this post was submitted on 17 May 2024
55 points (93.7% liked)
Asklemmy
43958 readers
1396 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy ๐
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Decide on a random N and what tails (even) and heads (uneven) mean.
Each party generates a random number
Combine the numbers with a conmutative operation of some sort, the harder the operation the better.
Take the hash N times. (Can be done independently by each participant)
(4.5) optional: for extra robustness, do some hard-to-calculate transformations to the result of 4. (Can be done independently by each party)
This is not infalibe, one party could get all the numbers a precalculate a answer to get a specific result but they will need to randomly try numbers. adding some timing constrains, using big numbers and hard operations would make that sort of attack not really practicable.
Nice question, had fun thinking about it!
Step 3 is where the issue occurs. The last party to submit their value has control over the output. Any complex calculations can easily be passed off as network lag. One solution I can think of is to pass the values round in a circle, one by one. This would require each party to share their value before they have seen all other values. At the end each party would share their calculated values to verify they match. Probably other solutions as well.
Most remote coin tossing schemes incorporate commitment systems for this reason.
https://en.wikipedia.org/wiki/Commitment_scheme
Yes, that makes a lot more sense.
Amazing solution, didn't arrive to that one, I was thinking just making a timing constraint to reveal the number that would make the precaculation practically imposible, but the commitment schmeme is waaaay more elegant.
How does the group reach consensus on N?
Polling, probably - if the majority of group members are bad actors you're fucked.
Are we talking about American politics again?
Do we ever talk about anything else?
Not very important, even if generated by a single actor N has not such a big importance. If I were implementing something like this I'd just probably make it -hardcoded-.
If you reaaaallyyyy want to decide on a N on the fly, I'd put a restricction (a<Nx<b) make each participant generate a Nx and then sum then all, -multiply'em If you wanna be hardcore- But I'd be tricky to get it right, for example a party might be able to consistently make N whatever the max value of N is by making their Nx very big -Which, well, I don't really know how it would benefit that party and how would they exploit it-. Maybe using a operation like a XOR on the Nx would be robust enough, and would mitigate the kind of attack that I described above
Tl;dr: you can just have a random party generate it.