Crypto-Battleships or How to play Battleships game over the Blockchain?

07/21/2018 ∙ by Guy Barshap, et al. ∙ Ben-Gurion University of the Negev 0

Battleships is a well known traditional board game for two players which dates from World War I. Though, the game has several digital version implementations, they are affected by similar major drawbacks such as fairness and a trust model that relies on third party. In this paper, we demonstrate how to implement a fair, resistant to denial-of-service, where the honest winner earns the deposit money immediately. The game is built on a permissionless Blockchain that supports Turing complete smart-contract computation.



There are no comments yet.


page 16

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction - Basic Battleships rules

This section describes the basic rules of the classic battleships game, which establishes the basis for our novel contribution. Battleships is a popular traditional board game[9] for two players, where each player is required to hold a board game of cell size. In each board, the players need to place down a fleet of 5 battleships, where each battleship has different sizes and occupies consecutive cells in the board. Each cell can either be a battleship’s part or an empty cell. This classic game has the following stages:

  1. Placing the Battleships. To commence the game, each player needs to secretly arrange their fleets. The battleships can be placed in horizontal or vertical arrangement with each player possessing a predefined equal amount and types of battleships.

    In this phase, each player also creates another board with the same size in order to record the torpedoes shot into the opponent’s fleet, as well as their status (hit or miss).

  2. Launching Torpedoes in turns. This phase operates in rounds, where the players switch their roles in each round. In a single round, there is one player shooting a torpedo into one of the cells of the opponent’s board and on announcing the exact cell that is being targeted, both players have to record the shot. Then, the opponent announces whether this cell contains a part of his own battleships (i.e the opponent announces whether it is a hit or miss shot). In a situation where all parts of the ship have been affected, the owner of that ship must announce ”This ship was sunk”.

  3. Termination of the game. In the eventual outcome that a fleet of one of the players is sunk (i.e all the battleships are sunk), the game ends and the opponent will be announced as the winner. Pedantic players at this stage will perform comparison of their own records against the private opponent’s board arrangement to obtain some 222This will not give them a full guarantee, since a malicious opponent could perform Dynamically changing battleship’s location attack. We describe that attack in Section 3.1 guarantee that they have not been cheated.

1 2 3 4 5 6 7 8 9 10









Table 1: A typical Battleships board game of cell size and 5 battleships of sizes: , , …, .

2 Why play battleships over the Blockchain?

2.1 Limitation of the Battleships’ centrelized variant

A typical battleships game is normally hosted on a third party centralized server, however, this approach suffers from the following limitations.

Trusting the server. In a centralized server scenario, the players must rely on the information coming from the server, since it acts as a mediator, unlike the case of dishonest server, which may be problematic due to erroneous information. Furthermore, when money is involved in the games, a server may decide whether or not to transfer money to the player who wins the game. In addition, a potential hacker may have the opportunity to exploit such loopholes to manipulate the performance of the server, which inherently influences the outcome of the game.

Game suspected to a Denial of Service attack (DoS). At any point in the game, a player who is not satisfied with the score of the game (or for any other reason), has the privilege to launch a denial of service campaign on the server. This is possible, since the server has a single point of failure and there are several low cost service providers for DDoS [6]. An example of DDoS attack that occurred in the wild, can be found in [4].

2.2 Playing the game over a Blockchain

A Blockchain architecture that allows arbitrary computation (i.e. Smart contract [11]) offers several advantages over a centralized variant, and can mitigate the mentioned flaws from Section 2.1.

2.2.1 Blockchain benefits

In this section, we describe the benefits of executing the game over a Blockchain instead of using centralized server.

Decentralization. A Blockchain that allows Turing-complete computation executes commands across multiple machines, which are called nodes. This architecture enables a trust-less computation and validation over blockchain nodes. This property is in contrast to the case of executing the game on a single server, which makes the Blockchain resilient to denial-of-service attacks. Hence, to ”shut down” the computation mechanism, an attacker needs to attack several highly maintained servers across the Internet instead of just a few.

