![]() ![]() The $stats command displays the statistics of the bot: the number of servers it’s in, the number of commands it’s received, the number of coins it’s flipped, along with a breakdown of heads vs. $flip does exactly what it sounds like: it flips a coin! sending the result in a nice embed, with an added randomly selected coin image for extra fun! $roll rolls a dice, taking a second to do so, also providing a helpful visual! There is also an option to roll a specific sided die - $roll d20 - for example, which allows you to roll as many different sided dies as you want! $help displays an informative embed that describes each command, providing both the command name and a simple explanation and also provides a support link and website link for more information. Finally, you need to prove.The Coinflipper bot has five basic commands, $flip, $roll, $help, $stats, and $invite. Then you need to take into account the issues above. Note that it is also necessary to include some sort of session ID in order to bind the encryptions to the same session.īottom line: you need a proper security model and definition of security. If decryption is provided, then maybe CCA security is required (especially if there are many executions). ![]() (Likewise, it may be possible to always generate a ciphertext that encrypts the opposite value and force the result to be 1.) However, this is also not so simple, since you need to determine whether you need CPA or CCA security, and this is related to the first part. Otherwise, given a ciphertext $c_A$ it may be possible to generate a random ciphertext that encrypts the same value, and then the result will always be 0. Regarding the second part of the question, at the very minimum you must have non-malleability. Therefore, just proving that it indistinguishable from random may not be enough. If you wish to use the result of the coin in a protocol (e.g., gambling) then you will need composition to hold as well. In the latter case, you would be better off just running a direct coin flipping protocol between $A$ and $B$. If $T$ is not trusted, then you need to have it prove that it behaved correctly (e.g., by proving that the decryption is correct). Specifically, if $T$ is trusted, why not have it just flip a bit and send it to both $A$ and $B$. First, it's very unclear what the role of the trusted party is, relative to the encryption. This sort of protocol is a bit more complicated than you may think. How is this a uniformly distributed coin flip in that case?įor part b) I am not sure how the notion of security can be defined? However I am confused as it seems that in a deterministic scheme the xor of two diff values will always be 1. Prove that your suggestion achieves this definition.įor part a) I believe that if A is dishonest it has no advantage however following the rules of the protocol and honest B will always produce a different cipher text. ![]() Define an appropriate notion of security and Value of the coin is uniformly distributed.ī) Suggest what type of encryption scheme would be appropriate to The value of the coin is deemed to be the XOR of the two values.Ī) Argue that even if A is dishonest (but B is honest), the final T decrypts both ciphertexts and announces both plaintexts. B chooses a random bit $b_B$, encrypts it using pk and announces the ciphertext $c_B$ to everyone, with the additional restriction $c_B \neq c_A$.A chooses a random bit $b_A$, encrypts it using pk and announces the ciphertext $c_A$ to everyone.A trusted party T publishes her public key pk.Consider the following protocol for two parties A and B to flip a fairĬoin (more complicated versions of this might be used for Internet ![]()
0 Comments
Leave a Reply. |