keepinquiet


June 02, 2015, 04:08:56 AM 

Pocketdice claims to be provably fair. And they are  sort of. Ish.
Where I find fault in it is in the fact that unlike cardbased games that have a static deck that is shuffled and then 'cut' or reshuffled by a client seed, pocketdice makes a list of 30 "random" numbers from 16. Those are then shuffled, then clientseed shuffled.
No big deal, right? Totally fair, totally provable.
Except for the fact that your roll tendencies can be tracked. Maybe you ALWAYS go "Higher than 8".
So what if pocketdice's 30 "random numbers" have 9 1's, 7 2's 5 3's, 5 4's, 3 5's and 1 6?
That seriously skews the odds in pocketdice's favor. Which is absolutely not provably fair. Real dice have an equal chance to land on any number. When your array is is [1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 3, 4, 4, 4, 4, 4, 5, 5, 5, 6] you do have a chance to roll higher than 8, but it's pretty slim.
When I started looking at it tonight, the first thing I did was click on a random past bet to see the roll array. It had 7 6's in it. If it's truly fair, in a 30 number array of 16, each number should be represented 5 times.
That being said, as I typed that, I realized something  PD rolls 2 dice. Why the hell is it an array of 30 instead of 12? You don't need that many.
Unless you're skewing the odds.
Ever since 999dice effed me over and I exposed them (to no avail, their profit is supposedly up 1000 BTC since it happened about 23 months ago. Funny. How does a .1% edge site make 1000 BTC in 23 months?) I've been taking a really close look at all the gambling sites I come across.
Just trying to hold everyone to a standard. Not trying to be a dick. If it's an oversight that pocketdice never realized, they will fix it.
If not, well, I sure as hell wouldn't bet there.







No Gods or Kings. Only Bitcoin



Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.

NLNico
Legendary
Offline
Activity: 1722
Merit: 1177
DiceSites.com owner


June 02, 2015, 04:50:22 AM 

Correct, nice found again. To be provably fair it should generate the number sets based on both the server and clientseed^{[1]}. Actually it will be easier to just generate 2 numbers 16. Ideally it will not be "per roll" anyway, but just the "nonce way". There are several problems with "per roll" even in a perfect technical implementation, for example: the player has to write down each seed between each roll and verify per roll (instead of just copying 1 seed for hundreds of rolls.)
Again, I agree that, in theory, currently it is too easy for Pocket Dice to cheat with the current provably fair implementation. The client's seed is not really used to generate the random result. But I can still imagine it is not wrong on purpose  it should be changed though.
Possible better way: Basically any dice site calculates a number between 0100. And it is very easy for them to generate 2 numbers between 0100 from 1 "result hash" (they actually do this already if the result is more than 100.) Then just make 016.6666=1,16.666633.3333=2, ....., 83.3333100=6. So the "normal" provably fair method with "nonce method", used on all popular dice sites, can definitely be implemented here and that would be much better.
Or just take set of 12 numbers and do the FisherYates shuffle with the sha2 of server+clientseed+nonce (and delimiters in between) as Mersenne Twister seed, I guess.
1. And ideally the client seed is not made with Math.random() like it is now.




tspacepilot
Legendary
Offline
Activity: 1456
Merit: 1013
I may write code in exchange for bitcoins.


June 02, 2015, 05:45:24 AM 

When I started looking at it tonight, the first thing I did was click on a random past bet to see the roll array. It had 7 6's in it. If it's truly fair, in a 30 number array of 16, each number should be represented 5 times.
I'm not saying you're wrong about the skewiness of an entire distribution of numbers generated as you describe, however, if I understand you correctly, the line I quote you on above is completely wrong. In a trulyfair array of 30 random numbers 16, the crucial property is that you cannot predict at all how many times each number should be represented. In a single draw of 30 random numbers, if they're truly random, they might be all 1s, you don't know untill you draw. Now, if the numbers are truly random then the longterm expected average distribution should approach an equal distribution of 1,2,3,4,5,6 as you sample size approaches infinity. But it's simply not correct to say that if you draw 30 random numbers from 16 that you can expect to find them equally distributedthat would be a decidely nonrandom distribution.