”The code is the law” paradigm. Once a smart-contract is uploaded into the blockchain, it cannot be changed333This claim is not guaranteed, for example in the cases of fork that may arise spontaneously, or with an occurrence of attack, which is rare on a popular Blockchains such as Bitcoin and Ethereum.. Thus, in a situation where the game is developed with fair rules that can be audited (since the bytecodes are publicly available once uploaded), it becomes infeasible for some entity to interfere and change the rules during an instance of a game.

Participating in the game cannot be prevented from anyone. In addition to the above benefits, playing on a permissionless Blockchain cannot be censored by a single authority, since every player can create a wallet on their own.

Instant payment. The smart contract code has the ability to transfer money based on certain predetermined programmed rules. Whenever such rules occur, money transfer to a player’s wallet cannot be prevented. In our Battleships game, the winner immediately receives the deposit money of both players (in Ether).

3 How to enforce fair play?

3.1 Survey of possible attacks

Building a game over a Blockchain can be mistakenly interpreted to be resilient to cyber attacks. However, such statement tends to be invalid, because a naive implementation would suffer from the following attacks.

Keeping secrets. Since the Blockchain maintains a public ledger, putting secret values will expose it to potential cheats, in which an adversary can scan the Blockchain and launch torpedoes on the public locations of his adversary. This is a well known vulnerability that occurs in Blockchain’s architecture, more details on this vulnerability can be found in [5].

Dynamically changing battleships’ location. In this attack, the attacker may change the location of the ships dynamically, in his own favor, without updating the other player. Thus, in a condition where there is no enforcement on the location after the first stage of placing the Battleships, an attacker can attain a major advantage in the game.

Inappropriate placement of the battleships. Using this attack, an attacker can place only a subset of the battleships or the entire battleships such that its parts are neither consecutive or nor forming the correct shape of the ship.

Implementation’s vulnerabilities. As for any other software, every game could have vulnerabilities and this is specifically more prominent in the logic game executed over blockhcain. A comprehensive survey and taxonomy can be found in [5].

3.2 Design concepts

Herein we describe the design requirements that will mitigate the above attacks.

Security requirements.

  1. A player that picks a board layout have to commit the board at the beginning of the game, which must not be changed before the game finishes (i.e. a cheater cannot change the location of the battleships without being caught);

  2. The above commitment, must not expose any value of the location of the battleships (i.e the locations of the battleships must remain private).

  3. The type and size of battleships of the players must obey predefined set of rules (i.e. there must be battleships of sizes , etc.).

  4. In each turn, the players need to provide a proof of not cheating about the exact value of the previous torpedo shot toward them, whether it was a Hit or a Miss.

  5. Whenever a player makes claim for a victory, he must provide proof that he was not cheated with regard to the location of the battleships.

  6. The game should have a penalty mechanism for a malicious user who is not taking any action at a particular period of time. (i.e the game must prevent the user from freezing the deposit of money in the smart contract due to not continuing the game).

Architecture requirements.

  1. The smart contract code of each move should be as light as possible. This requirement is crucial to minimize the finance costs, as well as to provide good user experience.

  2. The code should be audited by independent researchers in order to lower the number of implementation’s bugs.

3.3 Game design overview

This section provides a brief overview of the game design, according to different phases of the game.

3.3.1 Registration Phase

Two different parties are required to register at the beginning of the game, where both parties make a joint decision on the amount of money to commit to the game. The deposited money is considered a major factor which enforces the players to play by the rules, because any attempt to cheat in the game will result in a punishment of giving the deposited money to the opponent.

3.3.2 Placing the battleships

The players will then choose where to place their battleships on the board using the game user interface (UI). Afterward, a player who is satisfied with the layout of his own fleet, must upload the computed root of the merkle-tree to the smart contract of the game (in a specified period of time).

