public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Eric Martindale <eric@ericmartindale.com>
To: Matthew Roberts <matthew@roberts.pm>,
	 Bitcoin Protocol Discussion
	<bitcoin-dev@lists.linuxfoundation.org>,
	Johnson Lau <jl2012@xbt.hk>
Subject: Re: [bitcoin-dev] BIP: OP_PRANDOM
Date: Fri, 20 May 2016 18:32:07 +0000	[thread overview]
Message-ID: <CAAf19WpiJDeVxi12mR8xFdjZttVYNRbsgYZzLxn2SLZDJYJHDQ@mail.gmail.com> (raw)
In-Reply-To: <CAAEDBiE08h=+8ntQ=mMyA0jaxj2H_6r2k0u4GdOhEkFNYEAhYQ@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2061 bytes --]

Matthew,

You should take a look at OP_DETERMINISTICRANDOM [1] from the Elements
Project.  It aims to achieve a similar goal.

Code is in the `alpha` branch [2].

[1]: https://www.elementsproject.org/elements/opcodes/
[2]:
https://github.com/ElementsProject/elements/blob/alpha/src/script/interpreter.cpp#L1252-L1305

On Fri, May 20, 2016 at 8:29 AM Matthew Roberts via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> Good point, to be honest. Maybe there's a better way to combine the block
> hashes like taking the first N bits from each block hash to produce a
> single number but the direction that this is going in doesn't seem ideal.
>
> I just asked a friend about this problem and he mentioned using the hash
> of the proof of work hash as part of the number so you have to throw away a
> valid POW if it doesn't give you the hash you want. I suppose its possible
> to make it infinitely expensive to manipulate the number but I can't think
> of anything better than that for now.
>
> I need to sleep on this for now but let me know if anyone has any better
> ideas.
>
>
>
> On Fri, May 20, 2016 at 6:34 AM, Johnson Lau <jl2012@xbt.hk> wrote:
>
>> Using the hash of multiple blocks does not make it any safer. The miner
>> of the last block always determines the results, by knowing the hashes of
>> all previous blocks.
>>
>>
>> == Security
>>
>> Pay-to-script-hash can be used to protect the details of contracts that
>> use OP_PRANDOM from the prying eyes of miners. However, since there is also
>> a non-zero risk that a participant in a contract may attempt to bribe a
>> miner the inclusion of multiple block hashes as a source of randomness is a
>> must. Every miner would effectively need to be bribed to ensure control
>> over the results of the random numbers, which is already very unlikely. The
>> risk approaches zero as N goes up.
>>
>>
>>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

[-- Attachment #2: Type: text/html, Size: 3350 bytes --]

  reply	other threads:[~2016-05-20 18:42 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-05-20 10:57 [bitcoin-dev] BIP: OP_PRANDOM Matthew Roberts
2016-05-20 11:34 ` Johnson Lau
2016-05-20 14:30   ` James MacWhyte
2016-05-20 15:05   ` Matthew Roberts
2016-05-20 18:32     ` Eric Martindale [this message]
2016-05-22 13:30       ` Jeremy
2016-05-24 14:30         ` Sergio Demian Lerner
2016-05-24 14:36           ` Sergio Demian Lerner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAAf19WpiJDeVxi12mR8xFdjZttVYNRbsgYZzLxn2SLZDJYJHDQ@mail.gmail.com \
    --to=eric@ericmartindale.com \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=jl2012@xbt.hk \
    --cc=matthew@roberts.pm \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox