Bitcoin Forum
October 17, 2018, 05:18:22 PM
 News: Make sure you are not using versions of Bitcoin Core other than 0.17.0 [Torrent], 0.16.3, 0.15.2, or 0.14.3. More info.
 Home Help Search Donate Login Register
 Pages: [1]
 Author Topic: Question/opinions on pocketdice's claim of provably fair.  (Read 2009 times)
keepinquiet
Full Member

Offline

Activity: 420
Merit: 100

 June 02, 2015, 04:08:56 AM

Pocketdice claims to be provably fair. And they are - sort of. Ish.

Where I find fault in it is in the fact that unlike card-based games that have a static deck that is shuffled and then 'cut' or re-shuffled by a client seed, pocketdice makes a list of 30 "random" numbers from 1-6. Those are then shuffled, then client-seed shuffled.

No big deal, right? Totally fair, totally provable.

Except for the fact that your roll tendencies can be tracked. Maybe you ALWAYS go "Higher than 8".

So what if pocketdice's 30 "random numbers" have 9 1's, 7 2's 5 3's, 5 4's, 3 5's and 1 6?

That seriously skews the odds in pocketdice's favor. Which is absolutely not provably fair. Real dice have an equal chance to land on any number. When your array is is [1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 2, 2, 2, 2, 2, 2, 3, 3, 3, 3, 3, 4, 4, 4, 4, 4, 5, 5, 5, 6] you do have a chance to roll higher than 8, but it's pretty slim.

When I started looking at it tonight, the first thing I did was click on a random past bet to see the roll array. It had 7 6's in it. If it's truly fair, in a 30 number array of 1-6, each number should be represented 5 times.

That being said, as I typed that, I realized something - PD rolls 2 dice. Why the hell is it an array of 30 instead of 12? You don't need that many.

Unless you're skewing the odds.

Ever since 999dice effed me over and I exposed them (to no avail, their profit is supposedly up 1000 BTC since it happened about 2-3 months ago. Funny. How does a .1% edge site make 1000 BTC in 2-3 months?) I've been taking a really close look at all the gambling sites I come across.

Just trying to hold everyone to a standard. Not trying to be a dick. If it's an oversight that pocketdice never realized, they will fix it.

If not, well, I sure as hell wouldn't bet there.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
NLNico
Legendary

Offline

Activity: 1750
Merit: 1183

DiceSites.com owner

 June 02, 2015, 04:50:22 AM

Correct, nice found again. To be provably fair it should generate the number sets based on both the server- and clientseed[1]. Actually it will be easier to just generate 2 numbers 1-6. Ideally it will not be "per roll" anyway, but just the "nonce way". There are several problems with "per roll" even in a perfect technical implementation, for example: the player has to write down each seed between each roll and verify per roll (instead of just copying 1 seed for hundreds of rolls.)

Again, I agree that, in theory, currently it is too easy for Pocket Dice to cheat with the current provably fair implementation. The client's seed is not really used to generate the random result. But I can still imagine it is not wrong on purpose - it should be changed though.

Possible better way: Basically any dice site calculates a number between 0-100. And it is very easy for them to generate 2 numbers between 0-100 from 1 "result hash" (they actually do this already if the result is more than 100.) Then just make 0-16.6666=1,16.6666-33.3333=2, ....., 83.3333-100=6. So the "normal" provably fair method with "nonce method", used on all popular dice sites, can definitely be implemented here and that would be much better.

Or just take set of 12 numbers and do the Fisher-Yates shuffle with the sha2 of server+clientseed+nonce (and delimiters in between) as Mersenne Twister seed, I guess.

1. And ideally the client seed is not made with Math.random() like it is now.

tspacepilot
Legendary

Offline

Activity: 1456
Merit: 1013

I may write code in exchange for bitcoins.

 June 02, 2015, 05:45:24 AM

When I started looking at it tonight, the first thing I did was click on a random past bet to see the roll array. It had 7 6's in it. If it's truly fair, in a 30 number array of 1-6, each number should be represented 5 times.

I'm not saying you're wrong about the skewiness of an entire distribution of numbers generated as you describe, however, if I understand you correctly, the line I quote you on above is completely wrong.

In a truly-fair array of 30 random numbers 1-6, the crucial property is that you cannot predict at all how many times each number should be represented.  In a single draw of 30 random numbers, if they're truly random, they might be all 1s, you don't know untill you draw.  Now, if the numbers are truly random then the long-term expected average distribution should approach an equal distribution of 1,2,3,4,5,6 as you sample size approaches infinity.  But it's simply not correct to say that if you draw 30 random numbers from 1-6 that you can expect to find them equally distributed---that would be a decidely non-random distribution.
Coef
Hero Member

Offline

Activity: 882
Merit: 1000

Exhausted

 June 02, 2015, 06:14:22 AM

In a truly-fair array of 30 random numbers 1-6, the crucial property is that you cannot predict at all how many times each number should be represented.  In a single draw of 30 random numbers, if they're truly random, they might be all 1s, you don't know untill you draw.  Now, if the numbers are truly random then the long-term expected average distribution should approach an equal distribution of 1,2,3,4,5,6 as you sample size approaches infinity.  But it's simply not correct to say that if you draw 30 random numbers from 1-6 that you can expect to find them equally distributed---that would be a decidely non-random distribution.

