Hash-Based Commitments

A commitment scheme lets you "lock in" a value and reveal it later. A simple hash-based commitment is:

commit = H(nonce || message)

• Binding: hard to open the same commitment to a different message.
• Hiding: if the nonce is random and secret, the message is hidden.

To avoid ambiguity, we use domain separation and length prefixes:

commit = SHA256( 0x43 || len(nonce) || nonce || 0x4d || len(message) || message )

Where lengths are 8-byte big-endian integers.

Function signatures

func Commit(message, nonce []byte) [32]byte
func VerifyCommitment(message, nonce []byte, commitment [32]byte) bool

Notes

• SHA-256 is provided. Do not import crypto/sha256.
• The nonce can be any length; it should be random in real systems.