Bitcoin Forum
December 14, 2024, 11:52:56 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [RFC] Lottocoin  (Read 1742 times)
Auriga (OP)
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
June 02, 2011, 09:35:58 PM
 #1

Below is a description of how a lottocoin could work.  The lottocoin is inspired by the betcoin discussion at:
http://forum.bitcoin.org/index.php?topic=10011.20

The lottocoin is a distributed lottery.  The lotto prize is distributed, no one holds the prize.  The winner is decided by a peer to peer random number generator.

The lottocoin is based on bitcoin with the two following changes:

1) Someone buying a lotto ticket destroys the ticket money.  The lotto ticket has a receive address and the quantity destroyed in the transaction message.

2) At a regular interval, a winning ticket is found by the peer to peer random number generator.  The next mined lottocoin then creates the usual constant value, which the miner gets, plus the total quantity destroyed which is sent to the receive address of the winning lotto ticket.

More detailed explanation:

* The lottocoin is a new blockchain, separate from the bitcoin chain.
* Receive address and quantity pairs are stored in the blockchain attached to coins.
* Lotto tickets are acquired with the new transaction type; buy ticket.
* The payout is automatically made with the new transaction type; pay winner.
* Block validation is extended to reject transactions that do not follow the above rules.

Buying a lotto ticket destroys the ticket money, the same way that the money is destroyed when buying a domain name in namecoin:
http://forum.bitcoin.org/?topic=6017.0

At a regular interval, say after the first coin generated on Monday GMT, there is a lotto draw.  The peer to peer random number generator makes an agreed upon random number even if there are some hostile nodes.  One possible peer to peer random number generator is described at:
http://www.arnetminer.org/dev.do?m=downloadpdf&url=http://arnetminer.org/pdf/PDFFiles/--g---g-Index1247931776950/Robust%20Random%20Number%20Generation%20for%20Peer-to-Peer%20Systems1247951238765.pdf

Once a random number is obtained, the lotto tickets are stacked along the number line with the quantity destroyed as their width.  The random number, ranging from 0 to 1, is then multiplied by the total quantity destroyed to pick the winning ticket along the number line.

The next mined lottocoin then creates the usual mining value of fifty lottocoins, which the miner gets, plus the total quantity destroyed which is sent to the receive address of the winning lotto ticket.  The mining value is constant, it does not halve every four years like bitcoin.
bitlotto
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
June 02, 2011, 10:35:36 PM
 #2

Problem is moving actual BTC or value in and out of the chain. If they win they would have to convert it into something else to be of value. Why have a different chain when the current one works fine?

BitLotto runs on the CURRENT chain, but coins are not destroyed but collected. Then the network creates the number for the winner. The winner then gets all the coins.

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
demonblack
Newbie
*
Offline Offline

Activity: 47
Merit: 0


View Profile
June 02, 2011, 10:41:55 PM
 #3

Isn't it simpler to just make a lottery with the current blockchain?
There's no need of a new one just for this
koin
Legendary
*
Offline Offline

Activity: 873
Merit: 1000


View Profile
June 02, 2011, 11:20:52 PM
 #4

Isn't it simpler to just make a lottery with the current blockchain?
There's no need of a new one just for this

Maybe there's a script that could be implemented to accommodate this (escrowed winnings) in the current blockchain.
http://en.bitcoin.it/wiki/Script
Auriga (OP)
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
June 04, 2011, 09:25:11 AM
 #5

BitLotto runs on the CURRENT chain, but coins are not destroyed but collected. Then the network creates the number for the winner. The winner then gets all the coins.

The problem is that right now, since the winning number is dependent on a secret number, people have to trust BitLotto or any other lotto, to not steal the winnings.  For example, if there is a lotto prize of 100 bitcoins, and someone who knows the secret number has 60% of the lotto tickets, then their expected winning is 60 bitcoins.  Say this person generates a bitcoin block, worth fifty bitcoins, which is used in combination with the secret number to calculate the winning number.  If the winning number would not lead to winning the lotto, the cheater can simply not announce the block to get an extra (60 - 50 = 10) bitcoins.  As the bitcoin blocks halve in value every four years, the cheater gets greater winnings.  If the lotto prize gets larger, the cheater also gets more winnings.  The only way this attack could be guaranteed to be unprofitable is if the lotto prize was smaller or equal to the bitcoin block value.

The lotto operator knows the secret number, also a cracker could break into the system and learn the secret number.  Although I believe it unlikely that anyone has gone through the trouble to get lotto winnings in this way so far, as time passes the chance for such a cheat increases, and with this system there is no way for people buying the lotto tickets to know for sure if the random number is being generated fairly.
 
Making an agreed upon truly random number in a peer to peer system is more difficult than it seems.  Some of the issues with making a peer to peer random number are mentioned in the 'Robust Random Number Generation for Peer-to-Peer Systems' paper referenced above:
http://www.arnetminer.org/dev.do?m=downloadpdf&url=http://arnetminer.org/pdf/PDFFiles/--g---g-Index1247931776950/Robust%20Random%20Number%20Generation%20for%20Peer-to-Peer%20Systems1247951238765.pdf

There is also the problem that having one entity running a lotto means there is a single target for some kind of legal action.

Isn't it simpler to just make a lottery with the current blockchain?
There's no need of a new one just for this

The problem with making a lottery in the current blockchain is that it would slow development of bitcoin and add potential security holes.

It would slow development because it would increase the complexity of the bitcoin program, which means it would take longer for people to learn bitcoin to the point of being able to contribute.  People who want to contribute to bitcoin already have to spend a lot of time to get familiar with the complex program before they can start making any change safely, any additional complexity would make this even worse.  Also, if there is a lottery or anything else in the bitcoin program, it slows releases because any change has to be tested against the new lottery code as well as the existing code.  Overall, complexity is the main reason why software development slows down as programs gets bigger, and indeed why software development sometimes fails entirely when programs get really big.  Bitcoin development is already slowing as the program gets bigger, no function should be added to bitcoin if it could be done in another blockchain.

Maybe there's a script that could be implemented to accommodate this (escrowed winnings) in the current blockchain.
http://en.bitcoin.it/wiki/Script

A script has the same problems as adding the lotto directly to the blockchain.  In theory, scripts could add functionality without adding complexity or security holes, in practice they often bring trouble.
bitlotto
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
June 05, 2011, 02:02:42 AM
 #6

I think your missing what the secret number does. Since the winning numbers are a SHA256 hash of: secret+block1hash+block2hash even with the secret hash you can't cheat. In other words, the number is RANDOM beyond anyone's control. Even BitLotto's. Someone would have to manipulate the two blocks no matter what.

If everyone had the secret hash it would still be VERY VERY hard to manipulate as the cheater has to make more than 2 blocks between two normally appearing blocks appearing on the network. So over two blocks in less than about 10 min on average. It would require a pretty fancy super computer.  Each block they make would still be like rolling a 16 side dice, and that would be for only selecting the first digit. All the secret hash does it make it impossible baring breaking a SHA256 hash or somehow stealing it. (And if someone did, they'd have to spend a lot of money to win a little in comparison)

Yes the secret hash is overkill, and perhaps gives some that it gives me an advantage, but to suggest that BitLotto can actually really use it, it kind of absurd.

In other words, I could give EVERYONE the secret key, and I'd still sleep at night knowing that the lottery is safe. To have that resources as your disposal you would make WAY more money just simple mining. The lottery would have to be worth well over 100,000 USD to even be worth considering....

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
bitlotto
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
June 05, 2011, 02:20:14 AM
 #7

Auriga, ok, I re-read what you wrote and I think I get what your getting at. If at some time in future the draws get *so big* that it becomes even *remotely advantageous* to cheat I'll just switch to getting the numbers somewhere else. I don't think BitLotto is anywhere near that yet to worry about! You'd have to be crazy to spend the money and resources to win back a tiny fraction of what you spent.

I do however agree that the random numbers should not depend on trust. They should be independent of everyone. Completely fair. I think BitLotto achieves that with the: no one is crazy enough and rich enough to do it just for the sake of messing around.

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
bitlotto
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
June 05, 2011, 02:19:10 PM
 #8

After much contemplation,

BitLotto will use random data collected from the U.S.A Mega Millions lottery as well to get the winner. The hash that used before was secure. To cheat it, someone would have to spend a small fortune to win a tiny bit back. It was still possible but VERY unlikely. This was even with the secret hash known. I think the part about the secret hash confused some and gave the wrong the impression. Starting for the July 6 draw, the winning hash will come from a SHA256 hash of: block1hash+lotterynumbers (No spaces or + sign) Block1 is the first block to appear in the network with a time after 00:00:00 UTC on the draw date and the lottery numbers come from the Mega Millions drawn a few hours later. A draw of:17,19,39,41,55 Mega Ball 21 would be entered as:171939415521 in the hash. Tickets still need to be purchased prior to 00:00 UTC of BitLotto draw date.

Now instead of being practically impossible to cheat, it's now *impossible* to cheat for everyone! You'd have to cheat the U.S.A. Mega Millions to cheat BitLotto.

Thank you for making me worry about it more!  Wink LOL.

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
Auriga (OP)
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
June 07, 2011, 08:20:02 AM
 #9

BitLotto will use random data collected from the U.S.A Mega Millions lottery as well to get the winner.

Wow, great idea.

Also, I agree that using just block1hash is better than using block1hash+block2hash, because an attacker would just attack the last block hash in the chain, no matter how long the chain is.  Adding more block hashes increases complexity, but does not give any additional security.

It would be good to have an alternate lotto chosen and published in advance in case the Mega Millions lotto ceases operation.

I also suggest that you make a javascript page where people can enter the block hash and lottery number; and see the result.  Although only a few people would use this, it would increase confidence in the lotto system for everyone.
bitlotto
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
June 07, 2011, 12:16:52 PM
 #10

It would be good to have an alternate lotto chosen and published in advance in case the Mega Millions lotto ceases operation.
I wouldn't worry about it. It's the most popular lottery in the U.S.A. IF it ever did go away though it would be super simple to change to another lottery. As long as it's done before the draw and it's another large reliable one.

Quote
I also suggest that you make a javascript page where people can enter the block hash and lottery number; and see the result.  Although only a few people would use this, it would increase confidence in the lotto system for everyone.
Ya, I'll link to an online hashing site with numbers already fed into it.

Thanks for the input! Good luck if you entered BitLotto!

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!