Bitcoin Forum
March 19, 2024, 09:19:07 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: BitcoinBetGames.com • FREE BTC • Video Poker • Quincunx • Provably Fair • NEW  (Read 4882 times)
Cruxer (OP)
Full Member
***
Offline Offline

Activity: 184
Merit: 100


Bitcoin FTW!


View Profile
June 03, 2015, 08:26:24 AM
 #41

I didn't look much into your provably fair method yet, but basically you should use the "serverseed, clientseed, nonce" method used by all popular dice sites since this is considered the technically most solid implementation and is most easy for the user to verify their results.
So from what i understand, correct me if im wrong, diffirence between our current secret_key and nonce is that user don't need to wait until midnight to verify bet.
"In a nutshell, the network works like a distributed timestamp server, stamping the first transaction to spend a coin. It takes advantage of the nature of information being easy to spread but hard to stifle." -- Satoshi
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1710839947
Hero Member
*
Offline Offline

Posts: 1710839947

View Profile Personal Message (Offline)

Ignore
1710839947
Reply with quote  #2

1710839947
Report to moderator
1710839947
Hero Member
*
Offline Offline

Posts: 1710839947

View Profile Personal Message (Offline)

Ignore
1710839947
Reply with quote  #2

1710839947
Report to moderator
erpbridge
Legendary
*
Offline Offline

Activity: 954
Merit: 1000


View Profile
June 03, 2015, 09:00:45 AM
 #42

I didn't look much into your provably fair method yet, but basically you should use the "serverseed, clientseed, nonce" method used by all popular dice sites since this is considered the technically most solid implementation and is most easy for the user to verify their results.
So from what i understand, correct me if im wrong, diffirence between our current secret_key and nonce is that user don't need to wait until midnight to verify bet.

Yes I suppose thats what he meant. When I visit a dice site, the most important thing for me would be to verify bets immediately. Another thing that comes to my mind is the fact that the "My Bets" tab on the site shows only around 20 recent bets. I suppose you would show the rest being archived. But unless I am recording the session it would be difficult for me to actually verify that the archived bets were actually what happened.
Havelivi
Hero Member
*****
Offline Offline

Activity: 896
Merit: 1000



View Profile
June 03, 2015, 09:24:37 AM
 #43

I didn't look much into your provably fair method yet, but basically you should use the "serverseed, clientseed, nonce" method used by all popular dice sites since this is considered the technically most solid implementation and is most easy for the user to verify their results.
So from what i understand, correct me if im wrong, diffirence between our current secret_key and nonce is that user don't need to wait until midnight to verify bet.

he is asking to put simple verification method that are mostly gambling sites are using at the moment like Primedice, Dadice and many more like "serverseed, clientseed, nonce" that provably fair system is easy to understand to most players and easy to understand because of nonce we can know there is no skip to manipulate the bet result, i hope you can understand what verification he is talking about.
NLNico
Legendary
*
hacker
Offline Offline

Activity: 1876
Merit: 1282


DiceSites.com owner


View Profile WWW
June 03, 2015, 10:06:38 AM
 #44

I didn't look much into your provably fair method yet, but basically you should use the "serverseed, clientseed, nonce" method used by all popular dice sites since this is considered the technically most solid implementation and is most easy for the user to verify their results.
So from what i understand, correct me if im wrong, diffirence between our current secret_key and nonce is that user don't need to wait until midnight to verify bet.
Yes and no. I guess you can have:

- serverseed, clientseed, secret (you have this now?)
- serverseed, clientseed
- serverseed, clientseed, nonce

The first one is bad because people need to wait. The second one is bad because it requires the seeds to be different each roll you make, which makes verifying much more difficult and time consuming - even though it is instant. The third one is the most popular and best way, the same seeds are used over many many rolls until the player decides to reset the serverseed and see the revealed unhashed seed to verify _all_ the previous rolls in 1 time.

Cruxer (OP)
Full Member
***
Offline Offline

Activity: 184
Merit: 100


Bitcoin FTW!


View Profile
June 03, 2015, 12:00:00 PM
 #45

Yes and no. I guess you can have:
- serverseed, clientseed, secret (you have this now?)
- serverseed, clientseed
- serverseed, clientseed, nonce

The first one is bad because people need to wait. The second one is bad because it requires the seeds to be different each roll you make, which makes verifying much more difficult and time consuming - even though it is instant. The third one is the most popular and best way, the same seeds are used over many many rolls until the player decides to reset the serverseed and see the revealed unhashed seed to verify _all_ the previous rolls in 1 time.
So first one (which we have currently) is bad (can be better). We will change it again after midnight (to give users ability to verify bets from current day).
Second one we had before, but both client seed and server was revealed (critical design flaw) before the game began. Server seed should be revealed after game, to not be able predict game results.
Third one, i can't wrap head around how it is faster to verify this than second method. After thinking a while its because you need to only copy one value from game (nonced client seed) while you always have (untill you change it) nonced server seed in script already.

If i got above correctly, we are ready to put third method live after midnight.

Quote
"My Bets" tab on the site shows only around 20 recent bets. I suppose you would show the rest
There will be added "Bet browser in Provably Fair tab". But you would need to know bet ID to pull out older game. How current popular sites do that? I would think of maybe option to pull out in simple text form list of last 200 bets for example with data <bet id>|<server seed>|<client seed - nonce> to be able to verify in quick way many bets quickly.
NLNico
Legendary
*
hacker
Offline Offline

Activity: 1876
Merit: 1282


DiceSites.com owner


View Profile WWW
June 03, 2015, 12:08:24 PM
 #46

Third one, i can't wrap head around how it is faster to verify this than second method. After thinking a while its because you need to only copy one value from game (nonced client seed) while you always have (untill you change it) nonced server seed in script already.

Yes. Let's do 10 bets w/o and w/ nonce:

Serverseed per roll without nonce
1. Click to see serverseed hash & copy it, change clientseed, make bet.
2. Verify if hash was really correct and check bet result.
3. Click to see serverseed hash & copy it, change clientseed, make bet.
4. Verify if hash was really correct and check bet result.
5. Click to see serverseed hash & copy it, change clientseed, make bet.
6. Verify if hash was really correct and check bet result.
7. Click to see serverseed hash & copy it, change clientseed, make bet.
8. Verify if hash was really correct and check bet result.
9. Click to see serverseed hash & copy it, change clientseed, make bet.
10. Verify if hash was really correct and check bet result.
11. Click to see serverseed hash & copy it, change clientseed, make bet.
12. Verify if hash was really correct and check bet result.
13. Click to see serverseed hash & copy it, change clientseed, make bet.
14. Verify if hash was really correct and check bet result.
15. Click to see serverseed hash & copy it, change clientseed, make bet.
16. Verify if hash was really correct and check bet result.
17. Click to see serverseed hash & copy it, change clientseed, make bet.
18. Verify if hash was really correct and check bet result.
19. Click to see serverseed hash & copy it, change clientseed, make bet.
20. Verify if hash was really correct and check bet result.

Serverseed with nonce
1. Click to see serverseed hash & copy it, change clientseed, make bet.
2. Make bet.
3. Make bet.
4. Make bet.
5. Make bet.
6. Make bet.
7. Make bet.
8. Make bet.
9. Make bet.
10. Make bet.
11. Get new serverseed hash to reveal old serverseed, verify hash and check bet results.

RHavar
Legendary
*
Offline Offline

Activity: 2555
Merit: 1886



View Profile
June 03, 2015, 12:23:49 PM
 #47

NLNico is spot on. One extra benefit of going nonceless is that it is hugely easier to verify each bet with a script (or verify the script) as there's no history (bet direction, bet size, result) to accumulate, you can just on-demand verify each bet.

