[messages] [Developers] Human readable saved games

Joel Uckelman uckelman at nomic.net
Thu May 26 04:06:54 MST 2011

Thus spake swampwallaby:
> > But making savegame files completely human-readable XML seems to me
> > problematic if that savegame file contains hidden piece information
> > – it would be perhaps too easy for someone to sneak a peak at his
> > opponent. Unless you'd find a way to encrypt or otherwise serialize
> > hidden information.
> This is more than just an issue with saved games. The hidden state
> information is transmitted out to all clients to keep them in sync. One
> game piece can include both hidden information and open information.
> Clients other than the owner of the piece can manipulate some aspects of
> that piece, and must maintain that 'hidden' state, and be able to
> transmit it on to further clients. 
> Theoretically, it should be possible to isolate the 'hidden' state and
> use Public Key Cryptography to keep it from being read in the clear by
> other clients.
> This is a really fundamental issue that is vital to get right from the
> start.

There's an easy thing, and an impossible thing here. The easy thing is
dealing with static state. (By "static" I mean that a user cannot gain
or lose access to any information while working with the file.) Each
permission group has a key pair. You can think of users as single-member
groups. Everything accessible to a group is encrypted with that group's
public key. To include group A in group B, you encrypt group B's private
key with group A's public key. 

This completely solves the problem of hidden information that can be
revealed by the owner of that information only. For example, if I draw
a card, and it's the sort of game where no one else gets to look at
or take my card, then a public key system works perfectly. You can't
decrypt the data about my card without my private key, which you don't

The impossible thing is to have security when one player can take
actions which reveal hidden information, and needs to do so offline.
So, for example, if I need to be able to take any one of your cards, or
flip over one of your pieces, then my computer needs to have access to
the data that's hidden so it can show me what card I took or the other
side of the piece I flipped. But if my computer has that data, then I
have that data; e.g., I could always reload and check out each of your
cards. There's no way to reveal information securely offline in a way
that ensures only as much information is revealed as is supposed to be.


More information about the messages mailing list