Bitcoin Forum
September 29, 2016, 01:33:30 PM *
News: Due to DDoS attacks, there may be periodic downtime.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 »  All
  Print  
Author Topic: Introducing: The Amazing Anonymous Bitcoin Lottery  (Read 20878 times)
jgarzik
Legendary
*
Offline Offline

Activity: 1470


View Profile
August 22, 2010, 09:19:56 PM
 #21

Ah, that is a no log-in solution. What is the downside to the easy log-in he has now?

At least to me, it's less anonymous because it encourages repeated use of the same login token.  In the real world, we can just walk to the nearest convenience store, hand cash to a clerk, and walk away with a lotto ticket.

Lotto tickets can be given to others, etc.


Jeff Garzik, bitcoin core dev team and BitPay engineer; opinions are my own, not my employer.
Donations / tip jar: 1BrufViLKnSWtuWGkryPsKsxonV2NQ7Tcj
1475156010
Hero Member
*
Offline Offline

Posts: 1475156010

View Profile Personal Message (Offline)

Ignore
1475156010
Reply with quote  #2

1475156010
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
nelisky
Legendary
*
Offline Offline

Activity: 1554


View Profile
August 22, 2010, 09:37:31 PM
 #22

So, a single ticket gets bought by the buyer providing an address, I'm with you so far...

But what happens to that generated url? I will not be sending emails, as the thing is, you know, anonymous, and for a single ticket I can copy/paste, but imaging it's 200 tickets... or I could have a form where you enter the address and I give you the ticket status... but wait, don't I already do this??? It's the login form!

Truth be told, the disposable address was the way I initially implemented this, but I tend to loose these addresses and, yes, if you add labels to the addresses you can recover, but it's a LOT of work for the regular joe, imho.

You can, however, create as many accounts as you want. I'll eventually have a close account feature, that gives back whatever bitcoins it holds to the user address and then break the link. Lots of possible ways to go around this, but the one I have is, I believe, the best balance between anonymity and usability. I'm open to changing it, of course.
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
August 22, 2010, 10:05:56 PM
 #23

If you use a new address of each ticket you have the same anonymity as the link generating way, right?
I get what you mean about encouraging repeated use, I already did that. But anyone who really cares can just keep track of many addresses instead of many links.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
nelisky
Legendary
*
Offline Offline

Activity: 1554


View Profile
August 22, 2010, 10:24:39 PM
 #24

If you use a new address of each ticket you have the same anonymity as the link generating way, right?
I get what you mean about encouraging repeated use, I already did that. But anyone who really cares can just keep track of many addresses instead of many links.

I really don't see this as a feature, usability wise, but lets pretend for a minute I do. The difference between what is there now and the proposed 1 ticket / 1 address is that you have to send as many transactions as tickets you want to buy, each to a different BTCIN address, and provide as many different BTCOUT addresses to make the pairs. How would the UI work? Is this really worth the effort?

On a different approach, I could force a different address pair for each draw. So when the draw ends, outstanding coins are returned and I delete the link on the inside. But then you'd need some reference to the individual tickets to be able to track status.

How much can we do here without breaking the ease of use?
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
August 22, 2010, 10:27:15 PM
 #25

To be clear, I think it's good how it is. I was just trying to understand what jgarzik wanted and why.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
nelisky
Legendary
*
Offline Offline

Activity: 1554


View Profile
August 23, 2010, 10:24:50 AM
 #26

People, I've added the btcout edit and coin withdrawal, but I'm having second thoughts here... The reason I left the login based on btcout alone is because even if you can hack it, you won't be able to do much about it.

That is no longer true, so if I hacked into some account by bruteforce (maybe try all addresses in the block chain? Probably someone is reusing addresses) I could now change btcout to something mine, cancel all open tickets and grab the dough. How can I avoid this? Ask for a password on register, and use that password to change btcout? Don't allow changing btcout at all (but them, if you make a mistake on register you are screwed unless I manually help you out, there goes the anonymous part).

