Does someone want to summarise their protocol?
This paper has a clever solution to the problem we were stuck on in Iddo's coinflip protocol, which relies on curently-disabled op codes.
The problem is only due to an incidental quirk in Bitcoin's scripting language anyway, so it's clever rather than fundamental. Iddo's hashlocked lottery protocol requires each party to select an arbitrary number, and a deterministic function of those numbers is used to decide the winner. The problem is the script language doesn't let us do math (like OP_ADD) on larger-than-4-byte numbers, and more than 4 bytes of randomness are needed for it to be very safe/fair. The solution they propose is to use OP_SIZE to effectively compress a large string down to a small math-friendly number.
The key step goes like this: each player selects a random number i, in the range 0, 1, ..., N (for an N-player lottery). Then, they select random string s with 20+i bytes. The commitment is the hash of s, and to reveal it you do "{s} OP_SIZE OP_DUP {20} {20+n} OP_WITHIN OP_VERIFY {20} OP_SUB" in the script to get out just "i".