Hash as seed for a Guessing game

[mcgin]

So lets say we are currently at block 240,000.  If I were to say I will use the hash of block 240,010 as the seed to a random number generator (or some number of bits from the hash) for a number guessing game, would this be a secure mechanism for seeding the RNG?

The only attack I can think of is someone with an interest in the outcome of the RNG who has enough computing power to solve block 240,010, check if the result favours them, if so submit it to the network, otherwise discard it.

Is this a feasible attack?  Is there any other issues?

[1713873329]

1713873329

[1713873329]

1713873329

[1713873329]

1713873329

[1713873329]

1713873329

[1713873329]

1713873329

[TierNolan]

So lets say we are currently at block 240,000.  If I were to say I will use the hash of block 240,010 as the seed to a random number generator (or some number of bits from the hash) for a number guessing game, would this be a secure mechanism for seeding the RNG?

The trick would be to keep the reward lower than the block reward.  If someone "wins" block 240,010, they get 25BTC in a reward.  If your lottery pays 1BTC in a prize, it is more profitable to publish a block.

An different attack occurs to me.  They could join a mining pool and would get credit for their hashes.  However, they could still throw away the winning block, if they didn't actually win.

However, I think mining pools probably have checks so that if someone has 2-3 blocks worth of shares without any win, they are flagged as suspicious.

[marilyn4325]

An different attack occurs to me.  They could join a mining pool and would get credit for their hashes.  However, they could still throw away the winning block, if they didn't actually win.

I don't see how this attack could work. It is very unlikely that a miner finds a valid block. And for a number guessing game, there are lots of possible numbers. So if you throw away a valid block that didn't win your guessed number, the probability to win the number guessing are only increased by a very very small percentage, multiplied with the prize, lower than the pool reward.

Same would be true if someone has enough computing power to solo solve a block. If the random number seed uses the hash of the block, it will be very random. So the block solver can only throw away blocks that are not resulting in winning the guessing game. If you have lots of computing power, you could probably find one block per day. But throwing that away will only increase the probability to win the number guessing game by a small fraction, depending on your lottery investment. Assuming it is some kind of a lottery where you can buy lottery tickets, you would need to buy half of all tickets to have a higher chance to win by throwing away blocks.

I can't do the exact math, but probably the lottery reward can be much higher than 25 BTC until it makes sense for miners to try to cheat and throw away blocks.

[kushti]

So lets say we are currently at block 240,000.  If I were to say I will use the hash of block 240,010 as the seed to a random number generator (or some number of bits from the hash) for a number guessing game, would this be a secure mechanism for seeding the RNG?

The only attack I can think of is someone with an interest in the outcome of the RNG who has enough computing power to solve block 240,010, check if the result favours them, if so submit it to the network, otherwise discard it.

Is this a feasible attack?  Is there any other issues?

The attack is feasible under many reasonable definitions of an adversary.  There's a good paper on that by Pierrot/Wesolowski: http://eprint.iacr.org/2016/370.pdf. Shortly, if you're defining a single random bit from a block, then in case like yours a miner with 25% of mining power can take a desirable outcome probability from 50% to 74% by spending ~1 block reward(>=25 BTC atm).

Better schemes of randomness extraction from the Bitcoin blockchain could be proposed, but first you need to define your use-case and goals precisely.

[2c0de]

Is this a feasible attack?  Is there any other issues?

If the jackpot in your guess game becomes too big, bigger than 25 BTC or maybe even 50BTC, then yes, this miner attack becomes profitable.

It is cheap to throw away mined block, if the miner itself participate in the game and miner will lose his bet.

For this reason, to give another chance to miner's bet, miner will throw away block that cause game loss.