Coef


June 02, 2015, 06:14:22 AM 

In a trulyfair array of 30 random numbers 16, the crucial property is that you cannot predict at all how many times each number should be represented. In a single draw of 30 random numbers, if they're truly random, they might be all 1s, you don't know untill you draw. Now, if the numbers are truly random then the longterm expected average distribution should approach an equal distribution of 1,2,3,4,5,6 as you sample size approaches infinity. But it's simply not correct to say that if you draw 30 random numbers from 16 that you can expect to find them equally distributedthat would be a decidely nonrandom distribution.
Correct. But the main problem I see here is that the generation process of that 30 numbers is not described clearly. The site may be doing it fairly, or may be not. We simply don't know about that, and so it is not provably fair.




tspacepilot
Legendary
Offline
Activity: 1456
Merit: 1013
I may write code in exchange for bitcoins.


June 02, 2015, 06:17:59 AM 

In a trulyfair array of 30 random numbers 16, the crucial property is that you cannot predict at all how many times each number should be represented. In a single draw of 30 random numbers, if they're truly random, they might be all 1s, you don't know untill you draw. Now, if the numbers are truly random then the longterm expected average distribution should approach an equal distribution of 1,2,3,4,5,6 as you sample size approaches infinity. But it's simply not correct to say that if you draw 30 random numbers from 16 that you can expect to find them equally distributedthat would be a decidely nonrandom distribution.
Correct. But the main problem I see here is that the generation process of that 30 numbers is not described clearly. The site may be doing it fairly, or may be not. We simply don't know about that, and so it is not provably fair. I see (better now), thanks. I wanted to clarify that part of the OP just to make sure I wasn't completely misunderstanding.




keepinquiet


June 02, 2015, 10:45:53 AM 

In a trulyfair array of 30 random numbers 16, the crucial property is that you cannot predict at all how many times each number should be represented. In a single draw of 30 random numbers, if they're truly random, they might be all 1s, you don't know untill you draw. Now, if the numbers are truly random then the longterm expected average distribution should approach an equal distribution of 1,2,3,4,5,6 as you sample size approaches infinity. But it's simply not correct to say that if you draw 30 random numbers from 16 that you can expect to find them equally distributedthat would be a decidely nonrandom distribution.
Correct. But the main problem I see here is that the generation process of that 30 numbers is not described clearly. The site may be doing it fairly, or may be not. We simply don't know about that, and so it is not provably fair. I see (better now), thanks. I wanted to clarify that part of the OP just to make sure I wasn't completely misunderstanding. Yep. WHile you're right, it could be all 1's  since the generation of THOSE numbers is, as they put it, "random" it could be anything, including intentionally skewing the weight of numbers in their favor based on your betting history. Until those numbers are provably fair, the entire system isn't.




adaseb
Legendary
Offline
Activity: 1666
Merit: 1058


June 02, 2015, 12:18:55 PM 

Honestly, its probably next to impossible to prove if its truly fair or not. Some say that if you don't reset your client seed, then your rolls can be altered.




tspacepilot
Legendary
Offline
Activity: 1456
Merit: 1013
I may write code in exchange for bitcoins.


June 02, 2015, 02:45:17 PM 

In a trulyfair array of 30 random numbers 16, the crucial property is that you cannot predict at all how many times each number should be represented. In a single draw of 30 random numbers, if they're truly random, they might be all 1s, you don't know untill you draw. Now, if the numbers are truly random then the longterm expected average distribution should approach an equal distribution of 1,2,3,4,5,6 as you sample size approaches infinity. But it's simply not correct to say that if you draw 30 random numbers from 16 that you can expect to find them equally distributedthat would be a decidely nonrandom distribution.
Correct. But the main problem I see here is that the generation process of that 30 numbers is not described clearly. The site may be doing it fairly, or may be not. We simply don't know about that, and so it is not provably fair. I see (better now), thanks. I wanted to clarify that part of the OP just to make sure I wasn't completely misunderstanding. Yep. WHile you're right, it could be all 1's  since the generation of THOSE numbers is, as they put it, "random" it could be anything, including intentionally skewing the weight of numbers in their favor based on your betting history. Actually, intentially skewing would be a form of nonrandom. I just think it's crucial to get the terms right in these sorts of conversations to avoid confusino Until those numbers are provably fair, the entire system isn't. Yes, I understand the issue now.




XinXan


June 02, 2015, 04:36:29 PM 

Honestly, its probably next to impossible to prove if its truly fair or not. Some say that if you don't reset your client seed, then your rolls can be altered.
That was the case with 999dice when op exposed them aswell, its impossible to prove they are not fair but this should lead to them changing their system, if they dont then you know something its wrong, i used to believe 999dice wasnt a scam, i personally won 2 btc there once but after they changed their system to something that was the same, made me think again about them.

