Hello.
I was wondering about the different ways we can implement provable fairness to different games.
This is truly a great concept, but we have to make sure it can't be exploited by some smart player.
What would be the best way to do so ?
I mean, most of the dice sites use a combination of :
- Some <player secret> variable.
- a hidden and later revealed <server secret> variable. This variable should be changed regularly.
- Maybe a nonce like "Bet ID".
This solution seems pretty safe since no once can predict the result of some bet. The server secret in use is theoretically unknown from players so no one can calculate a bet outcome before it takes place.
What about blocks hashes ?
I remember
http://www.bitmillions.com .. It was a lottery game. There was a draw every time there was a new block.
In this case, the block hash only was used to calculate and pick up the winning numbers.
Now, this site is down for about a year, I'm not sure why and when it went down.
I liked that website. It went down without notice and I never saw any more news about it.
What could possibly have happened ?
As far as I understand the provable fairness concept, they could have been exploited :
Some miner calculates a block but doesn't broadcast it right away. He first plays on bitmillions.com with the winning numbers (since he knows the block hash because he found one).
Then, when his participation is confirmed, he broadcasts the block and boom he gets the 1st prize.
The jackpots were progressive, and the top prize was about 1,400 BTC before it went down.
Maybe this is what happened ? I mean, if a game outcome is based only on the block hash, any miner can do the calculations to determine the outcome and bet accordingly.
Would that be doable ? Is it what happened ?
If yes, what would be the best way to prevent this ? Could we simply add some secret <server hash> that changes every 24h and use it with the block hash in the calculations ?
What would be the best way to implement provable fairness in a game based on the block hashes ?
I really understand how difficult it is to come up with a provably fair algorithm that won't be exploited.
Thanks for your answers.