Okay, so I can see in the HTTP requests that you send a new proper-random clientseed every bet now. But there are still some things missing. I guess some of that I should have previously mentioned and emphasized (although RHavar did mention some of it in a
reply.) Anyway.. it might be best if I just describe what I think would be the
best provably fair system for a MP app. Probably more MP apps could use this
This might get a bit long..
Note that almost all provably fair implementations, even on biggest non-MP sites like Primedice, could be improved in my personal opinion. So I don't think it's easy to get
all the details right, but still fundamentally there are things missing now on BB. Obviously some of these things take more time than the "1 minute fix" that I mentioned
But still I think it's worth it to take some time to fix it properly.
The thing I like about MP (with regards to provably fair), is that it allows app/sites to "protect" their players against MP. Because in the end, only MP can cheat the players if the provably fair mechanism is bad. But if you as a MP app actively verify all bets, it gives the provably fair mechanism an
advantage compared to non-MP sites. Because if you do that, it would need some serious scammy colluding between MP and app owner to cheat the players. However, this only works if the implementation is good.
Provably Fair on a MP app1. Initial site loading - get serverseedIf player is 100% new, generate new serverseed hash. If played before, get the same "next serverseed hash" as before.
The last part is important (saving the serverseed hash), because otherwise MP could "refuse" a winning bet by faking a bad connection. If a player would F5 after that "bad connection on bet" and get a new hash, MP would have prevented losing a bet. So it's important to get the same hash. In theory the player cannot trust your site either (potentially you are colluding with MP), so ideally this will be saved locally (localStorage seems ideal).
I can see the hash in the "getInitSettings" request and also that the same hash is saved server-side. Ideally you can still improve this to save it locally too and for example verify the hash with the one you get by getInitSettings (if wrong: probably check if that local hash was already used? then show error if really wrong.)2. Initial site loading - get clientseedCheck localStorage if there was a previous generated clientseed, if yes, use that. If no, generate a new one in browser with
proper random generator (not Math.random.)
The first part is for the same reason as "saving serverseed hash". Imagine if a player makes a big bet that would win, but MP fakes a bad connection. Your player will probably get an error "try again later" or something. Player F5-es, you generate new clientseed and he bets again. Bet succeeded and was a loss with this second clientseed. No one will ever noticed that the player was cheated, but in reality MP would have gotten a free re-try of that losing bet. From a player-perspective, they cannot trust you either (since you could also fake a bad connection.) That's why the clientseed should be saved locally like localStorage.
You generate the clientseed properly now with a cryptographically secure RNG, but don't save it.3. Show the serverseed hash + clientseedThe app should show the serverseed hash + clientseed, so that a player can write it down.
Showing this hash and clientseed is crucial, because the player needs to verify the serverseed didn't change. If you only get the hash
after the bet, it has
no value.. because the site could just give u any losing seed+hash (that "verifies".) So basically, getting the serverseed hash
before each bet is a crucial part of the provably fair mechanism. Obviously the player must see the clientseed too, even though you generate it fairly in the browser, because not everyone can check their HTTP requests and JS vars.
Ideally this will be a small "Provably fair" box on the site - potentially one that can be shown/hidden. Small detail: I think it's important for "per roll" implementations (like MP app) to ensure that no HTTP request was made when someone clicks on the "Provably fair" tab/box too (because it notifies the site when the player is actively checking their rolls.) Besides that you should already have the serverseed hash and clientseed, so no need to make a HTTP request.
Currently I cannot see where you show the serverseed hash + clientseed, you really must show this. That being said, for nerds like me, I can figure it out in the HTTP request and JS vars for the initial bet. But not everyone is a nerd like me.4. Allow player to change their clientseedOkay, so now you generate the clientseed in a fair/secure way in the browser.
In theory the player doesn't have to change their clientseed. That being said, not everyone has the technical knowledge to verify that the clientseed was indeed really generated in the browser. Potentially the clientseed was generated by "the gambling site" (in this case MP+BB) and since "the gambling site" also know the serverseed, they could make any outcome they want based on previous plays if they generate both seeds.
