CHITS

©1995 by Sean Emerson

Many wargames require players to pull option counters from a pool of
face-down counters.  These counters are often then secretly held or
released simultaneously.  This presents two difficulties to play-by-mail. 
The first is obviously ensuring secrecy and honesty in the draw, and the
second is ensuring that players don't draw the same chit, which would be
impossible in front to front play.  This program provides a means of
resolving these difficulties.

When the chits program is first started up, the player is offered a chance
to either start a new chit file or to load an old one.  The player should
select "new."  The player will then be asked how many chits are in the
pool.  There may be up to one hundred chits in the pool, but the player may
lower this number if required.  If your chits are not somply numbers, you
and your opponent should agree beforehand which chit each number
represents.

Then the player will be asked for a password.  Once a password is entered,
the player will be required to save the file and send it to his opponent so
that the other player's password may be entered.  The chit file should have
an extension of ".CHT" so the file requester can see it by default.

The second player will start the program, and this time when offered the
chance to start a new file or load an old one, he should load the file
which was started by player 1.  The program will recognize that no password
exists for player 2, and ask for a new password.  Once this is entered, the
program may be used to draw chits

To prevent a person from examining the contents of the undrawn chits, a
chit may ONLY be drawn by asking the opponent to "release" it.  To release
a chit for your opponent to examine, press the button "release chits from
pool."  A requester will ask how many chits you want to release.  The
program will then randomly designate chits from the pool to be examined by
the other player.  The file should then be saved again, and sent to the
other player.

When you start the program and load a file, you will be asked for a
password.  The program will identify you as player 1 or player 2 based on
your password.  The program will then examine the chits to determine if any
of them have been released for your examination.  If so, it will notify you
of the fact.  You will then be told the number of the chit which you have
pulled, and offered three options of what you want to do with it.

If you "keep" the chit, it will be flagged as yours and not be available
for the pool from then on.

If you "replace" the chit, it will be returned to the pool.

If you "release" the chit, your opponent will be able to examine it the
next time he loads this chit file.

Note that the chits you draw are determined at the time the opponent
releases them to you.  Rerunning the program to try to improve your draw
will be pointless.

At some point in the game, you may wish to reveal the chits you are holding
to your opponent.  You may do this by pressing the "release held chits"
button.  A requester will ask you which chit you wish to reveal.  You will
be warned if the chit number you enter is not currently being held by you. 
Once you have done this you must save the file.  The next time your
opponent loads the file, your chit will be revealed to him.

One way of "cheating" the system is if your opponent requests to pull a
chit out of the pool for examination (intelligence to tell what chit you're
NOT holding).  It may occur to some to save a file with a released chit,
and then keep sending the same file on successive attempts, effectively
denying any useful information after the first examination.  The program
will encrypt differently every time it's run, so it's easy to spot this
tactic by examining your files with a hex editor like the one in DirWork to
see if you receive two identical files. If they are identical, and you
picked the same chit, it's a good bet your opponent didn't release a new
chit, but sent you the same file twice.

I won't make the claim that the file encryption can't be broken, but it
would require a dedicated attack on the encryption system.  This is made
more difficult by the fact that a different encryption occurs every time
the program is run.  I'm confident that the file encryption is secure from
casual to moderate attempts to analyze it.  It's not as sophisticated as
PGP, for instance, so my opponents will have to take it on faith that I'm
not reading their mail with a simple decoding algorithm.

This program can also be used for simultaneous exchanges, where neither
player will be able to make a decision about his choice based on what the
other player revealed.  For instance, two players each hold a number of
"tactics" chits, and the game requires them to each select a chit and
reveal them simultaneously.  Here's how this can be done.

Each player will start their own chit file, with the number of chits that
they alone hold.  They save the file, then reload it and provide the player
2 password themselves.  Then as player 2, they authorize the release of all
the available chits to their Player 1 persona.  The file is saved, and then
reloaded using the player 1 password.  As Player 1, they would elect to
"keep" all the chits.  

At this time, both players each hold a file which they have both passwords
for.  Using their Player 1 passwords, they each select a chit to be
revealed to player 2.  They then exchange files --  BUT NOT PASSWORDS! 
Once both players have the other's file, they then exchange the password to
unlock the player 2 side of the file, revealing the selected chits.  In
this way, neither side can change their decision based on what was revealed
by the other player.

Once prepared, the original file may be used repeatedly by changing the
player 2 password.