Bitcoin Forum

Dear Bitcoin Community

I would like to introduce www.diceeno.com (http://www.diceeno.com) our brand new Bitcoin Casino.

The main features of diceeno are:

• Play instant with zero confirmations
• No account needed
• No transactionfees on bets
• No blockchain spaming
• Over 98% break even odds

We currently offer a dice game where you can choose your win chance and bet size self. This allows you to play with a bunch of
different  strategies, varying your win chance and the bet size.  The win multiplyer depends on the win chance and can reach up to 98500x your bet.

More games are following....

I wish you a good time on www.diceeno.com (http://www.diceeno.com)

JBaum

Not provably fair.

The game wouldn't show me much until I put in an address, so I pasted the first address I found on blockchain.info and got an error page:

http://www.diceeno.com/accounts/B6jmaOODZbc1BixaebpjiPcvoAR97-W6tA0BIeoNFEE just says:

Thanks for reminding me to do debug before launching my stuff. (I am launching sth soon)

Due we faced much more traffic than we expected, the server crashed. A hardware upgrade is on its way.

The user gets a log with all his transactions. The statistic will prove that it is fair.

look great.

Why not just make it provably fair?

+1

Well we have discussed the provably fair topic for a long time, during the development process. And we concluded that the only real proof is to make statistics with the transactions log. Everybody who knows statistic will very quick recognize if something is not fair on the casino.

As we don't have a payment for every bet we can't use hashes from transactions to generate random numbers.

We studied the „provably fair“ solutions on the Internet which came without such a transaction hash. Normally there are some hashes generated on the server and some on the client. Those calculate in a known algorithm and a huge documentation of all calculations give some feeling of proof.

Everybody who tried to generate a random number with a mathematical formula knows the challenge. In fact it is not possible. To generate a random number you need the most unpredictable event as possible what contradicts with the philosophy of math to predict everything. So we normally trigger physical events like the memory or CPU usage to make the random number less predictable.

To get the most unpredictable random number for diceeno.com we have implemented a hardware application which measures the noise on a Diode junction. With that we initialize our random generator. This gives us a very realistic distribution of random numbers. The prove of that lies in making statistics.

We won't give the feeling of a proved security because this just does not exists. The only proof that a casino is fair lies in the played games. And we hope that the users make their statistics while playing and check the fairness of every casino they use and don't just believe in some white papers distributed by the casino owner never certified by a third instance.

Oh god, another casino operator thinks provably fairness is pointless again. Seriously.

Statistics can be faked. How do I know the house isn't making up fake bets where they always win, just so it appears it's fair? It is impossible to prove that a casino is fair via statistical analysis unless you play hundreds of thousands of games yourself. Statistics are not a plausible way to verify fairness.

Also, widely used hashing algorithms are not an "unknown algorithm". hashes are the core of bitcoin. They're how the blockchain works. They're how mining works. Without hashes, there would be no mining. Hashing systems aren't magic, they are pretty much used everywhere.

"Provably Fairness for Dummies"

1. casino generates a random string, called the 'secret'. Use whatever random system you're using now.
2. hash("sha256", $secret). Show it to the player.
3. player provides their own secret, via txid, or normal input. Generate player's secret by collecting mouse movement. Let player specify their own secret.
4. output = hash("sha256", $casinoSecret . $playerSecret)

You don't need TXIDs for provably fair verification! TXIDs are commonly used as a secret, but it's an option.

Process output how you wish depending on what your game is. As long as you publish how you generate it, it doesn't matter which way you do it, because as long as any party and verify the result it's OK. Like I can say "0 is heads, 1 is tails" or "1 is heads, 0 is tails", or even "if fourth bit is 1 and second bit is 0 then it's heads", as long as anyone can verify it then it's provably fair. Provably. Sure the casino can have 1% breakeven odds, but everyone will be able to see AND VERIFY that before playing.

Provably fair casinos when done right cannot cheat without being caught.

The only logical conclusion for sidestepping provable fairness on a dice game is that you are trying to cheat, or you are too stupid to implement a hash function. Statistics cannot feasibly prove you are not cheating.

Apologies for the rant, but I have never seen more concentrated "studying" ignorance or shenanigans.  

By the way, learn about double spending, before someone runs off with your entire wallet. I bet you haven't modified bitcoin.conf to prevent trivial double spending attacks. There's a reason why the biggest bitcoin gambling game now pretty much requires 1 confirms, and it is for a good reason - because you'd be losing money otherwise when you get large enough.