Or if you're planning on releasing something like a userscript or a browser plugin that automatically verifies bets, I'd definitely go nonceless (it can check immediately, as you play). Or if you're expecting people to verify batches themselves by hand, I'd go with a JD-style nonce.


Check out gamblingsitefinder.com for a decent list/rankings of crypto casinos. Note: I have no affiliation or interest in it, and don't even agree with all the rankings ... but it's the only uncorrupted review site I'm aware of.
Cruxer (OP)
Full Member
***
Offline Offline

Activity: 184
Merit: 100


Bitcoin FTW!


View Profile
June 03, 2015, 01:27:41 PM
 #48

After consideration we will implement 3rd mehod with nonce as NLNico suggested.
NLNico will you verify our implementation of 3rd method tommorow? (will write here as soon it will be ready)
RHavar from what you are writing i predict you also have tech knowledge to verify our implementation. Hope you can do it also.
a1choi
Sr. Member
****
Offline Offline

Activity: 323
Merit: 254


View Profile
June 03, 2015, 03:54:43 PM
 #49

One extra benefit of going nonceless is that it is hugely easier to verify each bet with a script (or verify the script) as there's no history (bet direction, bet size, result) to accumulate, you can just on-demand verify each bet.


Not sure if you're talking about the 2nd method here (nonceless), but i would find this system provably, but not fair.  As, it could be possible that the user does not update his client seed while the serverseed will update after every bet.  If the operator is unscrupulous, he could take advantage of the users that don't change their client seed as often, and find a serverseed pair that will have an advantage, assuming that the user does not change his betting % or hi/lo option.

of course this would require some work on the operator's part as well as some added technical knowhow, but i could see something like this being done.
RHavar
Legendary
*
Offline Offline

Activity: 2555
Merit: 1886



View Profile
June 03, 2015, 04:46:11 PM
 #50

Not sure if you're talking about the 2nd method here (nonceless), but i would find this system provably, but not fair.  As, it could be possible that the user does not update his client seed while the serverseed will update after every bet.  If the operator is unscrupulous, he could take advantage of the users that don't change their client seed as often, and find a serverseed pair that will have an advantage, assuming that the user does not change his betting % or hi/lo option.

of course this would require some work on the operator's part as well as some added technical knowhow, but i could see something like this being done.

Well, the client-seed should be changed each roll to something random either manually (which is crazy tedious) or by a client you trust/verify (ideally a browser plugin, or third-party)

But even with the same client seed it's really not as easy for an operator to cheat, as you'd imagine. That's because the nash for a casino is to not cheat, because if someone knew you were cheating they could do the opposite bet, and *destroy* you. I don't imagine many site operators would be insane enough to cheat this way.

(Although, no sites ever sign an indisputable proof of hashes so any provably fair disputes quickly degrades into a he-said-she-said fight)

So its really just best if the client uses a different random seed each bet to avoid any doubts.

I personally think the simplicity of verification is one of the most important properties of any provably fair scheme. And generally, I think that actually means not using a nonce. I'd rather just audit them by verify a few big bets, than trying to keep a big history history of my bets and follow a convoluted scheme. By far preferable to this, would be userscript that does it for me, in real time.

Even with nonce schemes, which do make it easy to generate a list of bet outcomes (which is of limited use, if you don't keep track of your bet amounts/direction/target) it's amazing how few people actually do verify bets. Some very successful sites have operated for months (accidentally) not being provably fair before anyone even noticed. Or just last week, I spent about ~30 minutes writing a verifier for 64blocks and gave up due to the complexity (e.g. every new game, scrape 64 bitcoin blocks(?!) and verify a complex chain that works both forward and backwards). I have no doubt that's completely fair, with nice properties but when even I, the person who implemented the original scheme it's based on (in bustabit) (which was originally largely Dooglus/Eric's idea) can't be bothered to finish writing the code it's unlikely many people in the world have.