Help me out!
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
August 23, 2010, 10:31:53 AM
 #27

The new look is great!

How can you mess up on register? If you put in a bad BTCOUT? Can you do the parity test or whatever to verify that the BTCOUT is a valid address? What else mattes? If they accidentally give you their grandmother's address I guess she gets the winnings.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
nelisky
Legendary
*
Offline Offline

Activity: 1554


View Profile
August 23, 2010, 10:35:39 AM
 #28

Yeah, I make zero effort of asserting registered address is correct, and other than trying to send bitcoins over, I know not of a method to assert it... probably could patch bitcoind to add an rpc method for that, though.

I can also check string length, I've just been lazy. But if I understand you correctly, it would be ok to deny changing the btcout so we can recover the account safety?
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
August 23, 2010, 11:11:00 AM
 #29

Yeah, I make zero effort of asserting registered address is correct, and other than trying to send bitcoins over, I know not of a method to assert it... probably could patch bitcoind to add an rpc method for that, though.

I can also check string length, I've just been lazy. But if I understand you correctly, it would be ok to deny changing the btcout so we can recover the account safety?

That is what I was thinking when I wrote that post, but now I realize that if the user lost a wallet, perhaps because they thought it was empty because it was, they would lose their eventual winnings because they no longer control that address.

I don't see a way to recover accounts. How would you even do it manually? Trust whoever PMs you? Oh, I guess you could be fairly sure if they knew the address, but needed to change it because they no longer controlled it. But if they forget it all together (whole computer dead)?

It is called the TAABL though, so I guess you can sacrifice forgetful user friendliness to maintain ease and anonymity?

Or maybe there is a solution I cannot conceive of.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
August 23, 2010, 11:16:04 AM
 #30

It just occured to me that you could have an optional password to allow someone to change their BTCOUT. Or even three options! No change allowed, change with passphrase and original BTCOUT, change with original BTCOUT only.

It lets the user choose their level of security from error vs security from attack. Maybe it's awkward or too much work, I dunno.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
nelisky
Legendary
*
Offline Offline

Activity: 1554


View Profile
August 23, 2010, 11:39:34 AM
 #31

It just occured to me that you could have an optional password to allow someone to change their BTCOUT. Or even three options! No change allowed, change with passphrase and original BTCOUT, change with original BTCOUT only.

It lets the user choose their level of security from error vs security from attack. Maybe it's awkward or too much work, I dunno.

It's not too much work at all, but it is a little daunting for basic users... I think asking them to provide a password on register, but allowing it to be kept blank (thus allowing BTCOUT to be changed just by knowing the original) would be a good trade-off. And then you can change that in the account page by changing or clearing the password, I guess.

Will try that, thanks.
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
August 23, 2010, 11:50:16 AM
 #32

I think that's good.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
nelisky
Legendary
*
Offline Offline

Activity: 1554


View Profile
August 23, 2010, 03:12:03 PM
 #33

Right, so here's what I did:

An optional password can be set on register or in the account page. When set, you'll need it to change the BTCOUT address. You can change it too. That password is not needed for login, the BTCOUT is still the only information required by the system.

There was another unrelated change that was logging people out when they changed BTCOUT. I've fixed that, but now everyone must log back in Smiley
BitLex
Hero Member
*****
Offline Offline

Activity: 588


View Profile WWW
August 23, 2010, 03:54:51 PM
 #34

what i noticed when i registered yesterday was
that it didnt send me to a done-page, but instead still showed the enter BCOUT to register,
i just ignored that, but it was kinda confusing ("am i registered now, or what?").

not sure if you changed that already.

nelisky
Legendary
*
Offline Offline

Activity: 1554


View Profile
August 23, 2010, 04:03:52 PM
 #35

what i noticed when i registered yesterday was
that it didnt send me to a done-page, but instead still showed the enter BCOUT to register,
i just ignored that, but it was kinda confusing ("am i registered now, or what?").

not sure if you changed that already.

Yeah, well, kind of Smiley

It does not log you in automatically, but it does tell you 'Registered!'. If you then log in from that page, you'll stay on the page and get a 'You are already registered' which is only slightly less confusing... but as it is working, that's low on my priority.
Anonymous
Guest

August 23, 2010, 04:18:58 PM
 #36

@nelisky

Perfect!

Thanks for the quickpick. Smiley
nelisky
Legendary
*
Offline Offline

Activity: 1554


View Profile
August 23, 2010, 06:24:55 PM
 #37

For all of you doing random bets, right now I make sure these bets don't repeat themselves *within your tickets* but would it be useful to make them unique on the whole draw? Luck is luck, there's no real statistical gain for the individual to do it any other way, but we would cover much more betting space, thus making it more probable for the high prizes to be hit, if I were to spread random bets that way.

What do you think, which do you prefer? And, if I do change this, you can always cancel all your tickets and buy them at random again, if you want unique bets system wide (unless someone else manually enters bets matching yours after you did that, of course).
FreeMoney
Legendary
*
Offline Offline

Activity: 1246


Strength in numbers


View Profile WWW
August 23, 2010, 11:30:18 PM
 #38

For all of you doing random bets, right now I make sure these bets don't repeat themselves *within your tickets* but would it be useful to make them unique on the whole draw? Luck is luck, there's no real statistical gain for the individual to do it any other way, but we would cover much more betting space, thus making it more probable for the high prizes to be hit, if I were to spread random bets that way.

What do you think, which do you prefer? And, if I do change this, you can always cancel all your tickets and buy them at random again, if you want unique bets system wide (unless someone else manually enters bets matching yours after you did that, of course).

If you share a number you share prizes. I've been making sure my bets add coverage to make sure they are unique. Of course they could get stepped on afterwards, so I'm not really safe.

I realized also that you need to make the list of tickets public, it's the only way to be sure the operator isn't adding tickets after the draw.

Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
nelisky
Legendary
*
Offline Offline

Activity: 1554


View Profile
August 23, 2010, 11:42:58 PM
 #39

If you share a number you share prizes. I've been making sure my bets add coverage to make sure they are unique. Of course they could get stepped on afterwards, so I'm not really safe.

I realized also that you need to make the list of tickets public, it's the only way to be sure the operator isn't adding tickets after the draw.

"I have a plan..."

So you say you want the random to be unique, right? It just sidesteps a bit from 'random' when we get picky, but a subset of random should be random enough, I guess.

As for the list of tickets public, I didn't want to do that while the bets are on because, well, it felt wrong. But I can't find a reason in logic to substantiate that, so if there are no objections I'll make a list of *all* taken numbers.
Remember that 2 blocks from the end the bets are locked, and that's when I though I'd be introducing the list, but I can do it before.

What more information do you need to make sure I (or any other future operator) am not stealing? Knowing the numbers provides you with enough knowledge to block me from stealing a top prize but not from stealing a lower one. For that you need a list of bets *and* how many tickets exist on each bet... How should such data be provided?

I'll start by just posting a list of bets to a page, a big ol' dump, and then I'll think about something on the likes of a csv file that gets generated as the draw is locked.
nelisky
Legendary
*
Offline Offline

Activity: 1554


View Profile
August 24, 2010, 12:52:46 AM
 #40

Random bets are now unique on the whole draw, until there's only 5% of bet space left, at which point it just takes any number.

You can see the bets for the draw in the details page. I added a blank when bets are not in sequence or duplicated, to indicate a 'hole'. I'll try to make that downloadable once the draw is locked, so everyone can verify the prize distribution when the result block gets issued. I think that's as much disclosure as it is possible, but if you'd rather have some more information, speak up.
Pages: « 1 [2] 3 4 5 6 7 8 9 10 11 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!