Merkle tree of the board. A merkle tree (MT)[7] is a cryptographic structure that allows for efficient and secure verification of content. This structure helps to verify the consistency and content of the data. The structure is a binary tree, where every leaf node is labeled with the hash of a data block that it represents and every non-leaf node is labeled with the cryptographic hash of the labels of its child nodes. The topmost node is called the root (similar to a regular binary tree).

In our design, every leaf node is labeled with a data block in the form of , where denotes whether there exist a ship with size in the respective cell, or not (i.e ), and is a sufficient444Common length of can be at least 128 bit, to make it hard to guess the value of the cell by performing Brute-force guessing. large random value, where the excess number of leafs equals to 0 (those leafs completes the tree to a full binary tree with cells). An illustration of concrete merkle-tree of a simplified board can be seen in Figure 1.

1 2 A X B X












Figure 1: Simplified Battleships’ board game with only one battleship of size two, and the corresponding merkle-tree structure of that board.

Broadcasting the MT-root will enforce the player to commit the chosen board and force him not to change it later on, since a cryptographic hash function is a one-way function, which is resilient to second-preimage attack555 The property of second-preimage resistance claims that it is computationally infeasible to find any second input which has the same output as that of a specified input. Furthermore, when broadcasting this root into the blockhcain, no single value from the underneath values will be revealed, due to the use of random concatenation of each value.

3.3.3 Launching Torpedoes

In each turn666Not include the first move., a player that wants to launch a torpedo, must broadcast the underneath value of the previous opponent’s shot, along with a proof that it is the real value.

The proof is delivered by a MT-path from the MT-root till the targeted cell number of the previous opponent moves and this path will be verified on the blockchain smart-contract. Only in a situation where the path is valid (i.e. the leaf value fits with the root of the merkle tree uploaded in the first phase), will the player be permitted to perform the next move. Furthermore, we also enforce time constraint to perform valid moves, in order to avoid a denial of service attack at a particular instance of game.

3.3.4 Final game verification

Finally, the smart contract will enforce the candidate winner, which is the player that achieves a correct guess of the entire fleet of the opponent, to reveal his own battleships’ locations. Such rule is necessary to mitigate the Inappropriate placement of battleships attack.

In case the player refuses to provide a valid MT-paths, he will be tagged as a cheater, and the punishment is that the other player will be announced as the winner, and thus receive the deposited money.

3.4 Software architecture of the game

We describe the software architecture of our proposed game design in this section in order to offer a comprehensive overview of the game. The design of the game relies on the 3-tiers architecture [10], which is very similar to a typical decentralized application (dapps). An illustration of these layers is depicted in Figure 2.

  1. Presentation layer - This layer is responsible for the UI, which includes the following components:

    • HTML and JScript code that manages the UI of the game. It also includes client side code which ensures game play follow the specified protocol 777This feature is not taken into account in the security analysis, since it is not prevented from malicious attacker who can change the code, and bypass the mechanisms.

    • Web3.js [2] is the layer that connects the HTML client code to interact with the game’s smart contract.

    • Metamask wallet[3] enables the users to commit transaction to the blockchain.

  2. Logic layer - This layer is responsible for enforcement of the game rules and it is placed in the smart contract code. The layer includes the following components:

    • Verification of the boards’ MT-path which relies on the solidity library called merkle-tree-solidity [1].

    • Authentication and authorization of the players that participate in the game.

    • Verification of the game rules and validity of transmitted data.

  3. Data layer -This layer is responsible for storing the data that is transferred to the blockchain and includes the following values:

    • The MT-root of the board.

    • The revealed value of cells in the board introduced by previous moves.

Presentation layer - HTML and JScript code

Logic layer- Battleships smart contract

Data layer - Stored on the blockchain



Board Committed values
Figure 2: Overview of the architecture’s scheme

3.5 Security analysis

We give a brief security analysis by considering a semi-honest attacker whose computational resources are polynomial bounded. We defer the formal proofs to a full version of this article that will be published in a Journal.

3.5.1 Security

This game inherits the basic security mechanism of blockchain which includes:

  • Authentication of the players during the game will be performed via private key which controls their wallet.