That said, I do think these guys should just go with a nonce scheme unless they're going to build an easy to check browser plugin that set a random client seed, and verifies each bet

Check out gamblingsitefinder.com for a decent list/rankings of crypto casinos. Note: I have no affiliation or interest in it, and don't even agree with all the rankings ... but it's the only uncorrupted review site I'm aware of.
Cruxer (OP)
Full Member
***
Offline Offline

Activity: 184
Merit: 100


Bitcoin FTW!


View Profile
June 04, 2015, 12:26:33 AM
Last edit: June 04, 2015, 01:20:35 AM by Cruxer
 #51

After over 4 hours of non-stop programming Quincunx provably fair system with nonce is finished.
Please verify our implementation (only Quincunx game), its based on primedice system.

If verification will be positive, we will implement it also in poker.
OgNasty
Donator
Legendary
*
Offline Offline

Activity: 4676
Merit: 4154


Leading Crypto Sports Betting & Casino Platform


View Profile WWW
June 04, 2015, 01:33:04 AM
 #52

Cool game.  I donated 0.03 BTC.  Cool

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
Cruxer (OP)
Full Member
***
Offline Offline

Activity: 184
Merit: 100


Bitcoin FTW!


View Profile
June 04, 2015, 01:38:42 AM
 #53

Cool game.
Thank you for kind words, we have just started so its great motivation to continue.
We have big plans so stay tuned Smiley
NLNico
Legendary
*
hacker
Offline Offline

Activity: 1876
Merit: 1282


DiceSites.com owner


View Profile WWW
June 04, 2015, 02:24:48 AM
 #54

After over 4 hours of non-stop programming Quincunx provably fair system with nonce is finished.
Please verify our implementation (only Quincunx game), its based on primedice system.

If verification will be positive, we will implement it also in poker.

It seems like the idea is good now. But unfortunately there is still a mistake and the site is still not provably fair Tongue

When a player changes the clientseed, you give a new serverseed. This means you could calculate bad results based on these seeds. The idea of a clientseed is that there is a variable in the calculation which the site doesn't know in advance and therefor cannot predict the results in advance. 2 options:

1.  When someone sets the clientseed, you should keep the same hash (and don't reset the nonce or else player can cheat.) And then there should be a separate button to "request new serverseed" that also resets the nonce.

2. OR show the "next serverseed hash" already when setting the new clientseed (that is actually what PD does.)




Truthfully I didn't fully test the provably fair method but this is what I saw already.

Cruxer (OP)
Full Member
***
Offline Offline

Activity: 184
Merit: 100


Bitcoin FTW!


View Profile
June 04, 2015, 09:23:28 AM
 #55

When a player changes the clientseed, you give a new serverseed. This means you could calculate bad results based on these seeds. The idea of a clientseed is that there is a variable in the calculation which the site doesn't know in advance and therefor cannot predict the results in advance. 2 options:
1.  When someone sets the clientseed, you should keep the same hash (and don't reset the nonce or else player can cheat.) And then there should be a separate button to "request new serverseed" that also resets the nonce.
2. OR show the "next serverseed hash" already when setting the new clientseed (that is actually what PD does.)
I think we already do have this second method. Player know in advance next server seed hash (below SET button, need to click Next server seed (hash) to reveal it).

NLNico
Legendary
*
hacker
Offline Offline

Activity: 1876
Merit: 1282


DiceSites.com owner


View Profile WWW
June 04, 2015, 09:34:00 AM
 #56

Ah you are correct. Although that link is very small lol, I would probably display it slightly different. Anyway, seems technically okay then, although I didn't actually calculate the results and didn't check the details (just had quick look only.) But yeh, nice job improving it already.

tsoPANos
Hero Member
*****
Offline Offline

Activity: 602
Merit: 500

In math we trust.


View Profile
June 04, 2015, 10:44:18 AM
 #57

Any impressions from the provably fair system?
Cruxer (OP)
Full Member
***
Offline Offline

Activity: 184
Merit: 100


Bitcoin FTW!


