Confirming Random numbers?

Tyler Durden camera_lumina at
Tue Feb 20 02:03:33 PST 2007

Oh yeah...that's nice and simple. 'Obvious', I guess.
it has the nice feature too of being relatively subversion-proof, insofar as 
someone (or even many people) penetrating the group can not really influence 
the outcome. Meanwhile, there's no real external routine to trust (ie, you 
can check what everyone else promised and what their secret value was and 
what the modulo-math should be). So it's all verifiable without a 'higher 

Do such applications actually exist?


>From: "Hal Finney" <hal.finney at>
>To: "Tyler Durden" <camera_lumina at>
>CC: cypherpunks at
>Subject: Re: Confirming Random numbers?
>Date: Mon, 19 Feb 2007 09:01:21 -0800
>Everybody commits to a value (e.g. broadcasts the SHA1 hash of a large
>random value); everybody reveals their values (and checks that they
>match everybody else's commitments); now add all the values modulo
>whatever your number of choices is, and you have a shared verifiably
>random number.
>Now, there is one way to cheat this, which is to copy someone else's
>commitment (even without yet knowing their value) and then copy their
>value when it is revealed, thereby possibly forcing the choice to be
>even or whatever. So everyone should also check that all the
>commitments are different.

Refi Now: Rates near 39yr lows!  $430,000 Mortgage for $1,399/mo - Calculate 
new payment

More information about the cypherpunks-legacy mailing list