Commitment schemes (also known as commit-reveal schemes) are a cryptographic primitive that allows an individual to "commit" to a certain value with the ability to reveal the concealed value later (strictly speaking, they have to reveal the value for liveness purposes). To commit in most cases means perform some deterministic calculation with the value/message as an input.
Commitment schemes enable temporary privacy/anonymity and hence can be used for things like the secret ballot for example.
General commitment scheme architecture
Above we can see the architecture of a hypothetical commitment scheme. The construction involves two agents, a client and a verified control. The client commits to a message by way of signature and sends the commitment to the smart contract, which stored the message.
After some time elapses, the client reveals the message that they have signed. The verifier contract then computes the commitment of the message returning "TRUE" if the two commitment are equal to each and "FALSE" otherwise.
How commitment schemes compare to alternatives.
The main alternative to commitment schemes are zero knowledge proofs (aka ZKPs).
Fig. 8: Example of a ZKP design
ZKPs likewise allow people to commit to messages/values but, unlike commitment schemes there is no need to reveal the message after the time lapse. Instead, the user can provides a cryptographic proof verifying that they have actually committed to the message.
ZKPs thus offer greater privacy and make fewer liveness assumptions but at the cost of usability. ZKP schemes are significantly more expensive than commitment schemes. Specifically, whereas one verify operation costs ~100 for commitment schemes and ~300-500k gas for ZKPs (SNARKs to be specific).
At Pythia we have opted for commitment schemes instead of ZKPs for two reasons mainly. Firstly, we do not need preserve the privacy of user predictions after market resolution, so commitment schemes provide just the necessary amount of privacy. The cost, which is related to how much privacy one wants to preserver, was likewise taken into consideration.
How commitment schemes improve Pythia's prediction market design?
Pythia's commitment scheme design
Commitment schemes improve Pythia's prediction markets in two major ways:
They make the data about individual participants less noisy and more robust:
With the help of commitment schemes, Pythia can make predictions reliably private during the prediction process. Privacy helps prevent prediction replications and hence the preserves the value of individual prediction, allows us to separate truly well-informed content creators.
They allow us to get rid of the monetary/casino element and attract more people:
The privacy attained via commitment schemes allows us to make our prediction markets effectively free to participate. Traditional prediction markets force users to put money on the line to discourage people from blindly copying predictions (i.e. going with the crowd), as more popular (i.e. more likely) outcomes would be more expensive to bet on. Privacy does the job for us in this respect, so no special pricing function is needed.
Removing the monetary/casino element from prediction markets from is good, because many content creators are not gamblers and are, in fact, risk averse. Putting money on the line also disadvantages people with less money to spare, so by