In the paper which I was reading, the authors were using ElGamal encryption with modulo $p$, where $p$ was a prime.
Do the commitment properties still hold if we use modulo $n^2$ where $n=p \cdot q$ and $p$ and $q$ are large primes?
I was asking this because a number of other commitment schemes use modulo $n^2$ arithmetic.
To completement the answer of SEJPM, note that ElGamal should not be used directly over the ring $\mathbb{Z}_{n^2}$ (more precisely, over the multiplicative group $\mathbb{Z}_{n^2}^*$), because it is insecure here. To be more precise, it is still one-way, which means that if you get an encryption of a random plaintext, it's hard to recover the plaintext. However, it is not IND-CPA secure anymore, because the IND-CPA security property of ElGamal reduces to the Diffie-Hellman assumption - but the Diffie-Hellman assumption does not hold over $\mathbb{Z}_{n^2}^*$. Intuitively, the reason behind this is that computing the Jacobi symbol is easy, and given $(g^a, g^b)$ where $a,b$ are some exponents, and $g$ is some element of $\mathbb{Z}_{n^2}^*$, it holds that
JacobiSymbol$(g^{ab}) = $ JacobiSymbol$(g^a)\cdot$JacobiSymbol$(g^b)$
which allows to break the decisional Diffie-Hellman assumption with non-negligible probability (with probability 1/2, this relation will not be satisfied with a random tuple, while it is always satisfied for a Diffie-Hellman tuple).
This can be fixed by working into proper cyclic subgroups of $\mathbb{Z}_{n^2}^*$ where elements have all Jacobi symbol 1 - the DDH assumption is believed to hold over such groups, so ElGamal should be secure. However, note that it will be far less efficient than standard ElGamal over prime order groups, and should only be used if it is part of a larger system where you really need to use the specific structure of $\mathbb{Z}_{n^2}$.
I will not go into the "commitment properties" of ElGamal because I don't have a precise understanding what you mean with that statement. However I will answer what happens if you run ElGamal with a modulus of the form $n^2$ with $n=pq$ instead of the more standard (safe) prime $p$ with $\frac{p-1}{2}$ being prime.
First for the theoretical part: It is (theoretically) possible to get undecryptable ciphertexts. This is because ElGamal essentially makes a Diffie-Hellman key agreement and uses multiplication with the message to encrypt. Now if you use a composite modulus, whenever $\gcd(g^{kx},n)>1$, then you will not be able to find a unique inverse element and hence not be able to decrypt.
Now for the more practical part: There's no point in using $n^2$ as the modulus, it only makes things slower. Because you know that $n^2$ is the modulus, you can just compute a (real-valued) square root of $n^2$ and get $n$ back. Now you have effectively halved the length of the modulus. Also note that if you can factor the modulus and recover $p$ and $q$, you can use the Chinese Remainder Theorem to split the discrete logarithm problem of $n$ into two half-sized ones for $p$ and $q$, which is much easier than with $n$. And because you don't need this additional reliance on factoring to efficiently operate ElGamal, it usually is not done. Also such a modulus may be more susceptible to the Pohlig-Hellman Attack if and when $n$ has been factored (even though this usually tends to be as hard as to compute discrete logarithms $\bmod n$).
