Commit Reveal

Published by Mario Oettler on

Since every data in a blockchain is public, it is impossible to store them secretly. This creates some challenges for many applications. Imagine a game where player A decides upon a number and player B has to guess this number. Off-chain, this would be easy. Player A would write his number on a sheet of paper and hide it. After player B made its guess, A would show the paper and both know whether B guessed right or wrong by comparing their papers.

In a blockchain, the situation is different. If A stores the number in a variable in a smart contract, B can read the variable and thus always “guess” correctly. That’s why we have to go another way. The scheme we describe here is called commit-reveal-scheme.

It works as follows:

Imagine the game rock, paper, scissors. Since it is impossible to reveal the choice at the same time in a blockchain environment, users must commit to their choice beforehand. User 1 thinks of “paper”. He hashes it together with a random number (called salt) and submits the hash to the smart contract. User 2 does the same with his choice “rock”. That way, they have committed to their choices without revealing them.

Now, user 1 reveals his choice by publishing “paper” and the salt. The contract can then check if it matches with the committed hash. If it fits, it’s a valid submission. The same holds for user 2.

If any of our users tries to change his choice and reveals something different, more beneficial instead, it would be detected by comparing the committed hash to the hash from the revealed values.

The commit reveal scheme can be extended by a punishment mechanism if a user doesn’t reveal its true value or fails to reveal anything in a given time.