1

I'm building a multiplayer game where anyone can add its own server but there is only one central server that contains the database where player information, like experience and gold, are stored. To authenticate as a game server and thus have authorization to give gold to a player, you join a JWT, issued by me, to your requests. However, whoever owning the server could use this token and boost up his own characters. My problem is how can I trust a game server request? To me, except by obfuscating the communication between a game server and the central one, there is not much to be done. But this problem reminds me of cryptocurrencies, would a blockchain help me here? enter image description here

Greg
  • 119
  • 2
  • 2
    In 2017, Karl Wüst (ETH Zürich, Switzerland) and Arthur Gervais (Imperial College London) wrote a paper titled [Do you need a blockchain?](https://eprint.iacr.org/2017/375.pdf) where they analyze what *exactly* a blockchain gives you and *doesn't give you*. They also distinguish between the different types of blockchains. They develop a set of criteria under which conditions it makes sense to use a blockchain (and which type), and distill these criteria down into a simple flowchart. Someone then made http://doyouneedablockchain.com/, an interactive version of that flowchart. – Jörg W Mittag Mar 14 '20 at 13:23
  • Good to see the hype about blockchain is subsiding. – Steve Mar 14 '20 at 14:51
  • 1
    The problem with your design is that you are authorizing servers, not actions/capabilities (→ [confused deputy problem](https://en.wikipedia.org/wiki/Confused_deputy_problem)). [Federation](https://en.wikipedia.org/wiki/Federation_(information_technology)) is difficult when the servers have substantially different trust/governance. It would be better to either keep all the servers under your control, or to ensure that one server's actions don't affect the others. Blockchain *can* help by making state changes auditable, but you could also apply BC techniques like tokens and signatures directly. – amon Mar 14 '20 at 15:23
  • Another (BC-like) way to look at it: where does that credited gold come from? If the gold is a token that can only be created by your central server, and the redeemed by the other servers, the impact of abuse is limited. You don't need a blockchain for that, just non-guessable (truly random) IDs in your DB. Your central server could also apply smart contract-like checks, e.g. that some quest goal has been fulfilled. – amon Mar 14 '20 at 15:28
  • @JörgWMittag Interesting article. From what I've understood, a private permissioned blockchain could work for me. I'll read more about it. – Greg Mar 14 '20 at 16:46
  • @amon Keeping all servers under my control would be the simplest solution but also the most expensive one. Also, people want their own server to be able to change a game configuration. I could make them pay me to host their servers but I think it would create bigger problems. The central server doesn't keep a state of the on-going games happening on the servers. Once a game ends, rewards need to be commited to the central server, and the latter can only trust what's its receiving. – Greg Mar 14 '20 at 16:46

0 Answers0