  • Authorization of performing moves in turns by restricting moves to current player’s turn, using smart-contract restrictions.

We now proceed to analysis of countermeasures to the types of cheats that were introduced in Section 3.1.

Types of cheats. As discussed previously, any kind of cheat will be punished immediately, by enforcing the rules in the smart contract code. Table 2 describes cases of potential cheats and how the architecture monitors such cheats in the smart contract.

Type of cheat Countermeasure mechanism
Unresponsive player Each turn is time bounded888A common practice in blockchain is to translate the height of the blockchain to time units, as each block is added in roughly fixed time. Furthermore, to prevent an attacker to perform DDoS of the period of time that the other user makes a move, a full block can be not counted in the number of blocks that needs to be counted..
Dynamically changing ships The board is committed via MT-root which stays permanent during a game instance. Any attempt to change the location will produce a fake proof, that the smart contract identifies.

Inappropriate placement
The winner is forced to reveal his fleet before he receives the payment. In case the amount or layout of the battleships does not follow the rules, the player will be punished.

Table 2: Types of cheats and the corresponding countermeasure mechanisms programmed into the smart contract code.

3.5.2 Privacy

The main privacy issue is how to hide the locations of players’ battleships. Since the entire data in the transactions and smart contracts’ fields are public, it must be ensured that they have not exposed parts of battleships locations which are yet to be made public. To that end, we examine the messages in each round of the game.

  1. Commitment phase - hash function is a one-way function by definition (i.e. given an hash output, it is hard to compute the corresponding input). Thus, an attacker that wants to match boards of size with the root hash value will have to generate the entire board cells and then compute its MT. Since, we concatenate to each block data, a random number with a sufficiently large length, the whole computation complexity is approximately , where we denote as the length of value in bits and in this experiment we use bits. Hence, the locations of the boards remain private against a computationally bounded adversary.

  2. Launching torpedoes phase - in every turn, a player must reveal his targeted board’s cell that was threatened by the previous turn. To this end, he broadcast a MT-path from the MT-root till that cell. It is easy to see that the publicly path does not reveal any other intermediate values, which in order to guess them, the attacker needs to generate values, as cryptographic hash function is a one-way function.

  3. Termination phase - the purpose of this phase is to reveal the candidate’s fleet location. Thus, we do not consider any privacy issues in this phase, since the locations are not kept secret at the end of the game.

3.6 Computational analysis

This section is concerned with the communication and computational analyses, which is important to understand the complexity of executing the game, since the computational cost of the game (in Ethereum gas units) is proportional to the number of operations and the data transmitted to the blockchain. However, we defer the in-depth details of these analyses to the full publication of this article, while we provide here only theoretical analysis.

Let us denote , , as the length in bits of the hash function’s output, the amount of the cells in the Battleships’ board, and the amount of battleships in the game, respectively.

Communication analysis.

  • Commitment phase -both players transmit bytes of the MT-root.

  • Torpedo launching phase - red in each round, the current player transmits MT-path of size and a cell number of size bits.

Computational analysis.

It is easy to see that the major costly operations derive from the MT proof checking and the termination phase. Thus, the former computation is bounded by , where denotes the cost of executing MT-proof, and the latter computation is bounded by the number of battleships. This is due to the fact that once the valid battleships cells have been received, we only need to check that they are tied to each other.

4 Future advance mechanisms

In this section, we present ideas that describe how to extend our proposed game, to include more sophisticated game features and advance game management mechanisms. We also defer the comprehensive description of those features to the full publication version of this article.

4.0.1 Game variations

  • Multi-player case. A trivial extension is to simply increase the game to -multi-player game, where in each turn a player will have the privilege to choose the specific board to launch a torpedo toward.

  • Additional assets. In this case, several additional features will be included such as mines, fishes, etc. Players can purchase assets and obtain more rewards for the players. For example, an event of discovering a mine will immediately release a fixed amount of money to the adversary. These assets can easily be an ERC tokens (both ERC-20 or ERC-721 types).

