On Thu, 2014-11-20 at 11:02 -0800, Kerim Aydin wrote: > > Hey folks, > > If I put up a (in programming sense trivial) dice server tailored > to Agoran needs, are there folks out there who know a little bit > about security who can advise on a way it can be "trusted"? > (E.g. Hash of the source code mailed with result; source code is > available on site to confirm inspectable source's hash matches). > > I suspect you might say that as long as I have (minor) control > over the server there's no trusted method, but it's not my area... > suggestions to get to an agora level of trust welcome...
There's absolutely no way to prove that the code that actually runs is the code that it claims to be running, because nothing would stop you just attaching a debugger and altering the intermediate values directly. The normal way to work around this, at least to some extent, is to store and output intermediate results (or hashes thereof) of the intermediate calculations, so that people reproducing the calculation can check that you did in fact do it correctly (this is used for things like prime checkers, where there are awards for finding large primes (= checking large numbers are primes), and they need to verify the results; the verification's done by getting multiple people to try the calculation and checking that the internal state matches). Sadly, this doesn't work for random number generators, on the basis that their entire purpose is to be unreproducible. If you can have two servers run by different people (who can be assumed to not collude), there's a secure way to do things: one of the servers comes up with a mapping from random results to answers (although this can't be done as ranges, e.g. if you want a 75% probability, you need not just "1-3: yes, 4: no" and "1: no, 2-4: yes" but also "1, 2, 4: yes, 3: no" and "1, 3, 4: yes, 2: no"), and then publishes a hash of that mapping (plus some random text so that the hash can't be bruteforced). Then the other server publicly picks a random number, and the first server then publishes its map. Neither of the people involved can manipulate the result. If your worry is more just along the lines of "there might be bugs in the code, people should know what version the code has because of that but will trust that that code is actually being run", keeping the code in a DVCS with hashes to identify versions (such as git) and publishing links to particular versions within the repository is probably the simplest way. -- ais523
