Confidentiality and Integrity, it fits perfectly the Hiding and Binding properties of Commitment Schemes. Confidentiality protects the message against passive attacks while integrity protects it from active attacks. GCM, so, works as an Authenticated Encryption where it roughly works as an encryption algorithm with MAC signatures on cipher data.
The hiding property states that it is impossible to discover the secret with the commitment data left alone, that is, the commitment receiver can’t know the secret until the commitment sender reveals that through her opening key.
The binding property, on the other hand, ensures invariants on the commitment sender side. It disallows the sender to change the secret by using a different opening key. While the sender can refuse to reveal her secret, she can’t cheat on the game. There’s a variant of commitment schemes called Timed Commitments where the receiver can brute-force the commitment in the case of the sender aborting the game by refusing to send the opening key, tho. Another variant called Fuzzy Commitments accepts some noise during opening phase.
For the stable release, just type:
$ opam install nocoiner
To install/test the unstable version on this repository (assuming you’re inside the project’s root directory):
$ make install # 'make uninstall' reverts the changes
$ make test
As library (assuming you have linked the package
let secret = "I have nothing to hide." let (c, o) = Nocoiner.commit secret assert (secret = Nocoiner.reveal ~commitment:c ~opening:o)
Nocoiner.commit operation is non-deterministic and the
Nocoiner.reveal is deterministic. The
Nocoiner.reveal operation may throw
the following exceptions:
Nocoiner.Reasons.InvalidCommitment, if the parsing of commitment fails.
Nocoiner.Reasons.InvalidOpening, if the opening key contains invalid data.
Nocoiner.Reasons.BindingFailure, if both commitment & opening are unrelated.
As the command-line interface (ignore all the
$ below while typing):
$ echo "Something not really secret..." > secret.txt $ cat secret.txt | nocoiner commit \ --commitment-file=commitment-box.txt \ --opening-file=opening-key.txt $ nocoiner reveal \ --commitment-file=commitment-box.txt \ --opening-file=opening-key.txt > secret-output.txt $ cat secret-output.txt
This library was not fully tested against side-channel attacks. Besides the
good source of entropy by the
nocrypto’s implementation of Fortuna PRNG
algorithm, AES-GCM mode doesn’t work well with huge amount of data. Keep in mind
that the use cases of this library is for Secure Multiparty games such as online
Gambling and Auctions. With other use cases, the security of this cryptographic
primitive can be deemed as flawed.
Note that players can abort in the middle of a Commit-and-Reveal game, so you
should as well deal with that on your code logic. The random encryption key
and input vector only ensure the uniqueness locally, it’s also possible to
happen collisions of both random data on a distributed setting (it’s due the
sources of entropy being remote and different - so commitments and openings
would be identical, think on that even if this probability is small).
case, you can either take a fingerprint of the host machine and a timestamp
nonce into account, in the same sense of Elliott’s CUID library (we already
cover that issue of distributed collisions by using a fingerprint of hashed