The Pedersen commitment scheme is a commitment scheme in the "Diffie-Hellman universe". It is a two round protocol which works as follows. Inputs: A has an exponent m as input; B has no input. 1. B A: B chooses g~ G and a $ and sends (g, h) to A where h = g. 2. AB: A chooses r~ $ and sends z = g.h" to B. Decommitment and Output: To decommit, A sends (m, r) to B. On receiving (m, r), B checks that gh" = 2, the value sent in Round 2. If so, B outputs m, otherwise L. Problem 3. Do both of the following. (a) Prove that the Pedersen commitment is hiding. (b) Consider now the predicament of an adversarial A* upon receiving B's message h. Show that if A* is able to produce a z E G and two distinct decommitments (m, r1) and (m2, 72) which are both accepted by B (i.e. both which cause B to output m, rather than 1), then A* can output x. In other words, show that if A* is able to break hiding of the Pedersen commitment, then A* can solve the discrete log problem. Go to Settin