Author

Topic: bitcoin contract: gambling (Read 586 times)

newbie
Activity: 45
Merit: 0
January 08, 2014, 10:25:20 PM
#1
I have 3 big questions about writing a bitcoin contract to do trustless distributed gambling.

I am working on writing a script to implement this: http://www.cs.technion.ac.il/~idddo/cointossBitcoin.pdf

The goal is a very simple distributed gambling game. 2 people each risk the same amount of bitcoin. One person doubles their money, the other person loses money.

Unfortunately op_mod is currently disabled in bitcoin according to this: https://en.bitcoin.it/wiki/Script
I tried to improvise by computing the winner this way:
let A= Alice's secret, B=Bob's secret.
if hash(A+B)>[(biggest possible value)/2]: //***** QUESTION 1
   Alice's signature can spend funds
else:
   Bob's signature can spend funds

When this transactions gets signed, there are 3 ways the sig-script could look:
1) If someone loses their secret, then we can still rescue the funds: sig1 sig2 1
2) If Alice wins the game: sigA B A 0
3) If Bob wins the game: sigB B A 0

Here is my attempt at the script-sig:
op_if
   2 2 op_checkmultisigverify
op_else
   op_2dup op_sha256 hash(A) op_equalverify sha256 hash(B) op_equalverify op_add op_sha256 op_pushdata2 256='0100' 1x('80') 255x('00') op_lessthan
   op_if
      
   op_else
      
   op_endif
   op_checksig
op_endif

This is what I think the script-sig looks like in hex:
63
  52 52 ad
67
  6e a8 88 a8 88 93 a8 77 0100 8000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 0000 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 0000 00 0000 00 00 00 00 //*******QUESTION 2
  9f
  63
    
  67
    
  68
  ac
68

QUESTION 1:
Is the hash function evenly balanced so that it is above 80000..... half the time, and below it half the time?

QUESTION 2:
is there a better way to write this function so that I don't have to hard-code that big number?

QUESTION 3:
Is anyone else working on this type of problem?

PS...
Now for the script of the second transaction:
 [Alice's signature AND Bob's signature] OR [SHA256(B) ==B2 AND Bob's signature

op_if
   2 2 op_checkmultisigverify
op_else
   op_sha256 op_equalverify op_checksig
op_endif

scripsigs:
1) If someone loses their secret, then we can still rescue the funds: sig1 sig2 1
2) If Bob wins the game: sigB B 0
3) if Alice wins the game: then this transaction can not be spent.
Jump to: