and so forth.
All of the holdouts could conveniently "forget" to reveal their passwords after commitment but, until all other passwords have been shared except the holdouts, and then selectively the specific holdouts can be revealed that result in the random result that is chosen by the attacker.
This would be possible if the attacker can control when the revealed passwords arrive and time it so that their revealed passwords are the last 33 passwords to be revealed. The attacker might have God-like visibility into network through which the passwords are revealed.
Any alternative, such as asking everyone to encrypt their passwords with the same public key, for which a central authority holds the private key and will reveal it all at once, breaks down because the central authority could leak it to coordinated attackers, so that the attackers know everyone's private keys before they are revealed.
How can we get around the issue of holdouts, and solve this distributed random number scheme?
We want to be able to resist $10 trillion of network-level attacks including full control of the Internet that is used to submit commitments and reveals, including full control of the order of delivery of packets by a compromised Internet.
Proposed Solution:
------------------
Lotteries could require 100% participation, any holdout (someone failing to reveal their key at step 4) could result in the entire lottery being null and void, and the holdout being removed from the rerun of the lottery. However this could suffer from a coordinated attack, for example with a billion people entering the lottery, if there are a million holdouts they could cause a million lotteries to fail in a row, and that is too many lotteries to run.
What other way is there for a distributed Utopia to run a fair lottery where everyone has an equal chance of winning? Is there any truly distributed random cryptographic protocol that is not susceptible to control by holdouts?
[1] Neither has chatgpt: https://chatgpt.com/share/67bf5a3d-4710-800b-a4e2-456fb48d96... this is only a partial, and nonsense, solution. (hashes don't make sense since they're trivial to bruteforce, the entire hash-based answer is totally nonsensical, and beacons can be manipulated). a network-level overlord could just bruteforce everyone else's hashes when they make them, and choose their OTP to be the one that gets to their chosen plaintext, and be last out the gate after everyone else has submitted theirs.
Continued from submission... For example, imagine there are exactly 33 holdouts, the OTP's
and so forth. All of the holdouts could conveniently "forget" to reveal their passwords after commitment but, until all other passwords have been shared except the holdouts, and then selectively the specific holdouts can be revealed that result in the random result that is chosen by the attacker.This would be possible if the attacker can control when the revealed passwords arrive and time it so that their revealed passwords are the last 33 passwords to be revealed. The attacker might have God-like visibility into network through which the passwords are revealed.
Any alternative, such as asking everyone to encrypt their passwords with the same public key, for which a central authority holds the private key and will reveal it all at once, breaks down because the central authority could leak it to coordinated attackers, so that the attackers know everyone's private keys before they are revealed.
How can we get around the issue of holdouts, and solve this distributed random number scheme?
We want to be able to resist $10 trillion of network-level attacks including full control of the Internet that is used to submit commitments and reveals, including full control of the order of delivery of packets by a compromised Internet.
Proposed Solution:
------------------
Lotteries could require 100% participation, any holdout (someone failing to reveal their key at step 4) could result in the entire lottery being null and void, and the holdout being removed from the rerun of the lottery. However this could suffer from a coordinated attack, for example with a billion people entering the lottery, if there are a million holdouts they could cause a million lotteries to fail in a row, and that is too many lotteries to run.
What other way is there for a distributed Utopia to run a fair lottery where everyone has an equal chance of winning? Is there any truly distributed random cryptographic protocol that is not susceptible to control by holdouts?
[1] Neither has chatgpt: https://chatgpt.com/share/67bf5a3d-4710-800b-a4e2-456fb48d96... this is only a partial, and nonsense, solution. (hashes don't make sense since they're trivial to bruteforce, the entire hash-based answer is totally nonsensical, and beacons can be manipulated). a network-level overlord could just bruteforce everyone else's hashes when they make them, and choose their OTP to be the one that gets to their chosen plaintext, and be last out the gate after everyone else has submitted theirs.
[2] https://claude.site/artifacts/cb0ac898-e5ad-42cf-a961-3c4bf8...