Old idea with potential value.
I keep thinking about building on Hive and crypto in general and find myself wondering why we don't have any good PvP random number generators using SHA-256. According to my own experience and the Internets SHA-256 does indeed produce random output. Looking at other decentralized solutions I can see that people have thought about this a lot and even created some interesting modules, but they aren't used for gaming and are rather more oriented toward core developments on blockchain as a way to make the networking more trustworthy.
I have some code floating around here with this idea in mind and I'm seriously considering going back and completing the module so I have something to build off of. The idea being here that random numbers in computing are extremely difficult to achieve. At best everything is pseudo-random on a technical level. This is fine for most applications, but when there is a financial incentive to cheat because money is on the line it becomes much more complicated. We absolutely cannot trust centralized agents with our random numbers. THEY HAVE AND WILL CONTINUE TO CHEAT.
It's been very obvious to me over all these years that game developers on networks such as AVAX really have no idea what they are doing in terms of decentralization. Everyone is following the same centralized path. A centralized dev team creates the thing and then contorts it into something that incorporates a token that they premine. The community can't contribute to the codebase or create content or run infrastructure. Every project I look at is doing it wrong and they don't even realize it.
This is very frustrating because even games that are decades years old have allowed their community to create content in terms of custom map engines and API connectors and the ability to mod the ecosystem. It's also very frustrating because pretty much every crypto game is pay-to-win (while being called play-to-earn) and is inherently a Ponzi that gives advantage to bots and other forms of Sybil attack. Something has got to change, but at this point I'm rambling.
General Overview:
The idea here is that players in a game should all have the ability to manipulate RNG so they know for a fact that none of the other players can cheat them in this way. I've blogged a couple of different times how Bitcoin is creating an infinite set of random numbers on every block (average 10 minutes each) which is highly useful and grossly underutilized at this point. However for PvP games these RNG events need to happen on demand in real time so POW solutions are not acceptable. Below is how I believe such a module would work.
Phase 0: Create Password
Every roll of the dice, as it were, needs to be generated by a secret password that is only revealed at the appropriate time. In this case every player creates a secret password for every random event. This could be drawing a card from a deck, a number between x & y values, dice rolls, or literally any other random thing.
Now that I know a little bit more about crypto than I did when I first had this idea I realize that the perfect crypto solution to this problem is to create a 12-word seed that will allow players to produce and infinite amount of temporary passwords that can be used and thrown away with ease. This would make guessing the passwords people are going to use nearly impossible unless they are able to figure out the seed. As we all know seeds are pretty difficult to figure out when secured properly, and a module like this would be able to change the seed on a whim because they don't secure any assets.
Phase 1: Password Masking
All passwords need to be combined together before the random event can be determined. This is a problem because the last person to submit their password can look at everyone else's password to manipulate the outcome. To avoid this scenario all passwords have to be masked with an irreversible SHA-256 hash. This way players can lock in their password without anyone being able to read it. Once all passwords are locked in the passwords are revealed.
Phase 2: Reveal Password
Every player now submits their real password. These passwords need to hash to the exact value from the previous phase to ensure that the result can not be manipulated. It is technically possible for two SHA-256 hashes to have the same result, but on a practical level this is not an issue as the chance of this happening is just as unlikely as hacking a Bitcoin wallet.
Phase 3: Combine Data
Now that we have every password we can serialize them together using a specific format. This data structure could take many forms, including JavaScript JSONs that could be fed into local databases. Because every player has contributed a password to the structure every player can be reasonably sure that no other player was able to manipulate the outcome in their favor.
The result of this JSON structure would be yet again one final SHA-256 hash.
Phase 4: Derive RNG Set
Using the final hash gives us a reasonably secure set of random numbers in which all players have contributed to. This set of random numbers is infinite in nature, as the hash itself can be recursively rehashed over and over again to infinity if more numbers are needed. SHA-256 is a very efficient algorithm so this process would be quite fast.
Potential problems with this method:
Prototypes could be built on the Hive blockchain but they might not be fast enough depending on the application. Creating and masking the password requires a signature and blockspace. Revealing the password, combining the data, deriving the RNG requires another block. So in theory this would take at least 2 blocks but in practice it would take a bit more because the second block is in response to the first one. Lag times such as these would be unacceptable for instant gratification or fast paced action.
Any app that became popular would inevitably bloat the chain and fill up the blocks quite quickly. Pretty obvious an off-chain solution needs to be implemented for sustainability, but that comes with its own set of challenges.
Disconnections
What do you do if one player doesn't submit their password to a random event? Do you continue without them? What if there is money on the line? In something like online-poker there are "disconnect protections" but those are exploited by players to put themselves all-in without actually being all in. There's no simple fix to these issues.
Client/Server vs Peer-to-Peer
A Client/Server solution can be more reliable but players are also trusting the host to tell the truth. What if the host just decides that a player didn't submit an answer when they actually did? Resolving these edge-cases is a pain in the ass but would be worth it in the end. For example if a player was disconnected from an off-chain environment they could be disconnected using an on-chain operation. If that player responded to the on-chain operation it signals that someone is a bad actor and we need to figure out who. Either the player is stalling or the host is lying (or having connection issues).
P2P
Ideally a lot of layer 2 applications would be running on some kind of virtual LAN situation where all the players are talking to each other and there aren't any centralized points of vulnerability. Not sure how difficult these logistics would be to set up but this kind of tech has existed for decades.
Conclusion
It's a bit weird that we've been in crypto developing this long but dev teams constantly create centralized tech by design with the sole intention of profit. This is not what crypto rewards, and there are a lot of improvements to be made. Luckily healthy competition will continually push devs to undercut each other until we get to the bare bones of where we should have been all along. Patience is a virtue I suppose, but like most I grow weary of waiting.
