1995-11-30 - ecash lottery (Was: ecash casino)

Header Data

From: iagoldbe@calum.csclub.uwaterloo.ca (Ian Goldberg)
To: cypherpunks@toad.com
Message Hash: 80f4e8dc33e584be8cf82b57fab0f39de87347176c79c3e4080614ce93dbfe61
Message ID: <49j0sq$a69@calum.csclub.uwaterloo.ca>
Reply To: <199511291640.IAA28114@infinity.c2.org>
UTC Datetime: 1995-11-30 01:46:39 UTC
Raw Date: Thu, 30 Nov 1995 09:46:39 +0800

Raw message

From: iagoldbe@calum.csclub.uwaterloo.ca (Ian Goldberg)
Date: Thu, 30 Nov 1995 09:46:39 +0800
To: cypherpunks@toad.com
Subject: ecash lottery (Was: ecash casino)
In-Reply-To: <199511291640.IAA28114@infinity.c2.org>
Message-ID: <49j0sq$a69@calum.csclub.uwaterloo.ca>
MIME-Version: 1.0
Content-Type: text/plain


In article <199511291640.IAA28114@infinity.c2.org>,
sameer  <sameer@c2.org> wrote:
>	Any enterprising cypherpunks in gambling-friendly
>jurisdictions interested? I figure it would make ecash take off.. and
>you'd get rich.
>
Does anyone know what jurisdictions allow lotteries/gambling?

Here's an off-the-cuff idea:

[Disclaimer: The following post is a gedanken experiment.  It should not
		be interpreted as condoning or encouraging anyone to break any
		laws, no matter how stupid the laws are.]

Anonymous email lotteries:
Advertise the lottery (and include a public PGP key) through some remailer
in one of the above jurisdictions.  Use a remailer that allows pseudonymous
replies.  In the announcement, include a secure hash of the next drawing's
winning number (appended to appropriate amounts of random noise).  Advertise
to a mailing list or a newsgroup, like alt.anonymous.lotteries.announce.

People pay by sending:
{
A payment made out to "@" (the ecash wildcard)
Their choice of lottery ticket number
A PGP Public key
}
encrypted with the lottery's public key, to the remailer address.

A lottery consists simply of displaying the winning number and random
noise, whose hash was previously posted (so the participants know
you're not cheating).

Now: there's likely no Web-of-Trust to the various PGP keys involved,
so the lottery's Reputation will have to be built up.  A good way to
do this is to have smaller prizes being won fairly often (e.g. by matching
the last digit/few bits), so that it's obvious the lottery is not just
collecting money without awarding prizes.

The lottery pays out by replying to the winner's pseudonymous messages
with their payment (made out to "@"), encrypted with their PGP key.

There can be other variants on the lottery.  For example, the participant
whose ticket is _closest_ to the winning number wins all the money
in the pot (minus a cut for the house).  A problem with this, and various
other forms of the lottery, is that it's hard for the lottery to prove
that it's not cheating (either in the amount of money it took in, or
that the losers of the lottery actually lost, etc.).

In this model of payment, no participant knows anything about any other
participant except a remailer's Reply-Block, and a PGP public key.
However, using the features of ecash (from what I know of how it works,
which isn't all that much (yet)), a payer can, in collaboration with the
bank, identify the payee.  This may be undesirable for the lottery operator
and/or the participants.

If (when) details of ecash are published (by Digicash or by someone else),
it would likely be easier to work out how to achieve all-way anonymity with
ecash.  I seem to recall some mention of how this would be done here
a while ago, and Lucky said he was going (before he started working for
them) "to write some scripts that will lay the groundwork for some of the
more unusual applications of Ecash".

Follow-up thought:
The lottery operator, instead of depositing the coins he receives
from the participants, stockpiles them, and forwards them on to the
winner(s).  If a participant complains to the bank, and the bank traces
his payment, it is likely to merely identify another participant
(who is not doing anything illegal, AFAIK (IANAL; it's illegal to _run_
this sort of thing inside the US, not to _play_ it, right?)), and the
lottery owner can even claim he is merely a participant, in the chance event
that he _is_ the one identified, and he happens to be in the US...

As far as I can tell, then, with this sort of method, the only way the
lottery operator could be caught (technically; he could be caught in
non-technical ways, say by being overheard bragging about it (Don't laugh;
it's been done.)) is by having the remailer (or remailer chain) compromised.

So; is there a problem with the implementation outlined above?  If it were
implemented, would people play it?

   - Ian "Still not sure he wants to get an ecash account"





Thread