4.0.2 Game management

  • Minimize the cost of moves. Since each move involves executing transaction on the blockchain, it is desirable to minimize the number of operations to reduce the costs of playing the game. One possible way is to decrease the number of data that is pushed to the main blockchain, by using plasma chains [8]. The latter approach will also increase user usability, since every move will not enforce metamask transaction pop-box.

  • Enforcing the locations of battleships in advance. To enforce that the players’ boards is containing exactly (predefined constant) cells of battleships and that each battleships parts are in a consecutive manner, we can use zero-knowledge proofs. This approach however may increase the communication complexity overhead, which inherently increases the cost of playing the game.

  • Catching cheaters in advance. In our proposed mechanism, despite devising a means for discovering a cheater who tries to change the battleships’ locations or sizes and also preventing any form of money theft from the other player at the end of the game, the cheater could still manage to waste the time of the player and postpone the immediate discovery of cheating until the end of the game.

    This phenomena occurs since the committed MT-root does not provide a proof of arrangement of the battleships, because the validation of the arrangement only occurs at the end of the game, by the smart contract code. A solution to this problem is to use the zero-knowledge schemes.

    In contrast to this, we can transform this ”bug” into a feature by adding a nice ”Poker” mechanism feature to the game which allows the players the ability to bluff each other. As such, a player can choose whether he cheats in advance or not, in the first phase of the game. At any point in time in the game, a player can then guess whether the other player had bluffed him or not. In case the ”cheat” is confirmed, then the player will receive an amount that is inversely proportional to the number of rounds of game already played.

  • Blacklist of cheaters. After detecting cheats in the game, it is possible to take actions against the users that were involved in cheating. Such actions to those cheaters can be ban them from participating. However, this feature is in conflict with our requirement to non-censorship game.

    5 Conclusion

    In this article, we proposed the first decentralized Battleships game, which is composed of various cryptographic components to enforce fairness, keep battleships’ location secret and protect honest players from malicious cheaters. Furthermore, playing battleships over the blockchain provides major benefits such as making the game DDoS resistant, where the money is transferred immediately to the winner, or to the opponent in case cheating is discovered. The logic of the game is developed using solidity language and deploy over the Ethereum blockchain as a smart contract.

    6 Acknowledgment

    I would like to thank Viki for giving the opportunity to work on this problem. I also want to thank Oded Leiba for the valuable technical discussions, Christiaan Verhoef and Bert Bosman from Amsterdam who showed enthusiasm which encouraged me to refine this game, Polina Zilberman for helping me with proofreading and last but not least, my supervisor Dr. Rami Puzis from the BGU university.

5 Conclusion

In this article, we proposed the first decentralized Battleships game, which is composed of various cryptographic components to enforce fairness, keep battleships’ location secret and protect honest players from malicious cheaters. Furthermore, playing battleships over the blockchain provides major benefits such as making the game DDoS resistant, where the money is transferred immediately to the winner, or to the opponent in case cheating is discovered. The logic of the game is developed using solidity language and deploy over the Ethereum blockchain as a smart contract.

6 Acknowledgment

I would like to thank Viki for giving the opportunity to work on this problem. I also want to thank Oded Leiba for the valuable technical discussions, Christiaan Verhoef and Bert Bosman from Amsterdam who showed enthusiasm which encouraged me to refine this game, Polina Zilberman for helping me with proofreading and last but not least, my supervisor Dr. Rami Puzis from the BGU university.

6 Acknowledgment

I would like to thank Viki for giving the opportunity to work on this problem. I also want to thank Oded Leiba for the valuable technical discussions, Christiaan Verhoef and Bert Bosman from Amsterdam who showed enthusiasm which encouraged me to refine this game, Polina Zilberman for helping me with proofreading and last but not least, my supervisor Dr. Rami Puzis from the BGU university.


Appendix A Appendix

Figure 3: A screenshot from the current UI implementation.