Offline Dice Rolls

[ryanramage]

I am writing a pretty simplistic game that is location based. It makes you run around to different areas to unlock the next part of the game. This I have solved pretty simply with encryption and local storage.

I want to add some more to the game, but lets start simple. How would one do offline dice rolls, that could be verifiable when the user reconnects?

Properties I am looking for include:

• User cant change the dice roll some way. (this is in js)
• When they reconnect I can verify the dice rolls.

Some thoughts I have had:

• https://jscrambler.com/ provides things like code traps and "self-protective" code. Seems a bit market-speak, but maybe there is some research I could leverage there.
• pre-rolls. Encrypt a bunch of random pre-rolls, and then each action somehow pulls and decrypts one off the stack.

Anyway, open to suggestions, thoughts, etc.

[ryanramage]

And as much as quantum entanglement might work, this needs to happen with todays tech like an existing iphone ;)

[ryanramage]

This also looks promising: http://en.wikipedia.org/wiki/Homomorphic_encryption

[michielbdejong]

I think, none of the above.

An open source game is always susceptible to high score manipulation if the game uploads the simple high score. However, the game could upload the entire log of what the user did (supposedly containing all the actions that prove their skills and therefore the legitimacy of their high score), and you can replay this on the server.

You don't need to encode the source code, nor the dice throws. Just make sure every game is unique (cannot be downloaded and replayed).

If the game can be solved by a machine, then there is no protecting against that, they could connect their solver to a headless browser, regardless of how well you encrypt your code and dice throws.

If it cannot, then replaying the unique game on the server proves how good the player was and that the solution they uploaded was legit.

That's the client-server case. For multi-player games, you can do a similar thing where for instance all players can afterwards check if anybody else cheated. Say in poker, the bank could cryptographically sign the cards they give out, so that afterwards players can prove they really received that card from the bank as their 4th card etc, and didn't put any cards up their sleeves. Again, this can be done entirely with open source code, as long as each player (or at least the bank) creates an asymmetric key pair and shares only the public part.

hth!

[ryanramage]

However, the game could upload the entire log of what the user did (supposedly containing all the actions that prove their skills and therefore the legitimacy of their high score), and you can replay this on the server.

Yes, keeping a log is a good idea. The log could be entries like dice rolls, user choices, etc. But what if the game has multiple paths and they go down one, and then back track. I want to know that. But it seems that it's something that is easily manipulated.

I guess the context of this is trusted computing, in a sense. You are running your code in an untrusted environment. I am just trying to see how much of a 'entire log' could be verifiable in a context of 1) running on an untrusted machine, and 2) running offline.

[michielbdejong]

The dice throws should come from the server at the start of the game, otherwise the user could manipulate them.

But yeah, I don't know of a way to prevent users from backtracking, or from claiming "I solved this puzzle in 20 seconds, honest!" if the upload is delayed after that.