MIME-Version: 1.0
References: <CAAEDBiEB_RXBjrLB8kDb52bJOwZK-arVeHA_9LyoDgAraLKHNg@mail.gmail.com>
	<CBBB62CD-2E30-4C9F-962E-3F340B29EDA7@xbt.hk>
In-Reply-To: <CBBB62CD-2E30-4C9F-962E-3F340B29EDA7@xbt.hk>
From: James MacWhyte <macwhyte@gmail.com>
Date: Fri, 20 May 2016 14:30:52 +0000
Message-ID: <CAH+Axy5G9j-0TXE6dCQ69pH=TKPDtFibfCf_tZ87o88FVd0pxw@mail.gmail.com>
To: Johnson Lau <jl2012@xbt.hk>, 
	Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>, 
	Matthew Roberts <matthew@roberts.pm>
Content-Type: multipart/alternative; boundary=001a11426766ad94bb053346f05b
Subject: Re: [bitcoin-dev] BIP: OP_PRANDOM
Precedence: list

--001a11426766ad94bb053346f05b
Content-Type: text/plain; charset=UTF-8

Matthew,

Other than gambling, do you have any specific examples of how this could be
useful?

On Fri, May 20, 2016, 20:34 Johnson Lau via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

> Using the hash of multiple blocks does not make it any safer. The miner of
> the last block always determines the results, by knowing the hashes of all
> previous blocks.
>
>
> == Security
>
> Pay-to-script-hash can be used to protect the details of contracts that
> use OP_PRANDOM from the prying eyes of miners. However, since there is also
> a non-zero risk that a participant in a contract may attempt to bribe a
> miner the inclusion of multiple block hashes as a source of randomness is a
> must. Every miner would effectively need to be bribed to ensure control
> over the results of the random numbers, which is already very unlikely. The
> risk approaches zero as N goes up.
>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>

--001a11426766ad94bb053346f05b
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr">Matthew,</p>
<p dir=3D"ltr">Other than gambling, do you have any specific examples of ho=
w this could be useful?</p>
<br><div class=3D"gmail_quote"><div dir=3D"ltr">On Fri, May 20, 2016, 20:34=
 Johnson Lau via bitcoin-dev &lt;<a href=3D"mailto:bitcoin-dev@lists.linuxf=
oundation.org">bitcoin-dev@lists.linuxfoundation.org</a>&gt; wrote:<br></di=
v><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:=
1px #ccc solid;padding-left:1ex"><div style=3D"word-wrap:break-word"><div>U=
sing the hash of multiple blocks does not make it any safer. The miner of t=
he last block always determines the results, by knowing the hashes of all p=
revious blocks.</div></div><div style=3D"word-wrap:break-word"><div><br></d=
iv><div><blockquote type=3D"cite"><div dir=3D"ltr"><p style=3D"margin-botto=
m:0in;line-height:100%"><br>
</p><p style=3D"margin-bottom:0in;line-height:100%">=3D=3D Security</p><p s=
tyle=3D"margin-bottom:0in;line-height:100%">Pay-to-script-hash
can be used to protect the details of contracts that use OP_PRANDOM
from the prying eyes of miners. However, since there is also a
non-zero risk that a participant in a contract may attempt to bribe a
miner the inclusion of multiple block hashes as a source of
randomness is a must. Every miner would effectively need to be bribed
to ensure control over the results of the random numbers, which is
already very unlikely. The risk approaches zero as N goes up.</p></div></bl=
ockquote></div><br></div>_______________________________________________<br=
>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div>

--001a11426766ad94bb053346f05b--