this post was submitted on 17 May 2024
55 points (93.7% liked)

Asklemmy

43907 readers
1313 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 34 points 6 months ago (9 children)
  1. Decide on a random N and what tails (even) and heads (uneven) mean.

  2. Each party generates a random number

  3. Combine the numbers with a conmutative operation of some sort, the harder the operation the better.

  4. Take the hash N times. (Can be done independently by each participant)

(4.5) optional: for extra robustness, do some hard-to-calculate transformations to the result of 4. (Can be done independently by each party)

  1. The final result is either uneven or even === coin toss. (0 will be treathed as even*.*)

This is not infalibe, one party could get all the numbers a precalculate a answer to get a specific result but they will need to randomly try numbers. adding some timing constrains, using big numbers and hard operations would make that sort of attack not really practicable.

Nice question, had fun thinking about it!

[โ€“] [email protected] 9 points 6 months ago (3 children)

Step 3 is where the issue occurs. The last party to submit their value has control over the output. Any complex calculations can easily be passed off as network lag. One solution I can think of is to pass the values round in a circle, one by one. This would require each party to share their value before they have seen all other values. At the end each party would share their calculated values to verify they match. Probably other solutions as well.

[โ€“] [email protected] 5 points 6 months ago* (last edited 6 months ago) (2 children)

Most remote coin tossing schemes incorporate commitment systems for this reason.

https://en.wikipedia.org/wiki/Commitment_scheme

[โ€“] [email protected] 2 points 6 months ago

Amazing solution, didn't arrive to that one, I was thinking just making a timing constraint to reveal the number that would make the precaculation practically imposible, but the commitment schmeme is waaaay more elegant.

load more comments (1 replies)
load more comments (1 replies)
load more comments (6 replies)