Confirming Random numbers?

Hal Finney hal.finney at
Mon Feb 19 09:01:21 PST 2007

Everybody commits to a value (e.g. broadcasts the SHA1 hash of a large
random value); everybody reveals their values (and checks that they
match everybody else's commitments); now add all the values modulo
whatever your number of choices is, and you have a shared verifiably
random number.

Now, there is one way to cheat this, which is to copy someone else's
commitment (even without yet knowing their value) and then copy their
value when it is revealed, thereby possibly forcing the choice to be
even or whatever. So everyone should also check that all the
commitments are different.


More information about the cypherpunks-legacy mailing list