[Cryptography] A Scheme for Verifiable Lottery
Roland C. Dowdeswell
elric at imrryr.org
Fri Nov 27 05:46:57 EST 2020
On Wed, Nov 25, 2020 at 11:31:04AM +0800, Yunxiang Li wrote:
>
> Now there are a lot of online lotteries, or giveaways, usually they would
> involve and trusted third party to draw the prize, yet there's little to no
> reason those third party should be trusted. To me, a good lottery scheme have
> these properties:
A quite traditional way to do this sort of thing is to choose a
future event or set of events measured at an exact time which the
participants are unlikely to be able to influence in any meaningful
way and then feed a hash of said data into an appropriately secure
PRF used to choose the winner(s).
The difficulty is in choosing the inputs. For small scale lotteries,
you can just use the results of a larger lottery on a particular
day as your input, e.g.
The key is to ensure that what you would need to influence to change
the results will cost more to influence than you could win in your
lottery. And also, obviously, what you pick has to be unpredictable
enough to the participants that they can't game the system.
For a large scale lottery, you might be able to use something like
the closing price of a series of stock exchanges on a particular
day. That would certainly meet the criteria that it is more
expensive to influence the results than you'd make from any given
lottery. I'm not quite so sure about the unpredictability. But,
then, you could make it harder to predict by, say, hasing every
single transaction on a series of stock exchanges over a two week
period or something.
--
Roland C. Dowdeswell http://Imrryr.ORG/~elric/
More information about the cryptography
mailing list