back to notes

Ad Hoc P2P Networks - Communications

Need verified computation, assuming resource discovery problem already solved. This means (since all such games have elements of randomness), needs a secure, repeatable (for authentication), yet _unpredictable_ seed for computations. How can this be? We can't have users knowing which rolls will succeed or fail; nor can we permit them to attack the RNG and succeed.

RNG generation depends on the state of the two servers you're communicating with; every period (could be each number generated, each 5 mins, whatever) they generate a random number for your seed from their RNG; we'll assume for the moment that they aren't biased (though that is QUITE possible if an attack can be made against the peer selection system, such as via network isolation). Those two numbers form the basis of your reset seed; all computations are thereby implied by those hosts, which should be able to authenticate their own RNG past state (somehow; storage isn't wonderful, could take themselves offline as well; then theirs could be regenerated from their two, ad infinitum, to reconstruct state?). Note, time isn't quite useful (even UTC corrected) as hosts clocks might get out of sync... though game world time should be consistent...

So - say every 5 mins, seed generates new peers, who provide new seeds... Downside; this relies on prior state of seed, makes whole history chain (therefore, either long term storage (not entirely unreasonable, but I care too much for now, esp with offline hosts taking up some of it). So - host selection mechanism must be independent of seed (therefore predictable); yet must be repeatable in face of temporary network outages; worry about that later (might have to store a history there). This gives a 5 minute history window, no chain should have to be followed further in time to authenticate a computation. (Can they be faster to auth than to make, a la hashcash? Doubtful, but worth consideration). Really, it's the signature that matters, which can be computed (but, hash collisions with preimage attacks; must not be md5 then :P, and stay up to date :P).

So, to be signed: every statistic update for character (health, position, inventory (each item, containers's inventory, etc)), items, mobs, terrain, ?. - for each game tick (esp for position...) - that's quite a bit of traffic... Comparable to a modern MMO/FPS? How do they trick it (securely)?


last updated may 2013