# Coinflip 1.1

Coinflip provides a cryptographically secure server/client program and protocol for choosing random bits.

- LICENSE TYPE:
- GPL (GNU General Public License)
- USER RATING:
- DEVELOPED BY:
**Doug Hoyte**- HOMEPAGE:
- www.hcsw.org
- CATEGORY:
- ROOT \ Security

Coinflip provides a cryptographically secure server/client program and protocol for choosing random bits.

Coinflip is a client/server based program that can generate random bits for 2 people over the internet. The 2 people don't have to trust each other in order to convince each other that the bit is truly a random bit.

It's called coinflip, of course, because flipping a coin in the real world is the equivalent of generating a random bit on a computer. (It's either heads or tails. It's either a 1 or a 0.)

Coinflip uses a slightly modified version of the "Coin Flipping Using One-Way

Functions" protocol outlined in Bruce Schneier's Applied Cryptography 2nd

edition.

This attack would work everytime Alice acted as the server in a coinflip procedure, providing Bob never realized that Alice was sending him the same y value every time. Or she could us it to trick multiple Bobs.

While it is supposed to be computationally infeasible to compute collisions in one-way hash functions, recent papers suggest that if you have enough money and time, collisions can be precalculated. P. van Oorschot and M. Wiener in their paper, "Parallel collision search with application to hash functions and discreet logarithms", estimate that for $10 million (in 1994 US dollars), a collision could be found for MD5 in 24 days on average. (Thank's for the info, defrost).

The solution is actually quite simple: Have both parties choose part of the random data, and use whatever size random number you like. Since Bob is expecting to see x contain his random data, Alice's collision attack is nullified, and since Alice gets to put in her own data, she can make Bob's array attack infeasible.

Coinflip is a client/server based program that can generate random bits for 2 people over the internet. The 2 people don't have to trust each other in order to convince each other that the bit is truly a random bit.

It's called coinflip, of course, because flipping a coin in the real world is the equivalent of generating a random bit on a computer. (It's either heads or tails. It's either a 1 or a 0.)

Coinflip uses a slightly modified version of the "Coin Flipping Using One-Way

Functions" protocol outlined in Bruce Schneier's Applied Cryptography 2nd

edition.

This attack would work everytime Alice acted as the server in a coinflip procedure, providing Bob never realized that Alice was sending him the same y value every time. Or she could us it to trick multiple Bobs.

While it is supposed to be computationally infeasible to compute collisions in one-way hash functions, recent papers suggest that if you have enough money and time, collisions can be precalculated. P. van Oorschot and M. Wiener in their paper, "Parallel collision search with application to hash functions and discreet logarithms", estimate that for $10 million (in 1994 US dollars), a collision could be found for MD5 in 24 days on average. (Thank's for the info, defrost).

The solution is actually quite simple: Have both parties choose part of the random data, and use whatever size random number you like. Since Bob is expecting to see x contain his random data, Alice's collision attack is nullified, and since Alice gets to put in her own data, she can make Bob's array attack infeasible.

Last updated on April 20th, 2007

#### Add your review!

SUBMIT