Homomorphic commitments (Pedersen)

You are here:
< All Topics

Pedersen commitments are additively homomorphic commitments such that it is easy to create a commitment of the sum of the committed values given two commitments. Additionally, one can compute multiples of a commitment or add/subtract a constant from the committed value without knowledge of what that value is. This is useful for confidential transfers in the UTXO transaction model where each transaction spends old UTXOs and creates new UTXOs such that the difference between the incoming and outcoming amounts is 0. If the inputs and outputs are homomorphic commitments, then it is easy to create a commitment to the difference between the outputs and inputs. A proof that the transaction is valid is equivalent to a proof that the difference commitment is a commitment to 0.

Previous Cryptographic commitments
Next Homomorphic public-key encryption (ElGamal)
Table of Contents