Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

KZG Commitments

1 min read
Pronunciation
[kay-zee-gee kuh‑mit-muhnts]
Analogy
Like sealing a detailed spreadsheet in a tamper‑evident envelope, with a tiny stub that lets anyone verify any single line without opening the envelope.
Definition
Kate‑Zaverucha‑Goldberg polynomial commitments: a cryptographic scheme that allows one to commit to a polynomial and later open it at any point with a short proof, used for data availability and vector commitments in rollups.
Key Points Intro
KZG commitments provide succinct, constant‑size proofs of data held in large sets or polynomials.
Key Points

Single commitment: Commits to entire polynomial or data vector.

Constant‑size proof: Opening proof is O(1) regardless of data size.

Homomorphic: Commitments can be combined for aggregated proofs.

Trusted setup: Requires a one‑time ceremony to generate evaluation keys.

Example
A zk‑rollup uses KZG commitments to commit to its entire state root polynomial and provides proofs that individual state entries are included.
Technical Deep Dive
Given polynomial \(f(x)\), commitment \(C = g^{f(\tau)}\) in pairing group. To open at point \(z\), prover computes witness polynomial \(h(x) = (f(x)-f(z))/(x-z)\) and proof \(\pi = g^{h(\tau)}\). Verifier checks pairing equation \(e(C/g^{f(z)}, g) = e(\pi, g^{\tau-z})\).
Security Warning
Toxic waste from trusted setup must be destroyed; compromise breaks binding.
Caveat
Trusted setup ceremonies are complex; newer transparent schemes may avoid it.

KZG Commitments - Related Articles

No related articles for this term.