I have 3 big questions about writing a bitcoin contract to do trustless distributed gambling.
I am working on writing a script to implement this:
http://www.cs.technion.ac.il/~idddo/cointossBitcoin.pdfThe goal is a very simple distributed gambling game. 2 people each risk the same amount of bitcoin. One person doubles their money, the other person loses money.
Unfortunately op_mod is currently disabled in bitcoin according to this:
https://en.bitcoin.it/wiki/ScriptI tried to improvise by computing the winner this way:
let A= Alice's secret, B=Bob's secret.
if hash(A+B)>[(biggest possible value)/2]: //***** QUESTION 1
Alice's signature can spend funds
else:
Bob's signature can spend funds
When this transactions gets signed, there are 3 ways the sig-script could look:
1) If someone loses their secret, then we can still rescue the funds: sig1 sig2 1
2) If Alice wins the game: sigA B A 0
3) If Bob wins the game: sigB B A 0
Here is my attempt at the script-sig:
op_if
2 <pubkeyA> <pubkeyB> 2 op_checkmultisigverify
op_else
op_2dup op_sha256 hash(A) op_equalverify sha256 hash(B) op_equalverify op_add op_sha256 op_pushdata2 256='0100' 1x('80') 255x('00') op_lessthan
op_if
<pubkeyA>
op_else
<pubkeyB>
op_endif
op_checksig
op_endif
This is what I think the script-sig looks like in hex:
63
52 <pubkeyA> <pubkeyB> 52 ad
67
6e a8 <hash(A)> 88 a8 <hash(B)> 88 93 a8 77 0100 8000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 0000 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 0000 00 0000 00 00 00 00 //*******QUESTION 2
9f
63
<pubkeyA>
67
<pubkeyB>
68
ac
68
QUESTION 1:
Is the hash function evenly balanced so that it is above 80000..... half the time, and below it half the time?
QUESTION 2:
is there a better way to write this function so that I don't have to hard-code that big number?
QUESTION 3:
Is anyone else working on this type of problem?
PS...
Now for the script of the second transaction:
[Alice's signature AND Bob's signature] OR [SHA256(B) ==B2 AND Bob's signature
op_if
2 <pubkeyA> <pubkeyB> 2 op_checkmultisigverify
op_else
op_sha256 <hash(B)> op_equalverify <pubkeyB> op_checksig
op_endif
scripsigs:
1) If someone loses their secret, then we can still rescue the funds: sig1 sig2 1
2) If Bob wins the game: sigB B 0
3) if Alice wins the game: then this transaction can not be spent.
