CDR: auditable gaming PRNGs (Re: PRNG server)
Adam Back
adam at cypherspace.org
Sun Sep 3 09:49:16 PDT 2000
Seems to me you can do better with a gaming server. If the gaming
server servers RNGs in a sequence such that each sample in the
sequence can be verified, they don't need to trust the server; or at
least there is an audit function.
Eg. say that the server publishes subsequent pre-images in a
hashchain.
h_0
h_{i+1} = h_i
and the server computes h_i values up to i = 10^8 and then publishes
them starting with h_{10^8}, h_{10^8-1}, ...
Then anyone can verify that the random number is the preimage of the
previous random number.
You do something similar with a more efficient (log(n)) auditing
function with merkle authentication trees.
If they aren't doing this someone should clue them in.
Adam
More information about the Testlist
mailing list