A fairness primitive for the agent economy: commit-reveal schemes with Schnorr zero-knowledge proofs. Pure Python. Zero dependencies.
π Site Β· π Docs Β· π¦ PyPI package Β· πΊοΈ Roadmap Β· π¬ Cryptuon Research
Most of the money lost or extracted on public chains comes from one root cause: someone sees your action before it is final and reacts to it. Front-running, sandwich attacks, copy-trading bots, and oracle games are all timing attacks on information that leaked too early. Commit-reveal is the oldest, smallest, most auditable fix for that class of problem β you bind to a value now and announce it later, so nobody can act on what they cannot yet see.
That primitive is having a moment. The narratives driving crypto in 2026 β agentic payments, verifiable on-chain AI, prediction markets, MEV mitigation, and intent-based DEXs β all need cheap, verifiable fairness at their core:
- Anti-MEV / fair ordering β order intents commit during a sealed window, then reveal for matching. Front-runners cannot react to orders they have not yet seen.
- Sealed-bid auctions β bidders publish commitments; nobody, not even the auctioneer, reads a bid before the reveal deadline. The natural settlement layer for RWA and NFT auctions.
- Commit-reveal randomness β many parties commit to seeds, then reveal; the result is a hash of all reveals, uniform and unmanipulable as long as one participant is honest.
- Verifiable AI β in networks where independent agents (e.g. DFPN-style inference or forecasting nodes) must submit answers without copying each other, each agent commits to its output first and reveals after the window closes. The Schnorr ZKP then lets an agent prove "this reveal matches my commitment" without re-broadcasting the payload.
- Prediction-market resolution β resolvers commit to an outcome before it is public, removing the last-look advantage.
commit-reveal is a small, dependency-free primitive you drop into that infrastructure. It is a library, not a network β it computes and verifies commitments and proofs; it does not run consensus, hold funds, or settle on-chain by itself. What ships on-chain is your choice: the reference path to a minimal on-chain verifier is laid out in ROADMAP.md.
- Multi-algorithm commitments β SHA-256, SHA-512, SHA-3, BLAKE2b/2s
- Schnorr zero-knowledge proofs on secp256k1 (same curve as Bitcoin)
- Tamper-evident audit trail with cryptographic integrity verification
- Secure CLI that never stores plaintext values on disk
- Zero external dependencies β stdlib only
- 90%+ test coverage, mypy strict, property-based testing with Hypothesis
pip install commit-revealOr with Poetry:
poetry add commit-revealfrom commit_reveal import CommitRevealScheme
scheme = CommitRevealScheme()
# Commit phase β share the commitment, keep the salt secret
commitment, salt = scheme.commit("my secret value")
# Reveal phase β prove you committed to this value
assert scheme.reveal("my secret value", salt, commitment) # True
assert not scheme.reveal("wrong value", salt, commitment) # Falsescheme = CommitRevealScheme(use_zkp=True)
commitment, salt = scheme.commit("secret")
public_key, R_compressed, challenge, response = scheme.create_zkp_proof(
"secret", salt, commitment
)
# Anyone can verify you know the secret β without learning it
assert scheme.verify_zkp_proof(
commitment, public_key, R_compressed, challenge, response
)# Commit to a value (prompts securely, no echo)
commit-reveal-secure commit my-secret
# Verify the value later
commit-reveal-secure reveal my-secret
# List stored commitments
commit-reveal-secure list| Algorithm | Output | Notes |
|---|---|---|
sha256 |
32 bytes | Default, widely compatible |
sha384 |
48 bytes | |
sha512 |
64 bytes | Higher security margin |
sha3_256 |
32 bytes | NIST post-quantum family |
sha3_384 |
48 bytes | |
sha3_512 |
64 bytes | |
blake2b |
64 bytes | Fast on 64-bit platforms |
blake2s |
32 bytes | Fast on 32-bit platforms |
class CommitRevealScheme:
def __init__(self, hash_algorithm='sha256', use_zkp=False, enable_audit=True): ...
def commit(value, salt=None) -> tuple[bytes, bytes]: ...
def reveal(value, salt, commitment) -> bool: ...
def verify(value, salt, commitment) -> bool: ... # alias for reveal
# Zero-knowledge proofs (requires use_zkp=True)
def create_zkp_proof(value, salt, commitment) -> tuple: ...
def verify_zkp_proof(commitment, public_key, R_compressed, challenge, response) -> bool: ...
def verify_commitment_consistency(value, salt, commitment, public_key) -> bool: ...Exceptions: ValidationError for invalid input, SecurityError for insecure operations (e.g., MD5/SHA-1).
Full API reference: documentation
| Command | Description |
|---|---|
commit-reveal-secure |
Production CLI β never stores plaintext |
commit-reveal-migrate |
Migrate from legacy to secure format |
commit-reveal |
Legacy CLI (deprecated) |
Enable ZKP for any command with --zkp:
commit-reveal-secure --zkp commit my-secret
commit-reveal-secure --zkp verify-proof my-secret| Narrative | The unfairness it removes | How commit-reveal helps |
|---|---|---|
| MEV mitigation / fair ordering | Searchers front-run and sandwich pending transactions | Commit intents in a sealed window; reveal for matching. No peeking, no reordering advantage. |
| Verifiable on-chain AI | Agents copy each other's answers instead of computing independently | Each agent commits to its output first; reveals after the window; proves consistency with a Schnorr ZKP. |
| Sealed-bid auctions (RWA, NFTs) | Late bidders read earlier bids | Bids are commitments until the deadline; the auctioneer cannot read them either. |
| On-chain randomness | A single party biases the seed | Multi-party commit-reveal RNG; honest-minority safe. |
| Prediction-market resolution | Resolvers exploit last-look information | Resolvers commit to an outcome before it is public. |
For the full "where it fits and how to get to production" picture, see ROADMAP.md.
Scope, stated plainly: commit-reveal is a primitive library, not a sequencer, a mempool, or an L2. It gives you the cryptographic core (bind, reveal, prove) that fairness-preserving systems are built from. The system design β who commits, when the window closes, where reveals are posted β is yours.
Full documentation available at docs.cryptuon.com/commit-reveal.
- Getting Started
- API Reference
- Use Cases (auctions, voting, gaming, blockchain)
- Security Guide
# Install with dev dependencies
poetry install --with dev
# Run tests
poetry run pytest
# Type checking
poetry run mypy commit_reveal/ --strict
# Formatting
poetry run black commit_reveal/ tests/
# Security scan
poetry run bandit -r commit_reveal/See SECURITY.md for the full security policy, threat model, and vulnerability reporting process.
MIT Β© 2025 Dipankar Sarkar
commit-reveal is one of 20 open-source blockchain-infrastructure projects from Cryptuon Research β blockchain theory, shipped as protocols.
Related projects: blockchain-compression Β· StxScript Β· nklave
Docs: docs.cryptuon.com/commit-reveal Β· Contact: contact@cryptuon.com