Correct. But the main problem I see here is that the generation process of that 30 numbers is not described clearly.
The site may be doing it fairly, or may be not. We simply don't know about that, and so it is not provably fair.

 PRIMEDICE .   The Premier Bitcoin Gambling Experience  Most Trusted & Popular | Active Chat & Community | Free BTC Faucet | 1% Edge
tspacepilot
Legendary

Offline

Activity: 1456
Merit: 1013

I may write code in exchange for bitcoins.

 June 02, 2015, 06:17:59 AM

In a truly-fair array of 30 random numbers 1-6, the crucial property is that you cannot predict at all how many times each number should be represented.  In a single draw of 30 random numbers, if they're truly random, they might be all 1s, you don't know untill you draw.  Now, if the numbers are truly random then the long-term expected average distribution should approach an equal distribution of 1,2,3,4,5,6 as you sample size approaches infinity.  But it's simply not correct to say that if you draw 30 random numbers from 1-6 that you can expect to find them equally distributed---that would be a decidely non-random distribution.

Correct. But the main problem I see here is that the generation process of that 30 numbers is not described clearly.
The site may be doing it fairly, or may be not. We simply don't know about that, and so it is not provably fair.

I see (better now), thanks.  I wanted to clarify that part of the OP just to make sure I wasn't completely misunderstanding.
keepinquiet
Full Member

Offline

Activity: 420
Merit: 100

 June 02, 2015, 10:45:53 AM

In a truly-fair array of 30 random numbers 1-6, the crucial property is that you cannot predict at all how many times each number should be represented.  In a single draw of 30 random numbers, if they're truly random, they might be all 1s, you don't know untill you draw.  Now, if the numbers are truly random then the long-term expected average distribution should approach an equal distribution of 1,2,3,4,5,6 as you sample size approaches infinity.  But it's simply not correct to say that if you draw 30 random numbers from 1-6 that you can expect to find them equally distributed---that would be a decidely non-random distribution.

Correct. But the main problem I see here is that the generation process of that 30 numbers is not described clearly.
The site may be doing it fairly, or may be not. We simply don't know about that, and so it is not provably fair.

I see (better now), thanks.  I wanted to clarify that part of the OP just to make sure I wasn't completely misunderstanding.

Yep. WHile you're right, it could be all 1's - since the generation of THOSE numbers is, as they put it, "random" it could be anything, including intentionally skewing the weight of numbers in their favor based on your betting history.

Until those numbers are provably fair, the entire system isn't.
Legendary

Offline

Activity: 1750
Merit: 1089

 June 02, 2015, 12:18:55 PM

Honestly, its probably next to impossible to prove if its truly fair or not. Some say that if you don't reset your client seed, then your rolls can be altered.

 .FORTUNE.JACK. ▄▄███████▄▄   ▄████▀▀ ▄ ██████▄  ████ ▄▄███ ████████ █████▌▐███▌ ▀▄ ▀████████████▄██▀▀▀▀▄█████████████▀▄▄▄▄█████████████████▄▄▄▄ ██████████████ ██████▌ ███▀█████████  ███████▄▀▄█████████   ▀█████▀▀████████▀      ▀▀███████▀▀          █         █ ...FortuneJack.com                                              ...THE BIGGEST BITCOIN GAMBLING SITE │ ▄▄█████████▄▄    ▄█████████████████▄  ▄█████████████████████▄ ▄███████████▀███████████▄▄██████████▀   ▀██████████▄█████████▀       ▀█████████████████           ████████████████▄   ▄ ▄   ▄████████▀██████████▀   ▀██████████▀ ▀███████████████████████▀  ▀█████████████████████▀    ▀█████████████████▀       ▀▀█████████▀▀ #JACKMATEWIN 1 BTC │ ▄█████████████████████████▄████████████████████████████████████████████████████████████████▀█████▀█████████████████▀░░▀░░░░░▀░░▀█████████████▌░░░░░░░░░░░░░▐████████████░░░░██░░░██░░░░███████████▌░░░░▀▀░░░▀▀░░░░▐███████████▄░░▄▄▄░░░▄▄▄░░▄██████████████▄▄███████▄▄██████████████████████████████████████████████████████████████▀█████████████████████████▀ │
tspacepilot
Legendary

Offline

Activity: 1456
Merit: 1013

I may write code in exchange for bitcoins.

