I’ve been reading lately about zero knowledge proofs and commitment schemes.
I had this idea about a commitment scheme that could hide a timestamp(or a number in general) until such time that the prover would want to reveal it to the verifier.
Warning: I do not claim this is an original idea, it’s probably documented somewhere else, I just didn’t bother to search for it.
Update: found this: http://crypto.cs.mcgill.ca/~crepeau/COMP647/2007/TOPIC07/Halevi-Micali.pdf
This is the scheme I am thinking about:
- The Prover chooses a random large prime number R
- The Prover multiplies T and R. We assume that
1T*R > 0
(January 1st 1970!)
- The Prover encrypts (T-R) with the Verifier’s public key Pk, making a commitment C
- The Prover sends the Verifier the commitment C
- When the Prover wants to reveal to the Verifier his committed timestamp he sends R
Now, I realize that this does not work very well as a commitment scheme because if the Prover chooses to lie about his R, than he can manipulate the resulting timestamp – not cool for time based bets for example. To fix this we can define a reasonable interval for the timestamp so that if the Prover becomes dishonest he will be outside of this interval if he chooses to use the previous(or the next) random number.
But it should work fine when we just want to hide a number and be able to reveal it and any given moment.
It all hinges on how we choose to combine T and R.
Comments are welcome!