Re: ecash lottery (Was: ecash casino)
At 6:22 AM 11/30/95, Bill Frantz wrote:
At 20:38 11/29/95 -0800, Timothy C. May wrote:
Have to be _very_ careful here. A variety of scams can be developed which show lots of "small" winners, but which fail to show any large winners. The lottery operators can make a lot of extra bucks by simply not paying off the large winnings, in various ways.
With complete anonimity, the scam I would think of first is giving other nyms of myself all the big payoffs.
Yes, this is a good example of one of the scams. If the lottery can't/won't reveal True Names of winners--a basic design criterion--then clearly people may have doubts. The whole thing can be cast as follows; "Send us money and we'll put your name in a hat. We'll let you know if you win, but we won't tell the public who won." (This problem is quite similar to voting protocols, so we might look to "fair voting" protocols for ideas.) My intuition (hand-waving) is that an anonymous lottery is possible, but I haven't looked at the details. Certainly multiple trusted holders of keys (escrow agents) would help make the lottery fair. Maybe bit commitment would help (each player buys the right to play, then "commits" his number. A public reading of the winning number occurs, and the winner can reveal his winning number (anonymously if he wishes, providing he had registered his hash....). --Tim May Views here are not the views of my Internet Service Provider or Government. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway."
-----BEGIN PGP SIGNED MESSAGE----- Hello cypherpunks@toad.com and tcmay@got.net (Timothy C. May) tcmay wrote:
At 6:22 AM 11/30/95, Bill Frantz wrote:
At 20:38 11/29/95 -0800, Timothy C. May wrote:
Have to be _very_ careful here. A variety of scams can be developed which show lots of "small" winners, but which fail to show any large winners. The ... My intuition (hand-waving) is that an anonymous lottery is possible, but I haven't looked at the details. Certainly multiple trusted holders of keys ...
I've read somewhere that it's possible to play poker over the telephone; see comp.risks 17.19 and 17.21 (particularly the latter, though I haven't followed the references so I can't speak of them). ...
(escrow agents) would help make the lottery fair. Maybe bit commitment would help (each player buys the right to play, then "commits" his number. ...
How about every person commits a random number, then all reveal. The winner is determined deterministically from all the numbers. Does this make sense or is there some basic hole in it? ( I have a tendency to be too brief to be comprehensible, so let me rephrase it somewhat longer: 1. game is announced, players registered and numbered [1]..[n] 2. each player [i] chooses a random number [a_i] (secretly) 3. each player [i] publicly commits to [a_i] 4. wait for all players to commit 5. each player [i] publishes [a_i] 6. the winner is player [f(a_1,a_2,...,a_n)] The function f doesn't need to be one way, but the output must depend on all the inputs. (Sum modulo n sounds OK but I haven't thought it out.) ) The fun bit in this game would be picking your number - of course that reduces security, but I suspect that many people would prefer to type in their lucky numbers themselves than having a computer pick it for them... Or you could get the entropy from the mouse: "it's all in the wrist". You could probably almost code that in a shell script... Obvious weakness is that the last player to do step 5 above knows who the winner is before anyone else, and could presumably disappear. The way to avoid this is a rule that when a player disappears the money goes to charity. (A malicious last player could still prevent you from winning, but at least without payoff. You could give it negative payoff if you wanted.) If you wish to discuss this point, Cc me at jiri@c031.aone.net.au - that's where my spreadsheet is. Have I just made a complete fool of myself? Jiri - -- If you want an answer, please mail to <jirib@cs.monash.edu.au>. On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two) PGP EF0607F9 (but it's at uni so don't rely on it too much) -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBML2T0yxV6mvvBgf5AQEtGQP/VKUGrArDxG98iIiAtQ0zuErSjCsMJN+P HJ8MROmbgPa5kstzLMRk6wjPSkxSuUtiLLVbTTV6Aghfi2Kh7mRa6D38j43hyImU Z0V6V7gtCis/QzZ7KSTt5KKkDev672bbL17XYVWhMfvLABUG7L7kCbbKDGjUgUrL yl4H+8Pxt1c= =2nuk -----END PGP SIGNATURE-----
participants (2)
-
Jiri Baum -
tcmay@got.net