> Alice’s commit transaction needs to specify some block height after which further guesses are ignored, and then publish the “reveal” message some (safe) number of blocks after this.
I think this is unsafe as well. Noted that since everyone can verify the real answer, there is no point for Alice to reveal it. As a result, as soon as anyone submits the correct answer, the miners can cheat and replace the answer as their own.
After some degree of thinking, I find that it is quite difficult to design a secure smart contract such guessing game. I haven’t find a way can fulfill all following security properties: (a) the Alice has to pay for the first person who finds the correct answer; (b) that person can only collect reward after showing the the correct answer; and (c) the miner cannot cheat.
I wonder if anyone has a solution for the above problem. Also, if such solution exists, we can actually use it to implement the RSA challenge [1] in smart contract.
One solution is to formulate the contract so that guessers submit a hash of (guess, nonce). The contract records each submission. A few blocks after the submission deadline, Alice reveals the correct answer. Then submitters of correct guesses send another message to the contract with their nonce. The contract gives the reward to the person who submitted a correct guess the earliest.
You can solve that with additional step:
1. Alice send the challenge.
2. You submit the answered, encrypted.
3. After you verify that your answer was included in a block, you post the private key you used for the encrypted answer.
4. Profit
I think the miner can cheat in step 3. After you submit your private key as a transaction, the miner can delay it to be included in the blockchain for arbitrary time. During which, the miner can use your private key to decrypt your answer submit in step 2. And resubmit their version of the answer.
That won't help him much, since my answer is already published in the blockchain when he will publish his answer.It is trivial to see that my answer was published first.
If the commitment uses a salt, it won’t be possible for anyone to verify guesses before Alice publishes the reveal message (which would include the salt).
In any case, the blog post has Alice rewarding whoever comes closest, not whoever guesses the exact value. For a sufficiently large range of numbers (e.g. 128 bits), you wouldn’t really need a salt since the probability of anyone guessing the exact value would be negligible.
I think this is unsafe as well. Noted that since everyone can verify the real answer, there is no point for Alice to reveal it. As a result, as soon as anyone submits the correct answer, the miners can cheat and replace the answer as their own.
After some degree of thinking, I find that it is quite difficult to design a secure smart contract such guessing game. I haven’t find a way can fulfill all following security properties: (a) the Alice has to pay for the first person who finds the correct answer; (b) that person can only collect reward after showing the the correct answer; and (c) the miner cannot cheat.
I wonder if anyone has a solution for the above problem. Also, if such solution exists, we can actually use it to implement the RSA challenge [1] in smart contract.
[1]: https://en.wikipedia.org/wiki/RSA_Factoring_Challenge