Seriously? You work professionally in the crypto space and don't know where this is from? Or don't feel it's important to attribute such fundamental ideas to the appropriate people? If you really don't know, a quick google would have educated you. But what I fear to be more likely is that you apparently just don't give a damn.
For anybody remotely interested, look up Manuel Blum's work, e.g. "Coin flipping by telephone" presented at CRYPTO 1981. ACM Turing Award.
Or Rivest, Shamir, Adleman, "Mental Poker". Oh, those guys also got the ACM Turing Award.
I'd be curious if people on HN would want a zero knowledge survey and voting system inside Keybase, and if so, what would it look like?
The background: we talk about it sometimes as a solution to a real problem: in certain teams and workplaces, people can be afraid to give honest feedback (who dares to submit an "anonymous" survey to HR?), but Keybase may be in a unique position to let people in a group give written feedback, vote on something important, or rate an experience. Without any risk of exposing identity, short of writing something identifiable in a text field.
I'd be curious, personally, to see management get a yearly vote of [no] confidence, for example. Is that crazy?
Keep in mind we are mostly focused right now on user experience and performance improvements. But we allocate a certain amount of time to cryptographic features that just aren't possible in other software, such as this coin flip thing. We've been talking about voting and surveys, too.
Has Keybase lost it's way? I thought they were onto something cool and maybe could explore an enterprise play with private chats, filesharing and git for teams or something like that. Basically make money by selling to teams. But Keybase seems to have stagnated, existing apps are still quite buggy, not enough new developments recently. The facepalm moment for me was when they announced they were supported by the Stellar foundation. I lost all hope then and there. I get that you guys are buddies with the Stellar folk, you think Stellar is cool etc but an objective analysis leads to only one answer : don't do it you'll regret. Maybe add it as a feature (stellar integration) but don't go all in. Speaking of Stellar, still no integration after 1 year?? Focus on what you have and start making money. So, what went wrong malgorithms?
(Sorry if this sounds harsh or rude, there's no point in sugar coating the truth. Hopefully the keybase teams reads this criticism and does a little soul searching.)
I use Keybase daily and really like it, but of course the more I use it the more I fear it'll go away. Are they actually making any money off it yet, or will they eventually run out and fail to switch over to paid accounts in time before the company evaporates?
There's a slight variation on this that I had pondered for designing a distributed election algorithm. I'm sure the idea is not novel, but it would be nice to know what work has been done on it.
The goal is to fairly select some candidate from a set of candidates. Each candidate `Ci` generates a UUID `Ui`. The hash of their UUID `hash(Ui)` is published by each candidate. Once all hashes have been collected, each candidate reveals the verifiable original UUID to all the others.
Each candidate then concatenates these UUIDs together (after normalizing the sequence in some way - e.g. sorting), and produce a selector code: `H = hash(U1 ++ U2 ++ ... ++ Uk)`. Finally, the selected candidate is simply the one whose UUID is the closest to `H` under some distance metric.
I tinkered a bit with adapting it for situations where the candidate set could shrink during the selection process (i.e. a candidate drops out), but didn't really pursue it much.
It seems like a VRF might be a more natural choice than a commitment scheme for verifiable randomness, since it doesn't require any honesty assumption for participants, and Keybase already manages keys (though maybe it would be a problem if participants could change keys midway through the ceremony).
I see a flaw with that prng scheme. Since AES is reversible, the 128-bit blocks that make up the output cannot repeat. The output is a permutation of distinct 128-bit blocks. Early in the sequence that only matters a tiny bit, but the longer it goes, the more that tells you about possible upcoming values.
I got lost on the line "If the final answer is odd, the flip is TAILS." For example: Alice flips 1 for tails. Barb/Charlie/Danika flip 0. Why is the answer tails when most of the people flipped 0 for heads? Why use XOR instead of just taking the most common answer?
I want a heads to come up. I add a couple of hacked members to the group, so there are 3 honest members, and lets say 3 coordinated dishonest members.
Everyone shares their commitment hash, and the dishonest members share their actual commitments amongst themselves. Once everyone has the commitment hashes, the 3 honest members broadcast their commitment. The three dishonest members now have everyone's commitments, but honest members only have other honest member commitments. Dishonest members compute the ultimate value - if it turns up heads, then they just share their commitments with everyone, and the final answer is heads.
If it turns up tails, then the dishonest members compute possible permutations of various dishonest members dropping out and never sending their commitments. So maybe if dishonest member 1 drops out, the resultant value from just the group of 5 would be heads. So dishonest member 2 and 3 share their commitments and dishonest member 1 goes offline.
So, this system will work when it is composed of only people you trust, but will not work when it may be composed of people you don't trust. And if you trust everyone in it, why go through this process in the first place? And if you decide that when someone drops out and doesn't share their commitment, you just have to rerun the algorithm, then you have just given a very easy way to give the dishonest people a way to spike your coin flipper, so that no one can ever get a value out of it, or the dishonest members can just keep dropping out until they encounter a round where the final value is determined to be heads.