, ╓▄ ▄▓▄ ╓▓█▌ ▀▓▄▄, `` `╜^ `▀▀▀ ▓█████▌w ▄ ╓▓╕ ▓▓ ▓█▄ ╓███ ▐█████████w ``,, "▀▄ ▓██████████▄ Φ ▓M ▀▓ ▀█M ║██ ╘██▀²███ ▓███████████▄ ,, ,╓ ▄▄ ``▄▄╥ ▓███████████▓, "` ╙╜ ╝▀ ▀▓ ▓▓M ▓█▀ └███ ╨████████████▄ ,, ,, ,╓ ╓╖ ╓▄, ▄▄φ ▄▌▄ ╙███████████▄ ` "" ╙╜ ╙╨ ╝▀` ▀▓╜ ▀▓╩ ▓█▓ ╙▓█████████ , ╓┐ .▄┐ ╓▄ ▄▄ ╓▒▄ ▄▓▄ ╓▓▓╕ ▄█▓▄ ╓█████████▌ ` `` "^ "^ "╝` ╙▀` ╙▀▀,▄▓███████████ ╓ ▄∩ .▄╕ ╓▓▄ ▄▓▒ ▓▓▒ ▓█▓ ╓██▓ ▐██████████████ ` ` `" `" ,,╙╝^╓, ▀████████████ ª⌐ ▓⌐ ╫▓ █▌ ▀█N "██ ▓█▓ ▐██▀ ███Γ╓▓████████████ , ,, ╓╓ ,╖▄"` ▐███████████▌ '* ╝╩ ▀R ╘▓M ▀█▀ ▓█▌ '██▀ ▓██▌ ╓████████████ ,, ,, ,, ,╖, ╓▄, ▄▄, ,▓▌▄ ▀███████████╛ ` '^ ╙╜ ╝╜ ╙▀╩ ╝▓╩ ▀▓╩ └▓█▀ "█████████` , ╓ ,╖ ╓▄ ▄▄╕ .▄▓w ╓▓▓▄ ▓██████▓ ` ` " `" ╙Å` ╝▀^ '▀▓╨,╓╓▄███████╜ ╓w ▄ ▌▌ 4▓▄ ╓██╕ ▓██ ,▄▓█████████╜ ` " ╙▐, ╙Å"▄█████████▀^ # Φ▓ ║██ j███ ▐██████▓▀` ` `"` ▀▓▀▀╙` O.P.U     .   • The Blockchain Solution for the Global Skincare Industry .Tokenizing Skincare Intelligence.  .      .    . ● TELEGRAM ―OTWITTER ● ● FACEBOOK   . [  .
 . ]   



Pocket Dice


June 03, 2015, 02:07:48 PM 

Hi guys! Thanks for your questions. This is really an interesting topic for discussion.
Initially when we just started Pocket Dice we've researched the randomization methods other dice sites were using at that time. Based on this research we've created our algorithm that we're currently using at Pocket Dice as it seemed transparent to us.
But we understand your point about the unobvious source of those 30 initial numbers. We're now thinking about redesigning the randomization process so that it is clear for everyone.
Here's what we can do: 1. We generate server seed for next roll. Hash it and send to user with previous roll. 2. JS generates new client seed for each roll and sends it with bet info. 3. We hash two seeds with hmac_sha512(server_seed, client_seed) and parse 2 numbers 16 from that hash.
What do you think? We're open for conversation, let's discuss.
Pocket Dice team.




keepinquiet


June 04, 2015, 04:40:54 PM 

That works, but then causes the issue of "I need to copy and paste a crapton of stuff to verify bets."
Consider going the nonce route. You create a server seed. I can then let my browser pick a client seed, or I can set one manually. Then each bet is different via nonce.
The massive benefit to the end user is they only need to record info ONCE to validate possibly hundreds of bets.
Real glad to see a positive response to this. Thanks!




cyber_sonic
Newbie
Offline
Activity: 2
Merit: 0


November 02, 2016, 02:12:24 PM 

the 30 numbers are fair as long as they want it to be. once they want people to lose oney, the start making it unfair just by hitting the LOOT switch.




Ryan Dugan


November 06, 2016, 06:37:40 PM 

I dont know what to think anymore. If they use a seed what is to say they dont manipulate the process of how they use the seed ? How do we know the number we chose is generated properly against the number on the seed ?




cyber_sonic
Newbie
Offline
Activity: 2
Merit: 0


November 22, 2016, 06:33:45 AM 

i created a pocketdice roll checker with the logic provided in the site. http://pocketdice.ga/hope you find this useful. the game seems to be provably fair to me now.