Much thought to this over the years. Coming from the world of gaming have wondered about this and seen others wonder too. Love the thought process as user and blockchain inputs are needed for the process while being handled and trusted. Would have to map out and spend time thinking about this as you are already doing from what you have posted. Leading to user input and other elements from / within the blockchain with proper masking, and some way to confirm as well. Much food for thought.
Well, i really need this stuff.
It is amazing how difficult it is to do peer to peer, encrypted negotiations.
There are vulnerabilities at every level. Even onion tor has honey pots, and govern-cement servers.
Something i would really like to do is have a chat, or phone/video service that doesn't need a server. But our internet isn't built that way. And you need a server, at minimum, just to find each other.
After microsloth "acquired" Skype i have been rolling around ideas for a true internet communications tool. But, like you put here, there are several pieces that are missing.
That said, there will be a new computer connecting Aether Network
It will probably be wireless, and it will connect over the whole world.
But, it will really be P2P centric, and not host to server centric like our current internet.
I think the best we can potentially achieve is a system in which every user is a server, serving only their data, but providing an endpoint for every other server to send to. This also needs to be wireless to eliminate the physical host of wired network, enabling all users to be peers. Politically, I don't think this can currently be created, because the totalitarian tyranny being imposed on the world requires the ability to completely control data, but that tyranny is doomed to collapse due to internal competition once the external hurdles are surmounted and cooperation once necessary to gain that global control is exchanged for internal struggle to gain control of the whole. History shows this is the inevitable result of successful imposition of power, because the players that can attain to power cannot refrain from seeking to gain more power. Water flows downhill, and it always will.
Eventually the need for such comms will produce such a system, but only after attempts to rule the world mutually destroy each other. Hopefully we don't have to regress to the Stone Age to get past that elimination of megalomaniacal powermad wannabe tyrants, because that means we could get stuck in a loop that never enables getting past it. I am confident we can get past it, and very hopeful this is the time we will.
Yeah I'd really like to see the ability to sign operations on Hive on an airgapped machine like Raspberry Pi Zero 2.
Connect a camera to the pins to scan QR codes and maybe connect a display to the pins that can output QR codes.
With something like this the encryption could be nearly impenetrable and broadcasting the messages would be pretty easy even within centralized architecture.
I don't see how a connection to Hive from the machine you interact with could be considered airgapped. Using the QR codes you refer to could limit the connection, but there has to be a connection for the Pi to reach from your machine to Hive.
The definition of an airgap is "limit the connection" by transferring data through the air.
There are QR codes on both sides.
QR code input
QR code output
Airgapped on both sides.
I've already performed this operation by hand when changing my recovery account signed by owner key.
Which was a complete pain in the ass but it worked.
I can also be done using a flash drive; still technically airgapped but not as secure as a raw QR code.
If the QR code is able to be output to the internet by the Pi, doesn't the Pi have to have an internet connection? Such connection would entail other data transferred to and from the Pi, if I'm not mistaken. While there would be an airgap between the source of the QR code and the Pi, since no other connection to it, nor to the internet, would be necessary, the Pi itself wouldn't be airgapped, right?
Edit: depending on how the QR code was provided to the Pi. I guess the Pi wouldn't necessarily have a camera to get the QR code, and then might not be airgapped from the source of the QR code. Seems to me the USB, however, would be a mechanism to airgap between the source of the data and the Pi, with only the USB drive connecting the source of the data and the Pi.
Alright well firstly the PI doesn't need an input QR code unless it needs information from the blockchain/Internet.
For example hardware wallets don't have internet access and have no idea how much crypto they are securing.
All a hardware wallet can do is sign a public operation with the private key (blindly).
On Hive there are variables to make sure you can't post to multiple chains at once so you need to know a valid
ref_block_num&ref_block_referencewhich act as a reference to the current chain you are posting on. Theref_block_numresets every 2^16 (65,536) blocks so you have to pick a reference that is at most 54.6 hours old otherwise it will not be valid by definition and the nature of the 16-bit overflow mechanic.All this being said if you want airgapped communications and already know your partner's public key for encrypting messages then you don't need additional info from the interwebs. Again all these values can be input by hand, the QR code scanning is just an extreme convenience to avoid needing to type hundreds of characters flawlessly. In a way doing it by hand makes your brain the airgap rather than the QR code.
Output QR code:
The QR code that the PI creates to broadcast to the Internet is scanned by a phone.
The phone piggyback then broadcasts that message to the interwebs.
You can manually read all the data that goes in or out of the PI before it gets exposed.
All outbound transactions have already been encrypted by the private key.
Remember that the main reason to do all of this is to protect the private key.
As long as the key can't get leaked by outbound and the device functions as intended we're good.
My linux experience in a nutshell. LOL
The necessity for all this is disheartening, but I have no suspicion it isn't necessary. I have exposed my keys once, and lost 400 Hive for it. I appreciate your detailed explanation and the kind consideration that is behind it.
All of this.... So far over my head ... 😃
I write this stuff out expecting someone smarter than me to tell me why it's not gonna work but hasn't happened yet.
Oh what that must feel like... :)
oops :D
Do you ever talk to Matt from Splinterlands about their bot problem and your solutions?
They also have a big issue with people constantly figuring out how to game their system.
Every 3-4 months the game changes due to their efforts, which seem to penalize players more then bots in my humble opinion.
I know Matt is very highly respected a s a coder, and people may be intimidated by him.
But everyone needs new ideas generated by a different point of view.