Abstract
Secure lottery is a cryptographic protocol that allows multiple players to determine a winner from them uniformly at random, without any trusted third party. Bitcoin enables us to construct a secure lottery to guarantee further that the winner receives reward money from the other losers. Many existing works for Bitcoin-based lottery use deposits to ensure that honest players never be disadvantaged in the presence of adversaries. Bartoletti and Zunino (FC 2017) proposed a Bitcoin-based lottery protocol with a constant deposit, i.e., the deposit amount is independent of the number of players. However, their scheme is limited to work only when the number of participants is a power of two. We tackle this problem and propose a lottery protocol applicable to an arbitrary number of players based on their work. Furthermore, we generalize the number of winners; namely, we propose a secure (k, n)-lottery protocol. To the best of our knowledge, this is the first work to address Bitcoin-based (k, n)-lottery protocol. Notably, our protocols maintain the constant deposit property.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In our protocol, players commit the secrets at the beginning of the protocol by using a cryptographic hash function. Thus, more precisely, we need to extend the bit lengths of secrets to an appropriate length by adding multiples of \(v_a + v_b\).
- 2.
Only the \(\textsf{Win}\) transaction corresponding to the winner of the final match uses the template for the root node. See Fig. 3, and \(\textsf{Win}(\pi _r,a)\) is the corresponding template.
References
Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Secure multiparty computations on bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 443–458 (2014). https://doi.org/10.1109/SP.2014.35
Back, A., Bentov, I.: Note on fair coin toss via bitcoin. CoRR abs/1402.3698 (2014). http://arxiv.org/abs/1402.3698
Badertscher, C., Maurer, U., Tschudi, D., Zikas, V.: Bitcoin as a transaction ledger: a composable treatment. In: Katz, J., Shacham, H. (eds.) Advances in Cryptology - CRYPTO 2017. Lecture Notes in Computer Science(), vol. 10401, pp. 324–356. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_11
Bartoletti, M., Zunino, R.: Constant-deposit multiparty lotteries on bitcoin. In: Brenner, M., et al. (eds.) Financial Cryptography and Data Security. Lecture Notes in Computer Science(), vol. 10323, pp. 231–247. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70278-0_15
Baum, C., David, B., Dowsley, R.: Insured MPC: efficient secure computation with financial penalties. In: Bonneau, J., Heninger, N. (eds.) Financial Cryptography and Data Security. Lecture Notes in Computer Science(), vol. 12059, pp. 404–420. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-51280-4_22
Belenkiy, M., et al.: Making p2p accountable without losing privacy. In: Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society, pp. 31–40. Association for Computing Machinery (2007). https://doi.org/10.1145/1314333.1314339
Bentov, I., Kumaresan, R.: How to use bitcoin to design fair protocols. In: Garay, J.A., Gennaro, R. (eds.) Advances in Cryptology - CRYPTO 2014. Lecture Notes in Computer Science, vol. 8617, pp. 421–439. Springer, Berlin (2014). https://doi.org/10.1007/978-3-662-44381-1_24
Bentov, I., Kumaresan, R., Miller, A.: Instantaneous decentralized poker. In: Takagi, T., Peyrin, T. (eds.) Advances in Cryptology - ASIACRYPT 2017. Lecture Notes in Computer Science(), vol. 10625, pp. 410–440. Springer, Cham (2017)
Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) Advances in Cryptology, pp. 199–203. Springer, Boston (1983). https://doi.org/10.1007/978-1-4757-0602-4_18
Choudhuri, A.R., Goyal, V., Jain, A.: Founding secure computation on blockchains. In: Ishai, Y., Rijmen, V. (eds.) Advances in Cryptology - EUROCRYPT 2019. Lecture Notes in Computer Science(), vol. 11477, pp. 351–380. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_13
Cleve, R.: Limits on the security of coin flips when half the processors are faulty. In: Proceedings of the Eighteenth Annual ACM Symposium on Theory of Computing, STOC ’86, pp. 364–369. Association for Computing Machinery, New York, NY, USA (1986). https://doi.org/10.1145/12130.12168
Goldschlag, D.M., Stubblebine, S.G.: Publicly verifiable lotteries: applications of delaying functions. In: Hirchfeld, R. (ed.) Financial Cryptography. Lecture Notes in Computer Science, vol. 1465, pp. 214–226. Springer, Berlin (1998). https://doi.org/10.1007/bfb0055485
Hall, C., Schneier, B.: Remote electronic gambling. In: Computer Security Applications Conference, Annual, p. 232. IEEE Computer Society (1997). https://doi.org/10.1109/CSAC.1997.646195
Konstantinou, E., Liagkou, V., Spirakis, P., Stamatiou, Y.C., Yung, M.: Electronic national lotteries. In: Juels, A. (ed.) Financial Cryptography. Lecture Notes in Computer Science, vol. 3110, pp. 147–163. Springer, Berlin (2004). https://doi.org/10.1007/978-3-540-27809-2_18
