Provably fair Heads Or Tails: the protocol

Let's say you go to an online casino, playing a simple game: a coin toss.

Heads: you lose your bet, tails you double your money.

How can the casino prove to you that the bet is fair ? That is to say, that the casino is not cheating by using a biased coin ?

Here is a simple protocol I devised. The links link to an explanation of how a weakness in the corresponding part of the protocol can be exploited by either Alice or the Casino.

• Assume an agreed upon seedable random generator and bet amount.
• The casino selects a random seed part \(s_C\), and sends its signed hash to Alice, along with a proof that twice the bet amount has been put in escrow. This is the commitment.
• Alice concatenates a random seed part \(s_A\) to the commitment, signs the result, and sends it back to the casino, along with her bet money.
• The casino seeds the random generator with \(s_A \oplus s_C\), tosses the coin and either pays Alice or keeps her bet money.
• The casino reveals \(s_C\) to prove the fairness of the toss.

Using this protocol, Alice gets either a fair toss, or a undeniable proof that the casino has been cheating.

This proof can be used to break the casino's reputation, or, if a trusted third party or a smart-contract-able blockchain is used as an escrow, get her money anyway.

In later posts, I'll show how altering any single part of the protocol can give a way for one of either Alice or the Casino to cheat, proving that every part of the protocol is necessary.

Proving that following the protocol is sufficient to prevent cheating is another whole can or worms.

Also, I have yet to check the prior art on this, and it is very plausible that I have reinvented the wheel.