Confirming Random numbers?
camera_lumina at hotmail.com
Tue Feb 20 02:03:33 PST 2007
Oh yeah...that's nice and simple. 'Obvious', I guess.
it has the nice feature too of being relatively subversion-proof, insofar as
someone (or even many people) penetrating the group can not really influence
the outcome. Meanwhile, there's no real external routine to trust (ie, you
can check what everyone else promised and what their secret value was and
what the modulo-math should be). So it's all verifiable without a 'higher
Do such applications actually exist?
>From: "Hal Finney" <hal.finney at gmail.com>
>To: "Tyler Durden" <camera_lumina at hotmail.com>
>CC: cypherpunks at jfet.org
>Subject: Re: Confirming Random numbers?
>Date: Mon, 19 Feb 2007 09:01:21 -0800
>Everybody commits to a value (e.g. broadcasts the SHA1 hash of a large
>random value); everybody reveals their values (and checks that they
>match everybody else's commitments); now add all the values modulo
>whatever your number of choices is, and you have a shared verifiably
>Now, there is one way to cheat this, which is to copy someone else's
>commitment (even without yet knowing their value) and then copy their
>value when it is revealed, thereby possibly forcing the choice to be
>even or whatever. So everyone should also check that all the
>commitments are different.
Refi Now: Rates near 39yr lows! $430,000 Mortgage for $1,399/mo - Calculate
More information about the cypherpunks-legacy