You have a nice underlying idea. But I wouldn't feel safe gambling with you if you were not provably fair. To be fair, I don't even understand how the provably fair thing works, and I don't use it. But it being there just makes me feel more comfortable  ;D

Don't be too harsh on the poor guy either :) I'm sure his diceeno will turn out just great!

Yes and this is good so. But does not have much to do with the distribution of its random numbers.



Of course you are underlining the advantages of "provably fairness" as you self advert for such a casino. But the problem lies in the $playerSecret. A hash calculated on the clients computer does not provide as much proof as you tell. It can be manipulated too. To exclude that you have to make statistics too what needs the same amount like every statistical proof else. As long as such a "provably fairness" isn't certified by a trusted 3rd party it's not so "provable" as it seems for an customer.

If the hash $playerSecret comes from a 3rd party like the bitcoin network it is a legit process to use this to make a gambling service provably fair. But as long as the $playersecret is generated by some shady javascript on the casino website the "provably fair" is not as proved as you say.

Yes we could implement a "provably fair" algorithm, but it only would suggest the user a security he can't have. So we decided that the user should decide on realistic parameter if he wants to trust us or not.

The user should always be aware to get cheated on the internet. And we don't want to lull our customers into a false sense of security with algorithms which only look good.  

Thank you for your concern.

This is why we only pay out if we have three confirmations. But you can play with zero.

Yeah, I bet it does.



Because he does not understand what that means.

OP: Close this and see here (https://bitcointalk.org/index.php?topic=124441.0) instead. You are not mentally prepared to be doing this yet. "Statistic" my foot.

Why is everbody using Twitter Bootstrap?

It is very handy.

Because "everybody" has decided "coding skills" are enough to start a Bitcoin "business", and twitter bootstrap has the nice advantage that it removes any need for coding skills from making a website.

So therefore infinite power.

I've just checked out Diceeno.com.
I have played 13 rounds with 0.2 BTC at the end I cashed out 0.5.  :D
It's fast and easy.

Seriously? No, you cannot show results for 0 confirm bets because I can doublespend if I lose, and not doublespend if I win.

Now read more about Bitcoin.

But everyone can see their JavaScript code. I can modify the code so I pick my own secret. bitZino let's you do that with a user interface.

Do many people do this?

Not much people is going to bother attack an unknown site, but expect a wallet full of double spent inputs if it gets popular (and it won't).

They don't need to.  There's a bot that does it automatically for them.  :)

None of this has to do with the distribution of random numbers.  If you want to use a skewed RNG that will just help your players.


I suspect it's the other way around; he advertises bitZino (http://bitzino.com/) because he likes how they do things.


It sounds like you don't understand the procedure.  There's no hashing done on the client's computer.  The client provides a seed having seen the hash of the server seed.  The server then hashes the client and server secrets together to produce the final shuffle seed.  You allow the player to pick their own seed after telling them the hash of the server seed; that way they can be sure you're not cheating them.  Most players won't want to set the seed each hand, so the client computer provides a seed for them, but you allow them to edit it at will.


You can't prove it's fair using statistics.  All your players could be losing, and house insiders could be 'winning' to balance the statistics.  Also it sounds like you're keeping the bets off the blockchain, so statistics won't be verifiable by others; we'll have to trust that your published statistics are true.


I don't need bitZino to have a trusted 3rd party audit their code to be sure they're not cheating me, unless you count mathematics as a trusted 3rd party.  The whole point of "provable fairness" is that you don't need to trust anything other than the laws of mathematics.


If the player secret doesn't come from the player then it's not really a player secret; that's true.


For players who care, provable fairness gives them certainly that they're not being cheated.
For players who don't, provable fairness gives them a warm fuzzy feeling.

When a site refuses to offer provable fairness when almost all of their competitors do offer it, it puts me off playing there.  What reason could they have for not wanting to be demonstrably fair?


And they will...


OK.  So give them real security with algorithms that actually are good.

Did you faced too much traffic again?  I still get just "Server Error (500)" when I put in a bitcoin address on the first page.

I think the server must be up, because it serves the front page, and also says "Address not an valid bitcoin address" when I type garbage at it.

I like Dooglus, he's so understated. I dunno how you people do it, I swear.

Yes, it is very handy but all those bootstrap sites look the same. Maybe you could tweak your design a little to make it a bit more unique.