I tooted about a thing on Mastodon, which I've only used for very short conversations until now. After a very brief exchange, I started to feel like maybe I should just write a short blog post to explain what I'm after.

I've titled this why bother not in a defeatist, rhetorical sense, but because I actually want some feedback.

Some background

I've had an interest in peer to peer (p2p) games for a while, you may want to read this post which I wrote in response to a question on reddit about their feasibility. For context, my day-job is all about privacy, and I'm responsible for ensuring that other people's data remains safe, which can be a bit stressful at times.

Decentralized gaming offers me a chance to experiment with cryptography in a much more relaxed way. I can try out new ciphers or algorithms with reasonable certainty that the cryptography community won't hate me for the rest of my life if I make a mistake. It's a nice change of pace.

Beyond that, I don't actually do much gaming anymore, but I've personally bought copies of Cryptomancer tabletop RPG because I appreciate the work the author is doing to educate a wider audience about information security. I encourage you to go check it out and follow the author on twitter.

The project

The algorithms for secure coin flips have been around for a while. The definition provided by wikipedia explains one method for two parties, but you can generalize the process for any number of parties or bits. Somewhat surprisingly, I couldn't find any implementations of this, so I'd been thinking about making one for a while. I'd simulated the process in scripts on my own machine, but the protocols are fairly useless unless you can make them run across multiple machines, so I set out to do that.

The pitch

I pitched the project to a friend:

10:27 <@ansuz> playing around with a new architecture
10:27 <@lukevers> what kind?
10:27 <@ansuz> made an app that uses cryptpad's serverside APIs
10:27 <@lukevers> haha yay
10:28 <@ansuz> so the app is kinda aimed at tabletop rpg geeks
10:29 <@ansuz> intersecting with crypto
10:29 <@lukevers> going for the general public I see
10:29 <@ansuz> yes
10:29 <@ansuz> clearly
10:29 <@ansuz> :)
10:29 <@ansuz> multiparty coin flips
10:29 <@ansuz> and dice rolls
10:30 <@lukevers> ah so like make sure it's truly fair?
10:30 <@ansuz> yea
10:30 <@ansuz> you and I generate bytes, hash them, and reveal the hash
10:30 <@ansuz> afterward we both reveal the input, which can't be faked because of the hash
10:30 <@ansuz> xor them together, take the last bit, and that's the coin flip
10:30 <@lukevers> so /dev/random is more like /dev/luke-and-ansuz
10:30 <@lukevers> :D

As you can see from the (partially redacted) chat logs, I have some doubts as to whether such a thing is likely to gain a large userbase. Nevertheless, it was fun to code, so now I have a running prototype:

Alice and Bob roll dice together in a screenshot of the prototype

Now what?

Outside of programming, I enjoy riding bikes, juggling, and photography, which is to say I have some trouble sitting still. I managed to get the prototype running largely because a pedestrian stepped in front of me in a bike lane and contributed to me spraining my wrist. Since my wrist is nearly healed, I'm thinking about what I'd like to do with this project.

To start, I'll say that I'm planning to publish it under a copyleft license. Usually I go with the AGPL, and I think in this case I'll be obligated to because I used some parts from CryptPad which are themselves available under its terms. So, when I muse about what I'm going to do with this software, I'm thinking less about whether I'll monetize it or give it away, and more about whether I want to spend my free time improving it.

The tech community has earned a bad reputation for building things that no reasonable person would ask for. I made an interesting toy, but beyond the joy of building it, I want to know whether it addresses an actual need that people have.

I know that roll20 offers a service for tabletop rollplaying gamers to play together over the internet. I also know that their service is proprietary. I could spend my time trying to mess up their business by developing an open-source competitor, but I'm not sure that what they're doing is actually a problem. Yes, their product is centralized and closed-source, but I don't know whether they abuse the trust of their community. I like free software, but I'd like to hear from that community before assuming that they need liberation.

I'm not convinced that everything needs to be decentralized, though it's certainly fun to play with distributed computing. Furthermore, the people behind that platform seem to have invested a lot of time into making something that people like to use. I'm not inclined to damage their capacity to earn a living solely on the basis of software ideology. Finally, I'm not sure that I'm sufficiently motivated to follow through on the many essential features beyond those which might be fun to build.


With all that in mind, what do you think?

If you're a software developer focused on gaming, privacy, cryptography, or decentralization, and you'd like to contribute to such a project, let me know.

If you're a tabletop gamer and you have opinions about privacy or proprietary gaming platforms, I want to hear them.

If you're a member of the roll20 team and you want to bribe me not to release my code, please get in touch. I'm mostly kidding on this one.

Or, if you're representative of some other group I forgot about, feel free to contact me.