It's free to join Gamasutra!|Have a question? Want to know who runs this site? Here you go.|Targeting the game development market with your product or service? Get info on advertising here.||For altering your contact information or changing email subscription preferences.
Registered members can log in here.Back to the home page.

Search articles, jobs, buyers guide, and more.

By Peter Wayner
[Author's Bio]
Gamasutra
October 10, 2003

Introduction

Peer-to-Peer

Printer Friendly Version
   


Excerpted from:

[More information...]
 

 
Change Login/Pwd
Post A Job
Post A Project
Post Resume
Post An Event
Post A Contractor
Post A Product
Write An Article
Get In Art Gallery
Submit News
 


 


[Submit Letter]
[View All...]
  


Upcoming Events:
IGDA Leadership Forum
Burlingame, United States
11.12.09

GameSoundCon
San Francisco, United States
11.13.09

Southwest Gaming Expo
Dallas, United States
11.20.09

Workshop on Network and Systems Support for Games (NetGames 2009)
Paris, France
11.23.09

EVA 09 - Exposicion de Videojuegos Argentina
Buenos Aires, Argentina
12.04.09

[Submit Event]
[View All...]
 


[Enter Forums...]

Note: Discussion forums for Gamasutra are hosted by the IGDA, which is free to join.
 

 

 


Features

Policing Online Games: Digital Currency

Peer-to-Peer

In some environments, it doesn't make sense to place all the power and responsibility on a central server. Peer-to-peer networks can also trade bills, although they must take some extra precautions to prevent counterfeiting. Anyone can hand over a bag of bits to another player, but there's no simple way to prevent them from counterfeiting by handing over the same bits to other people.

The best approaches can only reduce the load on the central bank because there's no way to eliminate it. All of the notes must run through a central location to check for counterfeiting, and the security of the system is directly proportional to the time between checks. Banks may check only a fraction of the bills chosen at random, but they can't eliminate the check altogether.

A transaction in this scheme will look something like this:

  • Each bill consists of a data structure specifying the serial number (num) and the denomination (amount): B(num,amount).

  • Each bill carries with it a chain of digital signatures of each owner, beginning with the bank itself. If Sbank(B(num,amount)) represents the signature of the bank at the bill's birth, then this chain might look something like this:

    SAlice(SBob(Sbank(B(num, amount)))).


    This means that the bank created the note, gave it to Bob who gave it to Alice who is now the rightful owner.

  • The player spending the bill will add a new signature to the chain, giving up control of the bill and specifying the new owner. This is like endorsing a check.

  • The new owner accepts the bill and checks every digital signature in the chain. If they're valid, then the new owner closes the transaction.

  • The new owner checks for counterfeits by comparing the new bill's serial number will all the others owned by the player. This won't detect all counterfeits, but it will find some.

The notes grow each time they're spent in this scheme forming a chain of custody for the cash. Counterfeiting, if it happens, can be identified by looking at the chain of custody. If two bills with the same serial number appear, the counterfeiter can be identified by walking up the chain of custody to find the person who spent it twice.

The role of the bank depends upon the nature of the game. In the most extreme case, there's no need to look for counterfeiting because the game comes to a grand conclusion when everyone turns in their notes and their pieces, perhaps to claim a share of a purse. If there's one final judgement, then everyone can search for cheating at that point. There's no need for auditing along the way.

Often, waiting for the end of the game can be a mistake. Some games come with no ending. Others could be wrecked by some jerk counterfeiting like crazy.

Auditing can take any number of forms. Complete audits every n turns would require everyone to turn in their bills and receive new ones. This also saves overhead because the new replacements would not have a potentially long chain of digital signatures to be checked. The auditing will also clean house and add efficiency.

Another strategy is to recall bills selectively. Every so often, the bank will ask all bills with a serial number ending in, say, a 3 to be turned in. If this value is chosen at random, the cheaters won't be able to time their counterfeiting for maximal effect.

Making Change

Digital cash systems in peer-to-peer environments work more efficiently if the peers can split notes and make change. Requiring people to head to the bank to make change may help auditing, but it may be too onerous in any peer-to-peer environment.

Another solution lets users split the bills themselves. The simplest approach is to allow users to insert a message into the chain of digital signatures that says, in effect, "This bill has been split into n pieces and this is piece number i." Everyone who accepts the bill afterwards will treat it as being worth only 1/nth of the original denomination.

If n=10, then adding digits to the serial number is an efficient solution. A player with bill number 1045 would split into ten parts by creating new serial numbers 10450,10451,¼,10459.

Removing the Central Bank

There's no reason why there should be only one central bank for each game. While it may be efficient in some cases, it can be a bottleneck or an imposition on others. Some games may want to allow multiple banks or even allow each player to run their own bank.

In the most extreme case, each player also acts as their own bank. Instead of withdrawing cash from a central location, they simply mint it themselves. This temptation is not as dangerous as it sounds because players can place limits on each other.

For instance, if a board game begins by giving each player $100, then each player could begin with the right to issue 100 notes with serial numbers between 0 and 99. If someone notices a bill with a serial number outside of this range, then there's evidence of counterfeiting or at least inflationary spending.

Multiple banks do not change the transaction process. Each player still checks the validity of the chain of signatures and looks for potential duplicate serial numbers. In some sense, the issuer's name or number is just another part of the serial number for the bill.

Multiple Audits

Separating the auditors from the company is one tradition from the business world that can work here. There's no reason why the same person needs to maintain the bank and audit the transactions.

One simple solution is to allow any player to recall bills at any time. Well, subject to some rational limit. One player may ask all players to turn in a particular subset of bills at one time. Demanding all that end with the serial number `5' would pull in one tenth of the notes and uncover any cheating from that set.

The auditor can either return the notes to circulation or replace them with new notes drawn on a new bank. Having multiple players issue new notes will make things more confusing, but reduce the ability for individual players to create havoc. If another player may recall notes at any time, cheating can be discovered faster.

The downside of these multiple audits can be confusion. What happens to the status of a note if it isn't returned? It will not be valid, but what if this happened because of a software glitch or a communications failure? Is there a failsafe process? Adding all of the layers of audits discourages some cheating but certainly increases the complexity of the game.

Conclusion

Never Board Games created their own toolkit that lets one player's computer act as the bank for the system. The bank issues all of the notes at the beginning of the game and then lets players swap them as they need to. Auditing is only done by each player after a transaction and at the end of the game. Since many games created by Never Board end up with one person owning all the money and property, this is effectively the same thing.

This scheme also protects the privacy of players. If the bank does not scrutinize every transaction, then the bank can't know how much each person holds. People are free to cut side deals without telling the rest of the board how much cash they are trading.

Digital cash systems are just more specialized versions of the process for controlling the proliferation of objects. Every digital game must stop people from duplicating desirable objects, and cash is often the most desirable object. There's no reason why other objects can't be defined with the same system if the rules of physics apply. It may not make sense to split apart a suit of armor, but there's no reason why a flagon of beer can't be split into n different parts.

The schemes in this chapter offer a rudimentary form of privacy that may not be ideal in all cases. While a distributed mechanism doesn't let any one player pay too much attention to another, all the transactions are essentially in the clear. If you can see all of the bills, you can know who did business with whom. This can be a problem because people can pick up the data as the bills circulate.

Lessons

  • Cash is just another object that shouldn't be duplicated.

  • The most important parts of a digital cash object are the serial number and the value.

  • Digital currency may also include other values in the data structure like the rightful owner, the interest rate paid on the note, and the expiration date.

  • Everyone in the game wants to prevent others from cheating by spending the same bill twice.

  • One solution is to run every transaction through a central bank. This may stop cheating by ordinary players immediately, but it places plenty of power in the central bank. Power can corrupt.

  • One way to spread authority is to require each person to sign a bill over when spending it. This creates a chain of digital signatures showing who owned the bill at what time.

  • If two bills appear with the same serial number, the counterfeiter can be identified by looking at this chain of custody.

  • Auditing can occur at random times by requiring players to turn in all bills with certain classes of serial numbers.

  • Players can create change by attaching another note explaining that the bill was split into n parts and this is the ith part.

For more information about the book, an FAQ, an ordering form, and an errata page, go to http://www.wayner.org/books/pog

 

______________________________________________________

[back to] Introduction


join | contact us | advertise | write | my profile
news | features | companies | jobs | resumes | education | product guide | projects | store


Copyright © 2003 CMP Media LLC

privacy policy | terms of service