MSC3184: Challenges Messages #3184
Conversation
BillCarsonFr
force-pushed
the
bca/challenges
branch
from
964e74f
to
37042ff
Compare
turt2live
added
client-server
|
How it could look like in timeline
|
|
|
||
|
|
||
| Each participant will choose one of the straws, by commiting to a number [1,n]. | ||
| In order to resolve disputes, each participant must commit the straws by order of preference, e.g (1,3,2,4). If straw 1 was already taken, then try to peek 3, and so on. |
There was a problem hiding this comment.
If two people choose straw 1, how do you determine which one gets straw 1, and which one needs to use their second choice?
There was a problem hiding this comment.
I think based on m.challenge.commit event timestamp? then eventId order?
will update
There was a problem hiding this comment.
you can easily forge event timestamps
There was a problem hiding this comment.
But we will all see the same?
There was a problem hiding this comment.
Sure, but it means a person on their own homeserver where they can forge ts can then ensure that they get their choice vs fallback
There was a problem hiding this comment.
It isn't beneficial to forge the timestamp because you don't know what the straws are, no choice is better than any other. All that matters is that we can decide who picked what before the shuffle is revealed.
There was a problem hiding this comment.
How? Since the reveal only happens after the events have been sent there isn't an issue. Unless you are talking about people adding an event after the reveal and spoofing it to appear like it came out before?
If it is the latter we could include a hash of the selected responses at the time of reveal. Of course the proposer could potentially be accuses of selecting the order to make their preferred participant win.
|
|
||
|
|
||
| Each participant will choose one of the straws, by commiting to a number [1,n]. | ||
| In order to resolve disputes, each participant must commit the straws by order of preference, e.g (1,3,2,4). If straw 1 was already taken, then try to peek 3, and so on. |
There was a problem hiding this comment.
It isn't beneficial to forge the timestamp because you don't know what the straws are, no choice is better than any other. All that matters is that we can decide who picked what before the shuffle is revealed.
| `===` | ||
| `=` | ||
| `==` | ||
| `====` |
There was a problem hiding this comment.
How are the shuffle and choices serialized?
| ## Alternatives | ||
|
|
||
|
|
||
| ## Security considerations |
There was a problem hiding this comment.
Colluding parties can reliably win. For example the flipper can tell the guesser out of band or the shuffler can share the order with the player that they want to win (or lose).
|
|
||
|
|
||
| ## Alternatives | ||
|
|
There was a problem hiding this comment.
There is an MSC for polls. However this is notably different because it is about secret selection.
However this may have some overlap with a future bind-poll proposal which may wish to use similar techniques as the ones used here.
In fact it may be worth considering a generalization of this MSC which could support the following:
- Blind polls/simultaneous sharing. A system where participants can submit their proofs and they once the proofs are collected the actual values can be sent. This solves the "you go first" issue as you know that the answers didn't influence one another. This could be used to implement the straw picking example.
- Collaborative random choices. This could be used both for the coin-flip challenge as well as provably fair random picks in general. (Example: everyone submits a random value using a simultaneous share and the hash of all of the values is used to select a choice)
|
|
||
|
|
||
| ## Potential issues | ||
|
|
There was a problem hiding this comment.
What happens if some clients don't support some or all of the challenges? Right now there is no negotiation. This basically means that humans would need to do the negotiation before starting a challenge. It may be worth considering auto-negoation so that clients can indicate which challenges are supported by all members of the room. This would be extra useful for the commitment strategy as it would make sense to automatically fall back to an older method if it isn't supported by everyone involved.
| "type": "m.challenge.commit", | ||
| "content": { | ||
| "commitment": <sha256(✌️ || rA)> | ||
| [...] |
There was a problem hiding this comment.
How do we know who is involved? If I am in a group chat but want to challenge one person is there any automatic UX or is this left up to humans? This can be especially relevant if there are multiple groups in a room that have different challenges at the same time. For example imagine I am running a small tournament and each match needs to play rock-paper-scissors to decide who goes first, or each group needs to draw straws. Without some built-in targeting mechanism there will probably be a lot of people answering the wrong challenges.
There was a problem hiding this comment.
There is a to field that indicates the intended targets:
There was a problem hiding this comment.
turt2live
added
the
needs-implementation
|
Two ideas:
|
rendered
In matrix we already have vibrant discussions going on in rooms, but we often miss a fair method to resolve a dispute between several parties.
This proposal improve matrix by adding several methods to fairly choose between several options by:
Defining the standard shape for extensible challenges messages, such as
Defining extensible commitment schemes allowing to define the level for binding vs concealing property of the challenge