I encrypt data using ElGamal public key $y=g^x$, so nobody knows $x$, being a private key. Also during my service lifetime I perform many Pedersen commitment operations. It is known that Pedersen commitment key is a tuple $(g, h)$. For $g$ I use group generator and for $h$, they say, it must be such, that nobody knows a relation $g^x=h$, i.e. random group element. Well my question is - can I reuse ElGamal public key $y$ as Pedersen commitment's key $h$ parameter? For me it seems that I fulfill the requirement (nobody knows a relation $g^x=h$). Is there any security issues with such approach?
Asked
Active
Viewed 38 times
