Introduction
Provably fair gaming is one of the cornerstones that sets blockchain-based games apart from traditional online games. When you play a game involving randomness or chance, trust in the fairness of the outcome is crucial. Blockchain technology, with its transparency and immutability, provides tools to build trustless systems where players can independently verify that the game results were not rigged.
One of the most common cryptographic techniques used to ensure fairness is the commit-reveal scheme. This method prevents either party (player or game operator) from manipulating the outcome after seeing the other's input. In this article, I’ll explain how commit-reveal schemes work in the context of provably fair gaming and share insights from building yoss.gg, a zero-rake peer-to-peer USDC coin flip game on the Base L2.
What Is a Commit-Reveal Scheme?
At its core, a commit-reveal protocol is a two-step process:
Commit phase: A party selects a secret value (like a random number) and then publishes a cryptographic commitment to it rather than the value itself. This commitment is usually a hash of the secret combined with some nonce or salt.
Reveal phase: After both parties have committed, they reveal their original secret. Other participants verify that the revealed secret matches the commitment.
This scheme ensures no party can change their input after seeing the opponent's choice, as the original commitment binds them to their secret.
How Does Commit-Reveal Ensure Fairness?
Randomness in games is often generated by combining inputs from both the player and the game host or between multiple players. Without commit-reveal, one party could wait to see the other's input and bias the randomness result in their favor.
With commit-reveal, because the commitments are public and irreversible, neither party can adapt their secret after learning the other’s. This leads to a final random value that’s deterministic based on both inputs and can be verified by anyone.
For example, consider a coin flip game where:
- The player commits to a secret random value.
- The host commits to their own secret.
- Both reveal their secrets after commitment.
- The outcome is derived from combining both secrets (e.g., XOR of the two numbers).
Both parties have equal influence, and the process is transparent.
Technical Walkthrough of a Commit-Reveal Scheme
Let's look at the cryptographic details:
-
Commitment:
commit = Hash(secret || nonce)-
secret: Random value chosen by player or host. -
nonce: Random salt to prevent dictionary attacks. -
Hash: Cryptographic hash function like SHA256 or Keccak256.
-
Reveal: Both parties reveal
(secret, nonce).Verification: Anyone can verify
Hash(secret || nonce) == commit.
By combining the revealed secrets (e.g., using XOR), the final game outcome is generated.
Implementing Commit-Reveal in Blockchain Gaming
Smart contracts are a perfect fit for commit-reveal because they can record commitments on-chain and enforce reveal timing. Here are some best practices:
- Store commitments on-chain: This guarantees immutability.
- Set reveal deadlines: To prevent stalling attacks, contracts should enforce a timeframe for reveal after commitment.
- Penalties for not revealing: If a party fails to reveal, the contract can grant the win to the other party or refund bets.
Challenges and Considerations
Front-running and MEV: On public blockchains like Ethereum, transactions are public before inclusion in a block. Attackers might see reveals and attempt to manipulate outcomes. Using layer 2 solutions or commit-reveal in multiple rounds can reduce this risk.
User experience: Commit-reveal requires multiple transactions, potentially increasing gas fees and latency.
Randomness quality: The method assumes both parties provide unbiased inputs. If one party is offline or malicious, fallback mechanisms are needed.
Real-World Example: yoss.gg
When building yoss.gg, a zero-rake P2P USDC coin flip game on Base L2, I used a commit-reveal scheme to ensure trustlessness between players. Each player commits to a random secret off-chain and submits the hash on-chain. After both players commit, they reveal their secrets to determine the coin flip outcome.
Key takeaways from implementing this:
- Using Base L2 reduced gas costs and improved transaction speed, making the multiple-step commit-reveal process user-friendly.
- The commitment and reveal phases are handled through smart contracts, ensuring transparency.
- The zero-rake model benefits from the integrity of the commit-reveal model because players trust the fairness without a centralized house edge.
This architecture demonstrates how commit-reveal can be practical and scalable in real-world blockchain games.
Conclusion
Commit-reveal schemes are foundational to provably fair blockchain gaming. By cryptographically binding parties to their chosen secrets before revealing them, commit-reveal prevents cheating and builds trustless randomness.
While there are challenges like user experience and front-running risks, layer 2 solutions and thoughtful contract design can mitigate these issues.
If you're building blockchain games involving randomness or betting, commit-reveal is a powerful pattern to ensure fairness and transparency. Drawing from my experience with yoss.gg, I encourage developers to experiment with commit-reveal schemes on low-cost, fast L2 environments to deliver genuinely fair gaming experiences.
Further Reading
- Ethereum commit-reveal pattern
- Provably Fair Gaming in Blockchain
- yoss.gg — a live example of commit-reveal in action
Top comments (0)