
Socialist Millionaire Problem - vs4vijay
https://en.wikipedia.org/wiki/Socialist_millionaires
======
iheartblocks
In an episode of Curb Your Enthusiasm, the protagonist has to find the total
weight of all the passengers for an airplane, but every passenger is
uncomfortable sharing their weight. To me this seems like a problem that could
be solved cryptographically, as it seems reminiscent of the SMP or distributed
key generation. Does anyone from the crypto community know if there exists a
solution for a problem like that?

~~~
Thorrez
If you do things physically, you can do it easily.

For example you could have a hat with pieces of paper in it each with a
number. The numbers sum to 0 (some are positive, some are negative). Each
person draws a piece of paper, adds his or her weight to it, then says that
number. The numbers that each person says are summed and that's the total sum.

~~~
sl8r
Won't you possibly get some information about some passengers by doing this,
if you know / can figure out the distribution of the random numbers?

E.g., say that the random numbers are uniformly distributed between -200 and
200. If somebody says a number like 425, then I know they weigh at least 225
pounds. And the probability they weigh more than 225 - k pounds is 1 - k/400.

~~~
skrtskrt
Yes absolutely, but you can just make the range wide enough to wash out the
difference (like -2000 to 2000, summing to zero)

Then you would probably get more information from looking at the person thank
you could from hearing a weight number that could be +/-2000 pounds

~~~
XMPPwocky
You could also do it modulo some number, I think?

Then knowing any individual number (weight + pad) mod n gives zero knowledge
(I think. If all but one party reveal their pads, they can trivially determine
the other's weight so it fails. Believe it to be secure if only 1 party is
malicious, though. Cases for other numbers of bad actors are more
complicated...)

------
Cyberdog
My eyes are glossing over trying to understand the equations in this article,
but isn't the solution as easy as comparing a cryptographic hash of Alice's
wealth with a cryptographic hash of Bob's wealth for equality?

The fact that Alice could guess Bob's wealth within a certain range, even if
that range is "between $0 and $1 trillion," and then have a finite range to
search for a collision could be mitigated with a sufficiently slow hashing
algorithm and/or an absurd number of iterations.

~~~
baby
"could be mitigated"

This is the issue with your solution, it isn't really mitigated in such
problems because the domain is too small.

~~~
roenxi
Expanding on this observation - mitigating in this manner means the two
parties would have to use absurd amounts of time and computing power to
calculate the initial hashes to communicate. Not very practical in many cases.