 June 02, 2015, 02:45:17 PM

In a truly-fair array of 30 random numbers 1-6, the crucial property is that you cannot predict at all how many times each number should be represented.  In a single draw of 30 random numbers, if they're truly random, they might be all 1s, you don't know untill you draw.  Now, if the numbers are truly random then the long-term expected average distribution should approach an equal distribution of 1,2,3,4,5,6 as you sample size approaches infinity.  But it's simply not correct to say that if you draw 30 random numbers from 1-6 that you can expect to find them equally distributed---that would be a decidely non-random distribution.

Correct. But the main problem I see here is that the generation process of that 30 numbers is not described clearly.
The site may be doing it fairly, or may be not. We simply don't know about that, and so it is not provably fair.

I see (better now), thanks.  I wanted to clarify that part of the OP just to make sure I wasn't completely misunderstanding.

Yep. WHile you're right, it could be all 1's - since the generation of THOSE numbers is, as they put it, "random" it could be anything, including intentionally skewing the weight of numbers in their favor based on your betting history.
Actually, intentially skewing would be a form of non-random.  I just think it's crucial to get the terms right in these sorts of conversations to avoid confusino
Quote
Until those numbers are provably fair, the entire system isn't.
Yes, I understand the issue now.

XinXan
Hero Member

Offline

Activity: 924
Merit: 503

 June 02, 2015, 04:36:29 PM

Honestly, its probably next to impossible to prove if its truly fair or not. Some say that if you don't reset your client seed, then your rolls can be altered.

That was the case with 999dice when op exposed them aswell, its impossible to prove they are not fair but this should lead to them changing their system, if they dont then you know something its wrong, i used to believe 999dice wasnt a scam, i personally won 2 btc there once but after they changed their system to something that was the same, made me think again about them.

 ███████████████████████████████████████████████████ ▄██████████████████▄███       ▄█▀██████████       █████████████       █████████████       █████████████              ██████   ▄▄▄▄▄▄▄▄   ██████   ▄▄▄▄▄▄▄▄   ██████              ██████▄▄▄▄▄▄▄▄▄▄▄▄▄▄███▀██████████████████▀ ▄██████████████████▄███████████▀ ████████████████▀   ██████████████▀     ██▀ ██████ ▀▀       █▄▄███████          █▀▀▀▀█████ ▄▄       ██████████████▄     █▄ ▀████████████▄   ███▄██████████████▄ ███████▀██████████████████▀ ▄██████████████████▄███████████████████████████████████▀▀ ███████████▀▀   ▄  ███████▀▀     ▄█▀   ██████▄    ▄██      ████████████▀      ▄█████████████▄     █████████████████▄ ▄████████████████████████▀██████████████████▀ ████████████   ███   ███   ███   ███   ███   ███   ███   ███   ███████████████ ..Decentralized Remittance & Payment Platform.| Twitter | LinkedIn | Medium | Facebook
Pocket Dice
Sr. Member

Offline

Activity: 343
Merit: 250

 June 03, 2015, 02:07:48 PM

Hi guys! Thanks for your questions. This is really an interesting topic for discussion.

Initially when we just started Pocket Dice we've researched the randomization methods other dice sites were using at that time. Based on this research we've created our algorithm that we're currently using at Pocket Dice as it seemed transparent to us.

But we understand your point about the unobvious source of those 30 initial numbers. We're now thinking about redesigning the randomization process so that it is clear for everyone.

Here's what we can do:
1. We generate server seed for next roll. Hash it and send to user with previous roll.
2. JS generates new client seed for each roll and sends it with bet info.
3. We hash two seeds with hmac_sha512(server_seed, client_seed) and parse 2 numbers 1-6 from that hash.

What do you think? We're open for conversation, let's discuss.

Pocket Dice team.

keepinquiet
Full Member

Offline

Activity: 420
Merit: 100

 June 04, 2015, 04:40:54 PM

That works, but then causes the issue of "I need to copy and paste a crapton of stuff to verify bets."

Consider going the nonce route. You create a server seed. I can then let my browser pick a client seed, or I can set one manually. Then each bet is different via nonce.

The massive benefit to the end user is they only need to record info ONCE to validate possibly hundreds of bets.

Real glad to see a positive response to this. Thanks!
cyber_sonic
Newbie

Offline

Activity: 2
Merit: 0

 November 02, 2016, 02:12:24 PM

the 30 numbers are fair as long as they want it to be. once they want people to lose oney, the start making it unfair just by hitting the LOOT switch.
Ryan Dugan
Hero Member

Offline

Activity: 658
Merit: 501

 November 06, 2016, 06:37:40 PM

I dont know what to think anymore. If they use a seed what is to say they dont manipulate the process of how they use the seed ?
How do we know the number we chose is generated properly against the number on the seed ?
cyber_sonic
Newbie

Offline

Activity: 2
Merit: 0

 November 22, 2016, 06:33:45 AM

i created a pocketdice roll checker with the logic provided in the site.

http://pocketdice.ga/

hope you find this useful.

the game seems to be provably fair to me now.
 Pages: [1]
 « previous topic next topic »