I run a lotto where I use 7 secrets.
1. My secret.
2 to 6. Other gambling site secrets
7. Random.org secret.
All secrets are verifiable, and all secrets except for the last one have hashes.
So I have a secret I control which no one else has, a bunch of other secrets which their owners will never give to me, and the planet has a secret that won't be known until the morning of that day.
Topic: Are Transaction IDs unpredictable? (Read 1122 times)
I want to use this for a provably fair betting system.
SatoshiDICE uses the transaction ID to determine the lucky number but the reason it doesn't matter if it is random is because the transaction ID is just part of the input used to get the results, with the remainder kept secret at the time the bet is placed.
Another "provably fair" service, BitLotto (whose operator has since cut and run with the last month's worth of winnings) used the results of an external event (a state-run lottery) that occurred after the betting deadline as its apporach to offering provably fair.
But as others mentioned, the Trx ID is the result of the contents of a transaction, and thus can be manipulated.
As others have pointed out each tx hash is random however an atacker can generate as many as he wants and only broadcast the ones he wants to.
Compare that to a dice roll is random but allowing a gambler to roll as many times as he wants and then pick the dice roll would not be a good idea.
Compare that to a dice roll is random but allowing a gambler to roll as many times as he wants and then pick the dice roll would not be a good idea.
Exactly. One can't know the hash before the transaction has been made, but one does know the hash before one sends that transaction to anybody else. If your betting system is "hash wins if it ends in a 0 bit", then it's easy to only send you winning transactions. If your betting system is "hash txid along with a secret-of-the-day-that-gets-revealed-tomorrow, win if that ends in a 0 bit", then you're probably fine.
Simple question, is it possible to predict a transaction ID/hash before the transaction has been made?
I want to use this for a provably fair betting system.
depending on your system, an attacker might only broadcast transactions which he will win on. I want to use this for a provably fair betting system.
As the ECDSA signatures require a random K value (which unfortunately was shown *not* to be random for some broken Java implementations which caused people to lose BTC) and the tx hash includes this information (am pretty sure the tx hash is a hash of all of the raw tx bytes) then I think you should be pretty safe in assuming it should *normally* be random.
Understand that as K values that are non-random *can* be used it could be a potential vector of attack to use non-random values in order to screw up the "fairness" (at the risk of losing at least some small amount of BTC).
Understand that as K values that are non-random *can* be used it could be a potential vector of attack to use non-random values in order to screw up the "fairness" (at the risk of losing at least some small amount of BTC).
Simple question, is it possible to predict a transaction ID/hash before the transaction has been made?
I want to use this for a provably fair betting system.
I want to use this for a provably fair betting system.
Jump to: