Confirming Random numbers?

Tyler Durden camera_lumina at hotmail.com
Tue Feb 20 02:03:33 PST 2007


Oh yeah...that's nice and simple. 'Obvious', I guess.
it has the nice feature too of being relatively subversion-proof, insofar as 
someone (or even many people) penetrating the group can not really influence 
the outcome. Meanwhile, there's no real external routine to trust (ie, you 
can check what everyone else promised and what their secret value was and 
what the modulo-math should be). So it's all verifiable without a 'higher 
authority'.
Nice.

Do such applications actually exist?

-TD


>From: "Hal Finney" <hal.finney at gmail.com>
>To: "Tyler Durden" <camera_lumina at hotmail.com>
>CC: cypherpunks at jfet.org
>Subject: Re: Confirming Random numbers?
>Date: Mon, 19 Feb 2007 09:01:21 -0800
>
>Everybody commits to a value (e.g. broadcasts the SHA1 hash of a large
>random value); everybody reveals their values (and checks that they
>match everybody else's commitments); now add all the values modulo
>whatever your number of choices is, and you have a shared verifiably
>random number.
>
>Now, there is one way to cheat this, which is to copy someone else's
>commitment (even without yet knowing their value) and then copy their
>value when it is revealed, thereby possibly forcing the choice to be
>even or whatever. So everyone should also check that all the
>commitments are different.
>
>Hal

_________________________________________________________________
Refi Now: Rates near 39yr lows!  $430,000 Mortgage for $1,399/mo - Calculate 
new payment 
http://www.lowermybills.com/lre/index.jsp?sourceid=lmb-9632-17727&moid=7581





More information about the cypherpunks-legacy mailing list