From: Matthew Roberts <matthew@roberts.pm>
To: Johnson Lau <jl2012@xbt.hk>
Cc: bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] BIP: OP_PRANDOM
Date: Fri, 20 May 2016 10:05:36 -0500 [thread overview]
Message-ID: <CAAEDBiE08h=+8ntQ=mMyA0jaxj2H_6r2k0u4GdOhEkFNYEAhYQ@mail.gmail.com> (raw)
In-Reply-To: <CBBB62CD-2E30-4C9F-962E-3F340B29EDA7@xbt.hk>
[-- Attachment #1: Type: text/plain, Size: 1401 bytes --]
Good point, to be honest. Maybe there's a better way to combine the block
hashes like taking the first N bits from each block hash to produce a
single number but the direction that this is going in doesn't seem ideal.
I just asked a friend about this problem and he mentioned using the hash of
the proof of work hash as part of the number so you have to throw away a
valid POW if it doesn't give you the hash you want. I suppose its possible
to make it infinitely expensive to manipulate the number but I can't think
of anything better than that for now.
I need to sleep on this for now but let me know if anyone has any better
ideas.
On Fri, May 20, 2016 at 6:34 AM, Johnson Lau <jl2012@xbt.hk> wrote:
> Using the hash of multiple blocks does not make it any safer. The miner of
> the last block always determines the results, by knowing the hashes of all
> previous blocks.
>
>
> == Security
>
> Pay-to-script-hash can be used to protect the details of contracts that
> use OP_PRANDOM from the prying eyes of miners. However, since there is also
> a non-zero risk that a participant in a contract may attempt to bribe a
> miner the inclusion of multiple block hashes as a source of randomness is a
> must. Every miner would effectively need to be bribed to ensure control
> over the results of the random numbers, which is already very unlikely. The
> risk approaches zero as N goes up.
>
>
>
[-- Attachment #2: Type: text/html, Size: 2059 bytes --]
next prev parent reply other threads:[~2016-05-20 15:05 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-20 10:57 [bitcoin-dev] BIP: OP_PRANDOM Matthew Roberts
2016-05-20 11:34 ` Johnson Lau
2016-05-20 14:30 ` James MacWhyte
2016-05-20 15:05 ` Matthew Roberts [this message]
2016-05-20 18:32 ` Eric Martindale
2016-05-22 13:30 ` Jeremy
2016-05-24 14:30 ` Sergio Demian Lerner
2016-05-24 14:36 ` Sergio Demian Lerner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAAEDBiE08h=+8ntQ=mMyA0jaxj2H_6r2k0u4GdOhEkFNYEAhYQ@mail.gmail.com' \
--to=matthew@roberts.pm \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=jl2012@xbt.hk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox