edicted Blog Banner

edicted

Puzzle Games as CAPTCHAs (Part 2)

kill captcha.jpg

I was thinking more about this topic at work and I realized it wasn't going to be nearly as easy to implement as I thought it would. What would the actual proof-of-brain details be for a puzzle game designed as a CAPTCHA directly on the Steem blockchain?

At first, I imagined a client that anyone could download. This client would contain a game, meant only for humans, where you could potentially farm digital goods and trade them with other players. The digital goods would theoretically be worth something, and this value would bring bots to the game and undermine its economy.

That's where the CAPTCHAs come in. Everything a player does in the game needs to have some kind of proof-of-brain intelligence test behind it. Therefore, the game client would also have a list of hundreds (if not thousands) of different kinds of tests players would need to solve in order to make progress and farm digital goods.

However, I just assumed (without really thinking about it) that players would solve the puzzle and then post proof of that solve directly on the Steem blockchain. Unfortunately, it's not that simple because the Steem blockchain is transparent. If players are posting their answers to the puzzles, a bot could simply scan the blockchain and figure out all the answers to the puzzles that have been solved. This would mean that every CAPTCHA puzzle created would only work once, and after that anyone (any bot) that got a repeat puzzle could figure out the answer without having to solve it.

bang head programming.gif

So this is the problem that I was trying to figure out: How can players prove that they solved the puzzle, directly on the Steem blockchain, but at the same time not give away the answer? Surely, the solve must lie in some kind of blockchain technology. This sounds like a blockchain problem.

At first I was thinking that hashing the solution would work. Take the answer and then say hash it with the Scrypt algorithm (Litecoin uses it). Now the answer is unknown on the blockchain but anyone can verify that the answer is correct. However, this also doesn't work, because the bots will simply sidestep the answer, copy the hash, and pretend they got it right. Boo! Therefore, there needed to be a way to make hashes unique for each solve.

I thought about this for a while and then it hit me like a ton of bricks: just hash the answer as a function of time. This is the foundation for block-based gaming.

matrix bits bytes programming.png

Alright then, so we have a game client, and this client has thousands of puzzle-based CAPTCHAs on it. When a player wants to create a digital asset that has value, she must pass a proof-of-brain CHAPTCHA test. How does the client know which test the player should solve? We can't let the client choose, or the bots will simply choose the puzzles that they already know the answer to. This choice must be provably verifiable to the entire community.

The answer is fused to the previous problem: hashing as a function of time. In block-based gaming it is the blocks that are a measure of time. Therefore, hashing the blocks is the answer. Proof-of-work saves the day.

For example, let's say you planted Wheat on your SteemVille farm and you've waited long enough to collect it. You tell the client you want to collect it, but the client demands you pass a CAPTCHA to do so. The SteemVille community doesn't want counterfeit Wheat being created, so you must prove, on the Steem blockchain, that you have a brain. So, the client uses your posting key and posts something to the Steem blockchain like this:

#game steemville #create 100 wheat

In order for that 100 wheat to be viewed as legitimate to the community, you must then complete a CAPTCHA puzzle. How does the client know which puzzle to give you? It hashes the Steem block of the message you posted. Using those random numbers it picks the correct puzzle (that the entire community can provably verify). Once you've found the answer, instead of posting it directly to the blockchain your client will hash the solution along with the original hash of the Steem block that picked the puzzle in the first place.

It is in this way that bots will not be able to divine the answers to the CAPTCHAS by simply scanning the Steem blockchain for them. By the time a bot could scan the chain and get the answer for a certain puzzle for a certain block, they will no longer be able to post on that block. This means that every game client can provably verify they solved the puzzles without undermining the system by posting the answer.

Decentralized

The interesting thing about all of this is that I want it to be decentralized. Therefore, even as the game creator, my client might not have all the answers to all the CAPTCHAs. The community would be paying CAPTCHA creators to keep bots out. This would create a situation where I would have to either solve all the CAPTCHAs that players were required to complete in order to verify digital goods, or simply trust that the other members of the community were keeping players honest. In a decentralized environment, only the latter is a legitimate option. If I had all the answers a hacker could steal everything from me and undermine the entire community.

BOOM! Solved it! Now I just have to deliver results. The difference between genius and insanity is measured only by success.


Return from Puzzle Games as CAPTCHAs (Part 2) to edicted's Web3 Blog

Puzzle Games as CAPTCHAs (Part 2) was published on and last updated on 25 Aug 2018.