From: Hal <hfinney@shell.portal.com>
Date: Sat, 23 Jul 94 08:30:44 PDT
To: cypherpunks@toad.com
Subject: Re: Card Playing Protocol? (fwd)
Message-ID: <199407231531.IAA16454@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


I thought of a simpler way to attack the blackjack protocol proposed
by Karl, where the dealer shuffles the cards, commits to a hash, and
then the player checks the hash at the end of the deck.  Simply, this
allows the dealer to stack the deck.  He can put the cards in any order
he wants, claiming he is shuffling them, commit to that, and the player
will confirm that the hash matches at the end.  Meanwhile the dealer wins
every hand.  So this won't do.

An easy fix would be for the player and dealer to mutually choose a random
seed for a PRNG that is then used in a specified algorithm to choose the
cards of the deck.  The dealer would commit to the hash of his part of
the seed but would not reveal his part until after the deck is played out.
The player's seed and the dealer's are then combined and the player can
reconstruct the sequence of cards which should have been played.

Again, this is only suitable for a one-dealer-one-player game since other-
wise the dealer can collude with some subset of the players and tip them
off to what cards are coming up.

Hal