• HappyRedditRefugee@lemm.ee
    link
    fedilink
    arrow-up
    33
    ·
    7 months ago
    1. Decide on a random N and what tails (even) and heads (uneven) mean.

    2. Each party generates a random number

    3. Combine the numbers with a conmutative operation of some sort, the harder the operation the better.

    4. Take the hash N times. (Can be done independently by each participant)

    (4.5) optional: for extra robustness, do some hard-to-calculate transformations to the result of 4. (Can be done independently by each party)

    1. The final result is either uneven or even === coin toss. (0 will be treathed as even*.*)

    This is not infalibe, one party could get all the numbers a precalculate a answer to get a specific result but they will need to randomly try numbers. adding some timing constrains, using big numbers and hard operations would make that sort of attack not really practicable.

    Nice question, had fun thinking about it!

    • 56!@lemmy.ml
      link
      fedilink
      arrow-up
      8
      ·
      7 months ago

      Step 3 is where the issue occurs. The last party to submit their value has control over the output. Any complex calculations can easily be passed off as network lag. One solution I can think of is to pass the values round in a circle, one by one. This would require each party to share their value before they have seen all other values. At the end each party would share their calculated values to verify they match. Probably other solutions as well.

      • vzq
        link
        fedilink
        arrow-up
        5
        ·
        edit-2
        3 months ago

        deleted by creator

        • HappyRedditRefugee@lemm.ee
          link
          fedilink
          arrow-up
          2
          ·
          7 months ago

          Amazing solution, didn’t arrive to that one, I was thinking just making a timing constraint to reveal the number that would make the precaculation practically imposible, but the commitment schmeme is waaaay more elegant.

      • HappyRedditRefugee@lemm.ee
        link
        fedilink
        arrow-up
        3
        ·
        7 months ago

        Not very important, even if generated by a single actor N has not such a big importance. If I were implementing something like this I’d just probably make it -hardcoded-.

        If you reaaaallyyyy want to decide on a N on the fly, I’d put a restricction (a<Nx<b) make each participant generate a Nx and then sum then all, -multiply’em If you wanna be hardcore- But I’d be tricky to get it right, for example a party might be able to consistently make N whatever the max value of N is by making their Nx very big -Which, well, I don’t really know how it would benefit that party and how would they exploit it-. Maybe using a operation like a XOR on the Nx would be robust enough, and would mitigate the kind of attack that I described above

        Tl;dr: you can just have a random party generate it.