[messages] [General Discussion] revisiting preventing rigged dice rolls in online play

ewilen elliot.wilen at gmail.com
Sat Jan 21 22:44:51 MST 2012

An earlier thread[1] asked whether Vassal had any protection against
rigged dice rolls during online play. The conclusion there was that this
was impossible to protect against without a 3rd-party dice roller.

But I wonder if the following approach might work. Suppose two copies of
Vassal are communicating with each other. User1, using Vassal1,
initiates a dice roll.

Vassal1 transmits an encrypted, randomly-generated Seed1 to Vassal2. I'm
not an expert in cryptography by any means but it seems to me that the
seed may need to be "padded" in a way that would authenticate the value
on decryption. For example, it could consist of a series of
randomly-selected dictionary words. (There are probably better ways to
confirm that decryption has been performed using the correct key.)

Vassal2 responds to Vassal1 with an unencrypted, randomly-generated
Seed2. Vassal1 then combines the two seeds to deterministically generate
a die roll. Vassal1 sends the die roll back to Vassal2 along with the
key to decrypt Seed1. Vassal2 decrypts Seed1, authenticates it (in my
example, by confirming that the padding decrypts into dictionary words),
and confirms that the combination of the two seeds generates the same
value reported by Vassal1.


(This is based on a primitive method a friend and I used some 20 years
ago for PBeM. If I recall correctly, we'd each provide several series of
d6 rolls in text files, encrypt them and send them to the other person.
When a set of die rolls was needed, we'd exchange keys for a given pair
of text files. Authentication was based on the fact that decrypting a
text file with the wrong key would generate a series of nonsense
characters. The actual die rolls would be generated by rotating each
number from file1 by the corresponding number in file2. E.g., if n1 in
file1 was 5 and n1 in file2 was 3, the die roll would be 2.)

[1] http://www.vassalengine.org/forum/viewtopic.php?f=2&t=2482

Read this topic online here:

More information about the messages mailing list