Kumaresan, R., Bentov, I.: How to use bitcoin to incentivize correct computations. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 30–41. Association for Computing Machinery (2014). https://doi.org/10.1145/2660267.2660380
Kumaresan, R., Moran, T., Bentov, I.: How to use bitcoin to play decentralized poker. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 195–206. Association for Computing Machinery, New York, NY, USA (2015). https://doi.org/10.1145/2810103.2813712
Küpçü, A., Lysyanskaya, A.: Usable optimistic fair exchange. In: Pieprzyk, J. (ed.) Topics in Cryptology - CT-RSA 2010. Lecture Notes in Computer Science, vol. 5985, pp. 252–267. Springer, Berlin (2010). https://doi.org/10.1007/978-3-642-11925-5_18
Kushilevitz, E., Rabin, T.: Fair e-lotteries and e-Casinos. In: Naccache, D. (ed.) Topics in Cryptology - CT-RSA 2001. Lecture Notes in Computer Science, vol. 2020, pp. 100–109. Springer, Berlin (2001). https://doi.org/10.1007/3-540-45353-9_9
Lindell, A.Y.: Legally-enforceable fairness in secure two-party computation. In: Malkin, T. (ed.) Topics in Cryptology - CT-RSA 2008, pp. 121–137. Springer, Berlin Heidelberg, Berlin, Heidelberg (2008). https://doi.org/10.1007/978-3-540-79263-5_8
Miller, A., Bentov, I.: Zero-collateral lotteries in bitcoin and ethereum. In: 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 4–13 (2017). https://doi.org/10.1109/EuroSPW.2017.44
Nakai, T., Shinagawa, K.: Constant-round linear-broadcast secure computation with penalties. Theoret. Comput. Sci. 959, 113874 (2023). https://doi.org/10.1016/j.tcs.2023.113874
Nakai, T., Shinagawa, K.: Secure multi-party computation with legally-enforceable fairness. In: Wang, D., Yung, M., Liu, Z., Chen, X. (eds.) Information and Communications Security. Lecture Notes in Computer Science, vol. 14252, pp. 161–178. Springer, Singapore (2023). https://doi.org/10.1007/978-981-99-7356-9_10
Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system. Decentralized Bus. Rev. (2008)
Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Pap. 151, 1–32 (2014)
Acknowledgment
This work was supported by JSPS KAKENHI Grant Numbers JP18H05289, JP21H03395, JP21H03441, JP22H03590, JP23H00468, JP23H00479, 23K17455, JP23K16880, JST CREST JPMJCR22M1, JPMJCR23M2, and MEXT Leading Initiative for Excellent Young Researchers.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Proofs of Lemmas
Proof of Lemma 1: Let \(\pi _{l\in [L]}\) such that \(|\pi _l| = l\) be the l-th match for player p. Suppose \(v^l_p/v^{l-1}_p\) be the probability that p wins at \(\pi _l\). Then, the probability that p wins the tournament holds:
This is also true for any player. \(\square \)
Proof of Lemma 2: Let \(\pi _i\) such that \(|\pi _i| = i\in [k]\) be the i-th match for player \(p_{i+1}\) and \(l_{i-1}\), where \(l_{i-1}\) is the loser of (\(i-1\))-th match The probability that p wins the tournament holds:
This is also true for any player. Moreover, the probability of winning the parties in S simultaneously equals the probability of losing \(p\notin S\). Thus, the probability of winning the parties in S simultaneously is equivalent for any \(S \subset P\) such that \(|S|=k\). \(\square \)
Proof of Lemma 3: For any \(j \in [k]\), the winning probability in \((n-j,n-j+1)\)-lottery can be expressed by \((n-j-1)/(n-j)\), as shown in Lemma 2. Since the probability of each \((k',k'+1)\)-lottery is independent, the probability that a player wins the entire (k, n)-lottery can be written as:
Moreover, since the losers are chosen uniformly at random in each \((k',k'+1)\)-lottery, it is obvious that the winning probability of any set of k players is equivalent.
B Transaction Templates for Constructing (k, n)-Lottery
To combine multiple \((k,k+1)\)-lottery protocols, we modify \(\textsf{Win}\) transactions. See Fig. 8 that shows the point of connection between j-th lottery and \((j+1)\)-th lottery protocols. The output scripts of \(\textsf{Win}(\pi ^j,a)\) in j-th lottery are used as input of \(\textsf{Win}(\pi ^{j+1},a)\) in \((j+1)\)-th lottery protocol. Furthermore, \(\textsf{Win}(\pi ^j_r,a)\) redistributes \(\$d\) to \(\textsf{Win}(\pi ,a)\) for deposits of the next lottery. With this modification, \(K_p(\textsf{WinInit}, \pi , a)\) and \(K_p(\textsf{Return}, \pi , a)\) are added to the key pairs prepared in the initialization phase.
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Uchizono, S., Nakai, T., Watanabe, Y., Iwamoto, M. (2024). Constant-Deposit Multiparty Lotteries on Bitcoin for Arbitrary Number of Players and Winners. In: Seo, H., Kim, S. (eds) Information Security and Cryptology – ICISC 2023. ICISC 2023. Lecture Notes in Computer Science, vol 14562. Springer, Singapore. https://doi.org/10.1007/978-981-97-1238-0_8
Download citation
DOI: https://doi.org/10.1007/978-981-97-1238-0_8
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-97-1237-3
Online ISBN: 978-981-97-1238-0
eBook Packages: Computer ScienceComputer Science (R0)