Again, I know this is technically incorrect.. because you generate that clientseed 100% fair. But for non-technical people who still want to
fully ensure that their bets were made 100% fair, allowing them to change the clientseed is an easy way to ensure this. This adjusted clientseed will be only used for the next bet (and also saved locally like #2.)
You should still allow the player to change their clientseed even when you generate a new clientseed every roll.5. Player makes bet (sends bet details + clientseed) - gets result/seeds/secret + next serverseed hashOkay, we made it.. time to make a bet. So the HTTP request to make a bet includes the clientseed since MP needs this to make the bet too. The HTTP response will have the bet result (roll/win/loss/profit/..?) But it should also include: the used serverseed (which is secret + salt) and the next serverseed hash.
The used serverseed is useful, because then you have all the components to calculate/verify the roll result in the browser. We will come back on this later at #7. Ideally you could show the previous secret, salt, hash, clientseed in that "Provably fair" box of #3 too, although they can be accessed through the bet detail popup too.
The next serverseed hash is also crucial. Like mentioned in the previous points, the player needs this hash
before each bet to ensure the bets were made fair and the serverseed didn't change. So after this first bet, you will again need to show the serverseed hash for the next bet so the player can write this down and afterwards verify the hash didn't change. So this next serverseed hash should be shown.
Currently you do not return and show any of this information. Even nerds like me, cannot get the next serverseed hash after the first bet unless I click bet details of previous bet.6. Generate new clientseedAfter the bet and after we got the next serverseed hash, we generate a new random clientseed in the browser.
You changed this in your last fix so this is good now. Although it must be still saved and shown like previous points.7. Verify the bet in browserLike I said, the advantage of the MP provably fair mechanism is that you, as gambling site, can actively protect the player from MP cheating. To do this, you would need to automatically verify the bet after each bet was made. Since you have all the seeds/hash/profit, you can: 1) check hash 2) calculate outcome/roll and verify if same 3) verify if profit/loss is correct. This should be all done in the browser. Give error if not fully verified.
Note that most gambling sites do not do this. Verifying is all about not having to trust the gambling site and checking if they calculated the results fair. But if you use a site to verify, you are trusting that specific site to properly verify it. So in theory, if the gambling site cheats the player, their own verifier will probably say it was all fair too. That's why I think third-party verifiers are much better and basically on-site verifiers doesn't make much sense ... for non-MP sites.
However, for MP sites, it makes perfect sense. Because in this case, the MP app is the third-party verifier since it is checking the results coming from MP. This way you can actively protect the players against potential MP cheating. So from a provably fair perspective I see this as an advantage of MP (apps) compared to non-MP apps. Obviously this advantage is only used if you actually do this.
Ideally you will verify each bet in the browser.8. Make it easy for players to verify the bets on a third-party verifierThere is this great site called dicesites.com that has verifiers for a lot of sites and allows URL parameters (seeds,hashes,etc) to easily verify bets with
a single click. This makes it easier for players to verify their bets on a third-party.
You guys do this 000. Small thingsSome smaller things: you should just delete the "
Client Seed Sequence" reference now, it's only confusing and never used.
Sometimes you show a negative value at "Server Secret" when the results gets over 2^32-1 (SQL INT limit?) This causes the "result" verification to be correct but the "hash" not. Example:
MP says secret is 3,990,879,637. You say that secret is -304,087,659 for that bet. With clientseed 335,767,772... the outcome will be both 31,680,113 because (3990879637+335767772)%2^32 = (-304087659+335767772)%2^32 - but the hash will be different.
Verifier linked from your site.
TL;DR: you should show the locally-saved serverseed hash (that you must get after each bet too) + adjustable locally-saved clientseed to the player and ideally verify each bet in browser after bet was made. Damn, didn't realize I could summarize this in a single line of text rather than this book