Alice and Bob need to share some cryptographically-secure random numbers. Alice does not trust Bob, and Bob does not trust Alice. Clearly, if Alice generates some numbers, and hands them to Bob, Bob is skeptical that these numbers are, in fact, random, and suspects that Alice has instead generated numbers that are convenient for her.

One naive method might be for each of them to generate a random number, and to combine those numbers in some way (e.g. xor). Since they must be shared, and someone has to tell what theirs is first, we might add a hashing scheme wherein:

1) Alice and Bob each generate a random number, hash it, and send it the hash to the other (to allow for verification later, without disclosing the original number). 2) When both parties have received the hash, they then share the original number, verify it, xor their two numbers, and confirm the result of the xor with each other.

However, this has a number of problems (which I’m not sure can be fixed by *any* algorithm). Firstly, even if Alice’s numbers are random, if Bob’s are not, it is not clear that the resulting xor will then be random. Secondly, I’m not certain that the hashing scheme described above actually solves the “you tell first” problem.

Is this a viable solution to the “sharing random numbers in non-trust comms” problem? Are there any known solutions to this problem that might work better (faster, more secure, more random, etc)?