Confirming Random numbers?
Tyler Durden
camera_lumina at hotmail.com
Tue Feb 20 02:03:33 PST 2007
Oh yeah...that's nice and simple. 'Obvious', I guess.
it has the nice feature too of being relatively subversion-proof, insofar as
someone (or even many people) penetrating the group can not really influence
the outcome. Meanwhile, there's no real external routine to trust (ie, you
can check what everyone else promised and what their secret value was and
what the modulo-math should be). So it's all verifiable without a 'higher
authority'.
Nice.
Do such applications actually exist?
-TD
>From: "Hal Finney" <hal.finney at gmail.com>
>To: "Tyler Durden" <camera_lumina at hotmail.com>
>CC: cypherpunks at jfet.org
>Subject: Re: Confirming Random numbers?
>Date: Mon, 19 Feb 2007 09:01:21 -0800
>
>Everybody commits to a value (e.g. broadcasts the SHA1 hash of a large
>random value); everybody reveals their values (and checks that they
>match everybody else's commitments); now add all the values modulo
>whatever your number of choices is, and you have a shared verifiably
>random number.
>
>Now, there is one way to cheat this, which is to copy someone else's
>commitment (even without yet knowing their value) and then copy their
>value when it is revealed, thereby possibly forcing the choice to be
>even or whatever. So everyone should also check that all the
>commitments are different.
>
>Hal
_________________________________________________________________
Refi Now: Rates near 39yr lows! $430,000 Mortgage for $1,399/mo - Calculate
new payment
http://www.lowermybills.com/lre/index.jsp?sourceid=lmb-9632-17727&moid=7581
More information about the cypherpunks-legacy
mailing list