I am working on writing a script to implement this: http://www.cs.technion.ac.il/~idddo/cointossBitcoin.pdf
The goal is a very simple distributed gambling game. 2 people each risk the same amount of bitcoin. One person doubles their money, the other person loses money.
Unfortunately op_mod is currently disabled in bitcoin according to this: https://en.bitcoin.it/wiki/Script
I tried to improvise by computing the winner this way:
let A= Alice's secret, B=Bob's secret.
if hash(A+B)>[(biggest possible value)/2]: //***** QUESTION 1
Alice's signature can spend funds
else:
Bob's signature can spend funds
When this transactions gets signed, there are 3 ways the sig-script could look:
1) If someone loses their secret, then we can still rescue the funds: sig1 sig2 1
2) If Alice wins the game: sigA B A 0
3) If Bob wins the game: sigB B A 0
Here is my attempt at the script-sig:
op_if
2
op_else
op_2dup op_sha256 hash(A) op_equalverify sha256 hash(B) op_equalverify op_add op_sha256 op_pushdata2 256='0100' 1x('80') 255x('00') op_lessthan
op_if
op_else
op_endif
op_checksig
op_endif
This is what I think the script-sig looks like in hex:
63
52
67
6e a8
9f
63
67
68
ac
68
QUESTION 1:
Is the hash function evenly balanced so that it is above 80000..... half the time, and below it half the time?
QUESTION 2:
is there a better way to write this function so that I don't have to hard-code that big number?
QUESTION 3:
Is anyone else working on this type of problem?
PS...
Now for the script of the second transaction:
[Alice's signature AND Bob's signature] OR [SHA256(B) ==B2 AND Bob's signature
op_if
2
op_else
op_sha256
op_endif
scripsigs:
1) If someone loses their secret, then we can still rescue the funds: sig1 sig2 1
2) If Bob wins the game: sigB B 0
3) if Alice wins the game: then this transaction can not be spent.