CDR: auditable gaming PRNGs (Re: PRNG server)

[Adam Back]

Seems to me you can do better with a gaming server.  If the gaming
server servers RNGs in a sequence such that each sample in the
sequence can be verified, they don't need to trust the server; or at
least there is an audit function.

Eg. say that the server publishes subsequent pre-images in a
hashchain.

h_0 
h_{i+1} = h_i

and the server computes h_i values up to i = 10^8 and then publishes
them starting with h_{10^8}, h_{10^8-1}, ...

Then anyone can verify that the random number is the preimage of the
previous random number.

You do something similar with a more efficient (log(n)) auditing
function with merkle authentication trees.

If they aren't doing this someone should clue them in.

Adam