> For the complete documentation index, see [llms.txt](https://zokyo-auditing-tutorials.gitbook.io/zokyo-tutorials/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://zokyo-auditing-tutorials.gitbook.io/zokyo-tutorials/tutorial-16-zero-knowledge-zk/definitions-and-essentials/pedersen-commitment.md). # Pedersen commitment {% hint style="info" %} [**Book an audit with Zokyo**](https://www.zokyo.io/) {% endhint %} A Pedersen commitment is a cryptographic primitive used to commit to a chosen value while keeping it hidden from others, but with the capability to reveal the chosen value later. Pedersen commitments are commonly used in cryptographic protocols to achieve both confidentiality (hiding information) and commitment (ensuring information isn't changed later). The Pedersen commitment has the properties of being both hiding (it's computationally infeasible to determine the committed value) and binding (once you've committed, you can't change your mind without detection). Here's how it works: 1. **Setup**: Two large prime numbers $$p$$ and $$q$$ are chosen such that $$q$$ divides $$p−1$$. Then, a cyclic group $$G$$ of order $$q$$ is selected with generator $$g$$. A random $$h$$ is also chosen from $$G$$ such that no one knows the discrete logarithm of $$h$$ with respect to $$g$$, i.e., no one knows $$a$$ where $$h=g^a$$. 2. **Commitment**: To commit to a value $$s$$ with randomness $$r$$, the commitment $$C$$ is calculated as: $$C=g^s⋅h^r$$ 3. **Opening**: To open the commitment (i.e., to reveal the committed value), the committer provides the value $$s$$ and the randomness $$r$$. The verifier then checks the commitment using the given $$s$$ and $$r$$ against the previously provided commitment $$C$$. The hiding property ensures that, given $$C$$, it's computationally hard to deduce $$s$$ or $$r$$. The binding property ensures that, once $$C$$ has been provided, it's computationally infeasible to find any other $$s^′$$ or $$r^′$$ such that the commitment could have been created with $$s^′$$ and $$r^′$$ (i.e., you can't find two different sets of values that result in the same commitment). Pedersen commitments are used in a variety of cryptographic protocols and systems, especially in the context of zero-knowledge proofs and privacy-preserving mechanisms. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://zokyo-auditing-tutorials.gitbook.io/zokyo-tutorials/tutorial-16-zero-knowledge-zk/definitions-and-essentials/pedersen-commitment.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.