Publicly Verifiable Lotteries: Applications of Delaying Functions

This paper uses delaying functions, functions that require significant calculation time, in the development of a one-pass lottery scheme in which winners are chosen fairly using only internal information. Since all this information may be published (even before the lottery closes), anyone can do the calculation and therefore verify that the winner was chosen correctly. Since the calculation uses a delaying function, ticket purchasers cannot take advantage of this information. Fraud on the part of the lottery agent is detectable and no single ticket purchaser needs to be trusted. Coalitions of purchasers attempting to control the winning ticket calculation are either unsuccessful or are detected. The scheme can be made resistant to coalitions of arbitrary size. Since we assume that coalitions of larger size are harder to assemble, the probability that the lottery is fair can be made arbitrarily high. The paper defines delaying functions and contrasts them with pricing functions [8] and time-lock puzzles [15].

[1]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[2]  Manuel Blum,et al.  Coin flipping by telephone a protocol for solving impossible problems , 1983, SIGA.

[3]  Stafford E. Tavares,et al.  On the Design of S-Boxes , 1985, CRYPTO.

[4]  Andrei Z. Broder,et al.  A provably secure polynomial approximation scheme for the distributed lottery problem (extended abstract) , 1985, PODC '85.

[5]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[6]  Nathan Linial,et al.  The influence of variables on Boolean functions , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[7]  Yvo Desmedt,et al.  Identification Tokens - or: Solving the Chess Grandmaster Problem , 1990, CRYPTO.

[8]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[9]  Steven Roman,et al.  Coding and information theory , 1992 .

[10]  Ramarathnam Venkatesan,et al.  Design of practical and provably good random number generators , 1995, SODA '95.

[11]  Eyal Kushilevitz,et al.  On Lotteries with Unique Winners , 1995, SIAM J. Discret. Math..

[12]  Mihir Bellare,et al.  Distributed pseudo-random bit generators—a new way to speed-up shared coin tossing , 1996, PODC '96.

[13]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[14]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[15]  Paul F. Syverson,et al.  Unlinkable Serial Transactions , 1997, Financial Cryptography.

[16]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[17]  Jin-Yi Cai,et al.  Design of Uncheatable Benchmarks Using Complexity Theory , 1997 .

[18]  Ronald L. Rivest,et al.  Electronic Lottery Tickets as Micropayments , 1997, Financial Cryptography.

[19]  Matthew K. Franklin,et al.  Auditable Metering with Lightweight Security , 1997, J. Comput. Secur..