Just so we're clear, we're talking about a virtual coin flip here, right? Anything else would require trust. Even if you tried to use an API that checked the scores of a sporting event.
It's more like a two-party roll of a die with a practically infinite number of faces. If both rolls sum even, Alice wins. Otherwise, Bob wins.
Alice and Bob commit to their rolls by hashing them then making a future spend contingent on revealing the roll that produced the hash.
The trick is how to reveal both rolls without giving an advantage to the one who reveals second. This is the problem the protocol solves - through transaction setup and the newly-activated Script opcodes.
>It's more like a two-party roll of a die with a practically infinite number of faces. If both rolls sum even, Alice wins. Otherwise, Bob wins.
What you are describing is a coin flipping protocol [0].
From the article:
>To my knowledge this is the first time someone has proposed such a scheme on Bitcoin though I suppose it's possible it has come up before and I just missed it.
There have been coin flipping protocols for Bitcoin since at least 2013-2014 [1]. The main contribution of the above post appears to be that they actually performed the protocol which is neat and quite a bit of work.
Thanks for sharing that. Didn't know someone else had done it before. Nitpicking a little in that with that scheme the losers could attempt a double spend, but for 2014 it's still pretty cool.
Also a very clever hack to get around the scripting limitations by using the length of the secret instead of the actual secret itself.
All your graph says is that those coins are less valuable in terms of USD.
Transaction costs are specified by the protocol in satoshis, which is the base unit of Bitcoin. How much you can buy for one satoshi only depends on what people want to pay for it. We call this the coin value.
A coin without value is free to transact with. Run your applications on testnet if there are no other considerations.
The example is a coin flip but it could be any random based game by using a different algorithm than "number mod 2". You're correct that it can't act on real world data.
More specifically xor 2 initially hidden integers and mod X + 1 gives you a random number from 1 to X.
PS: Adding numbers mod X will provide a fair random number as long as at least one side provides a fair random number to start with. Which is a stronger guarantee if your making a real money wager.
Chess doesn't have any random element so it wouldn't need this kind of system. You could implement card games and board games that do have randomness like candyland.
You could implement chess with only movement commitments and no atomic fair random number generation.
