[Cryptography] A Scheme for Verifiable Lottery
Peter Fairbrother
peter at tsto.co.uk
Wed Dec 2 13:27:30 EST 2020
On 01/12/2020 00:36, Yunxiang Li wrote:
> On Mon, 2020-11-30 at 14:14 -0800, John-Mark Gurney wrote:
>> Seems to me that a better way is similar to the coin flip implemented
>> by keybase: https://book.keybase.io/docs/chat/coin-flip
>
> yeah, I thought about using something similar like everyone giving the organizer
> a random number between 0 and 1, and the random number is the decimal part of
> the sum, so as long as there is one random input the result is going to be
> random. The problem with this is that it would require the organizer to publish
> the list of participants.
>
> I had a quick go over with the coin flip procedure, it seems like it does
> require the list of participants as well.
That is not a problem, the published list is just a list of ticket
numbers and the associated choices. The idea that each participant
creates a 256-bit number doesn't have that problem either.
However both ideas are broken by this attack:
Organiser sells n real tickets. He also "sells" say n/10 fake tickets.
He then can generate lots of hashes for one (or bits for several) one of
the fake tickets and finds a hash where one of his fake tickets is the
winner.
He can pay cash for the fake tickets if needed, as long as the prize is
more than n/10 times the ticket price.
Peter Fairbrother
More information about the cryptography
mailing list