[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*From*: Yunxiang Li <shironeko AT waifu.club>*Subject*: Re: [Cryptography] A Scheme for Verifiable Lottery*Date*: Mon, 30 Nov 2020 12:34:24 +0800*List-archive*: <https://www.metzdowd.com/pipermail/cryptography>*Sender*: "cryptography" <cryptography-bounces+ben=bentasker.co.uk AT metzdowd.com>*To*: cryptography AT metzdowd.com

On Sun, 2020-11-29 at 01:40 +0000, Peter Fairbrother wrote: > ... > > I may be misunderstanding something, you are not clear, but afaict the > organiser publishes the hash of the lucky number then reveals it after > the entries are closed. The organiser then has the advantage of knowing > the lucky number while entries can be bought, and can translate that > into free tries. Yes, each participants gets <lucky number> many hashes, and their score is the lowest of the bunch, for each hash, only the number used change, lottery name and username say the same. The idea was that for a given username, the organizer can pick the lucky number to give it a good score, and the number of times he tries to get that lucky number is upper-bounded by the number itself, so it gives everyone else at least the same number of tries. However, the usernames does let the organizer try however many times they wishes while not increasing the lucky number. That's a problem. I mean it would be fairly obvious that the account corresponding to the username was fake. but it's still a big problem in the scheme. I need to think about this more, it seems pretty hard to avoid since it's basically increasing the number of times you participate in the lottery, which is always going to work for any lottery scheme. > If not, the lucky number serves no purpose I can see. If the lucky > number is public then the public can try new usernames to find one which > hashes to a low number. The lucky number could have been public, yes. But it would ruin the fun since people can see what score they'll get before the reveal, and therefore affects the number of participants. ofc this is not considering the problem from above :( > [2] what you have described is not repeated hashing as far as I can > tell, it is just lots of different hashes. The results of the previous > hash are not used to calculate the next hash. That was a bad choice of word, yeah _______________________________________________ The cryptography mailing list cryptography AT metzdowd.com https://www.metzdowd.com/mailman/listinfo/cryptography

**References**:**[Cryptography] A Scheme for Verifiable Lottery***From:*Yunxiang Li

**Re: [Cryptography] A Scheme for Verifiable Lottery***From:*Peter Fairbrother

- Prev by Date:
**Re: [Cryptography] A Scheme for Verifiable Lottery** - Previous by thread:
**Re: [Cryptography] A Scheme for Verifiable Lottery** - Next by thread:
**[Cryptography] Second Swiss firm allegedly sold encrypted spying devices** - Index(es):