After Alice chooses her hand, Bob would have a winning strategy if he could somehow see Alice's hand. But he can't. Can we provide a safe theory why not?
Also, if instead of hashing the concatenation of salt and hand, we hashed the xor of them, that would be bad. Can our theory prove it?
Good (but slightly more resource heavy) would to commit to salt only, then show the commitment to the salt, and the xor (of the last byte only). Can we show that it's safe? Or arbitrarily pick the salted last byte (or two-bit) as zero and skip sending it, sending only the salt in the end?
Can our theory handle the fact that an adversary could compute a small enough rainbow table, and thus that unsalted or insufficiently salted hands are bad?
After Alice chooses her hand, Bob would have a winning strategy if he could somehow see Alice's hand. But he can't. Can we provide a safe theory why not?
Also, if instead of hashing the concatenation of salt and hand, we hashed the xor of them, that would be bad. Can our theory prove it?
Good (but slightly more resource heavy) would to commit to salt only, then show the commitment to the salt, and the xor (of the last byte only). Can we show that it's safe? Or arbitrarily pick the salted last byte (or two-bit) as zero and skip sending it, sending only the salt in the end?
Can our theory handle the fact that an adversary could compute a small enough rainbow table, and thus that unsalted or insufficiently salted hands are bad?