View Profile
June 04, 2015, 11:45:29 AM
 #58

Ah you are correct. Although that link is very small lol, I would probably display it slightly different. Anyway, seems technically okay then, although I didn't actually calculate the results and didn't check the details (just had quick look only.) But yeh, nice job improving it already.
Thank you. I moved this link to bottom of Provably Fair tab, underlined it, bigger font. Hope it will fit better there Smiley
Also removed couple bugs that could affect verification process, maybe its good that you have waited with full verification.

Any impressions from the provably fair system?
Better from impression will be full verification of Quincunx provably fair system on real bet examples Smiley.
Cruxer (OP)
Full Member
***
Offline Offline

Activity: 184
Merit: 100


Bitcoin FTW!


View Profile
June 05, 2015, 12:00:27 AM
 #59

We got info on site chat, that there is still critical bug in quincunx that lets you predict coin path before betting.
While we are working hard to verify this information, it would be helpfull to also someone else give it a look. Like they say, four pair of eyes are better than two.
This can be bogus report, but reports like this must be checked carefully.

One indication that it could be true is one user, that hit on quincunx red table 130x in first real bet, then again between ~20 bets... chance for x130 on red table is around 1 to 25000.
RHavar
Legendary
*
Offline Offline

Activity: 2555
Merit: 1886



View Profile
June 05, 2015, 12:49:12 AM
Last edit: June 05, 2015, 12:59:25 AM by RHavar
 #60

We got info on site chat, that there is still critical bug in quincunx that lets you predict coin path before betting.

While we are working hard to verify this information, it would be helpfull to also someone else give it a look. Like they say, four pair of eyes are better than two.
This can be bogus report, but reports like this must be checked carefully.

If you're asking for help, it probably would help if you tell us the report details, otherwise we're flying blind  =)

If the report is along the lines of: "Hey, your entropy is bad. I can "feel" it." just ignore them, I get them on a weekly basis. People mean well, and often do believe they can predict the outcome but unless your sole source of entropy is a 301 page on random.org, it's basically impossible for a human regardless how weak it is.

Quote
One indication that it could be true is one user, that hit on quincunx red table 130x in first real bet, then again between ~20 bets... chance for x130 on red table is around 1 to 25000.

I plugged your red pay-table into the MoneyPot plinko API to generate this bet:
https://www.moneypot.com/bets/4244628

As you can see, it shows a house edge of 1.76% with the chance of landing on 130x to be 1 in 2048 (and even more often, if you consider 130 or greater!). Which makes it rare, but not exceedingly so.

Not to say your site doesn't have security holes, but be extremely careful in your analysis of "1 of 25000" to not fall into the trap of implicitly searching for thousands of possible patterns that would trigger your "omg" alarms. It's a weekly occurrence that someone brings up a really unusual streak on bustabit, like   1.23x followed by 4.56x followed by 7.89x and then claim the game is clearly rigged as that particular occurrence has a one in a billion chance of happening, but they're searching for a billion patterns over that time.

For what it's worth, I know the feeling of losing money and dealing with the uncertainty if it was real or legitimate, it's really the whole reason I created MoneyPot. The hardest was once paying a 90 BTC loss in one single day, without knowing if I got cheated or not. Both players that won that day never came, but the site has remained profitable ever since so I'm pretty sure it was the bitch named variance  =)

(and Dooglus has a similar story but on a far, far more epic scale)

 
If you're worried, I'd highly recommend paying for a professional security review. I saw earlier you had a max win of almost 50 BTC. Doing a rough estimate, my maths tells me you should have roughly a 2778 BTC bankroll to safely back that up, that's a non-trivial amount of money. (I can figure out the exact required according to the generalized kelly if you like)

Check out gamblingsitefinder.com for a decent list/rankings of crypto casinos. Note: I have no affiliation or interest in it, and don't even agree with all the rankings ... but it's the only uncorrupted review site I'm aware of.
Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!