[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [crypto] crypto-protocols for trading card games



> In the not too distant past there was a fad for collectible trading card 
> games, the most famous of which was Magic, The Gathering (tm). These 

	Oy, don't mention that name.  I spent waaay too much money
on cards (Ah, my foolish youth.  Anyone want to buy a slightly used
Chaos Orb? :).

> games combined the collecting and trading of baseball cards with traditional
> aspects of card playing. Cards were issued by a central 
> authority/publisher (Wizards of the Coast in the case of MtG). Each 
> player uses his or her own deck; cards that are not played remain secret; 
> however the same deck mut be used in each round of a match. tournament 
> games are adjudicated by an umpire.
> 
> Design a set of crypto protocols to support the issuing, trading, and 
> playing of such card games in real time (100ms compute time per move)

	Well, here goes nothing for the playing part:

	Each player should submit a signed copy of their deck (i.e. a
listing of all the cards therin) to the umpire (if you don't want the
even umpire seeing the deck contents until afterwards, make them
submit a bit-committed symetric key and encrypt the deck manifest with
it).  Each individual card in the deck should have a unique identifier
which should be noted on the manifest.  Identifiers wouldn't need to
be sequential (in fact they might leak info to the opponent if they
were), but duplicates of the same card should each have its own id.
Depending on how you want to run things, you could allow (and probably
should require) players to submit new a ID->card list before each
round begins.

	So my deck might look like:

ID	Card
--------------------
309487	Prodigal Sorcerer
008461	Land (Plains)
663542	Land (Forrest)
....

	Before each round, opponents would exchange lists of card IDs.
Whenever a player needs to "draw", the other player takes an ID at
random off the list of IDs (and marks is as "used").  At the end of
each round the players submit a transcript of the game to the umpire
who then checks that all the cards played were in the decks, that no
duplicates of the same id/card were used, or changes of cards (i.e. ID
440315 was supposed to be a "Zombie" but the owning player said it was
a "Yawgmoth's Daemon").

	If you want to do away with the umpire (for casual play
between two people), have opponents swap the encrypted deck manifest
and bit commit to key used.  Afterwards they can double check for
cheating themselves.  Something you might want to allow is letting a
player include extra IDs which map to "no card, pick again".  This
would allow players to disguise the exact size of their deck (although
this would only allow for puffing up a deck, not making it appear
smaller).

	As for issuing and trading cards, maybe store cards as signed
certificates (something along the lines of "card name & serial number"
signed by the owner, then by the issuer).  This would make trading a
bit of a problem as you couldn't give the card away without the issuer
(Online clearing for Magic cards? :).  And there's the problem of how
do you tell who actually owns the card (if the issuer keeps a list of
serial number->owners that might work, but again that needs online
clearing).  I missed all the discussion on digital bearer bonds a
while back, but something like that might could be applied here.

	Don't know if that's what you were looking fore, but it's all
I can think of at this late hour and I'm sure someone will shoot holes
all through it anyhow. :) What do you think, sirs?

---
Fletch                                                     __`'/|
[email protected]  "Lisa, in this house we obey the       \ o.O'    ______
404 713-0414(w)      Laws of Thermodynamics!" H. Simpson   =(___)= -| Ack. |
404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43  U      ------