[Cryptography] A Scheme for Verifiable Lottery

John-Mark Gurney jmg at funkthat.com
Mon Nov 30 20:04:03 EST 2020


Yunxiang Li wrote this message on Tue, Dec 01, 2020 at 00:36 +0000:
> On Mon, 2020-11-30 at 14:14 -0800, John-Mark Gurney wrote:
> > Seems to me that a better way is similar to the coin flip implemented
> > by keybase: https://book.keybase.io/docs/chat/coin-flip
> 
> yeah, I thought about using something similar like everyone giving the organizer
> a random number between 0 and 1, and the random number is the decimal part of
> the sum, so as long as there is one random input the result is going to be
> random. The problem with this is that it would require the organizer to publish
> the list of participants.
> 
> I had a quick go over with the coin flip procedure, it seems like it does
> require the list of participants as well.

No, the easier way to do this is have everyone generate a 128-bit value.
The organizer XOR's everyone's contribution together, then using HMAC
to extract the final selection/results of the lottery.  This could be
a simple, select out of n algorithm where n is the number of participants.

As for the list of participants, the name doesn't need to be identifiable,
it can be a UUID or another anonymous identifier, allowing each
participant to ensure that their contribution was used in the results.

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."


More information about the cryptography mailing list