Bitcoin Forum
October 19, 2019, 11:33:09 PM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3]  All
  Print  
Author Topic: Bustabit.com Provably Fair Seeding Event  (Read 47372 times)
RHavar
Legendary
*
Offline Offline

Activity: 1806
Merit: 1454



View Profile
June 22, 2015, 12:22:18 AM
 #41

Before the round the server would generate a server secret and publish the hash of the server secret. All players generate a client secret. When a player clicks on place bet, he submits his secret to the server. When the next round starts all submitted client secrets are concatenated with the server secret and used to compute the crash multiplier.

What am I missing?

There's a few flaws in that scheme, namely if the server and one of the (many) clients are conspiring they can totally control the outcome. And even if the server isn't controlling one of the clients, if it selectively dropped the connection of one of them, it could radically change the outcome as well.
1571527989
Hero Member
*
Offline Offline

Posts: 1571527989

View Profile Personal Message (Offline)

Ignore
1571527989
Reply with quote  #2

1571527989
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
RHavar
Legendary
*
Offline Offline

Activity: 1806
Merit: 1454



View Profile
August 28, 2015, 02:07:40 PM
 #42

So, what if, Ryan generated tones list of 10m hashes from different serverSeed and then, waited for a particular block's id to be mined. Since the clientSeed seems to be predictable, Ryan could have waited for that block to be mined then start the game in the meaning to get the most profitable serverseed.

That's actually why we created this "event". We proved we did it before the block was mined, exactly to disprove this:

Quote from: Ryan
3) To avoid criticism that the Bitcoin address used in step 1 was carefully chosen to generate lots of "bad" crash points, each hash in the chain will be salted with a client seed, which we have no control of. The client seed will be the block hash of a Bitcoin block that hasn't yet been mined: block 339300.

if you don't trust the dates on this forum (which you might not, because I can edit the OP) you can check the critical details in a variety of ways, that all happened before that block was mined:
a) The fact people quoted me link
b) It was on reddit link
c) It was emailed to dooglus (you can ask him, and he can find it and get the date)
d) It's archived on archive.org  (link)

and if that's not enough, I actually timestamped it on the blockchain (before block 339300) which should be complete proof. I don't have the link on me right now, but can dig through my email and find it if you like.





Quote
I love that game, and got nothing against Ryan but maybe it would be nice to get an other provably fair system that will actually be fair?

it is =)

Quote
Also, that kind of thing isn't hard to make, I could make a script that will find a serverseed that will never bust higher than 2.0x.
It's pretty simple to do and it would takes me couple of weeks to get a cheated serverseed.

You could make a script that finds a "bad" server seed, but it's unlikely to be that bad. The probability of a server seed having no games > 2.0x is like 0.50990099^10e6 (making some generous assumptions about sha256), which is just gazillions of times harder than just finding bitcoin private keys, or my server seed
kolloh
Legendary
*
Offline Offline

Activity: 1526
Merit: 1011


View Profile
September 10, 2015, 06:46:36 PM
Last edit: September 11, 2015, 12:16:57 AM by kolloh
 #43

btw, are you saying there is a 10btc bounty for the compromisation of your scheme?

There's a 10 BTC bounty for knowing the server secret. You can claim it by doing nothing more than just spending from it (it's a private key, for address with 10 BTC in it). That's because if you know the server secret, you could cheat the game anyway, so I would prefer if someone does discover it (it's stored in the database along with the hashes) you just take the 10 BTC, which will act as a bounty for you and a trip wire for me

I saw that this 10 BTC was recently moved away last month. I assume this doesn't mean that someone was able to compromise the address and it was just moved after being satisfied that it was not compromised after this time?
RHavar
Legendary
*
Offline Offline

Activity: 1806
Merit: 1454



View Profile
September 10, 2015, 06:58:08 PM
 #44

I saw that this 10 BTC was recently moved away last month. I assume this doesn't mean that someone was able to compromised the address and it was just moved after being satisfied that it was not compromised after this time?

Yeah, I just moved as part of my on-going campaign to reconcile my finances.  If anyone does however know the private key, (or any of the future hashes) I'll more than happily give you a lot more than that in a bounty (i offered Dexon 50 btc if his brute force sha1 program actually does find it) as if someone did find it, it'd easily cost me more than that (as they would know the outcome of all future games)
dkee888
Full Member
***
Offline Offline

Activity: 174
Merit: 100



View Profile
December 05, 2015, 11:58:48 PM
 #45

Awesome site very addicting and IMO way better than the Hi-Lo dice games.. Grin
gullu
Full Member
***
Offline Offline

Activity: 369
Merit: 102


(https://paymentporte.com/)


View Profile
August 24, 2016, 04:01:56 PM
 #46

Welcome to the first provably fair seeding event. One of the most requested features of bustabit has been to create a provably distribution of game crashes, to replace our provably predetermined multipliers.

The original scheme of turning a multiplayer game in which peers do not trust each other was first proposed by Dooglus, refined by Eric and solidified into code by Steve.

The high level of the scheme is as follows:

1) We have generated a chain of 10 million sha256 hashes, starting with a server secret that has been repeatedly fed the output of sha256 back into itself 10 million times. The sha256 of the final hash in the chain is: c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d, by publicising it here we are preventing any ability to pick an alternate sha256 chain.


2) Bustabit will play through that chain of hashes, in reverse order, and use the hashes to determine the crash point in a probably fair manner.

3) To avoid criticism that the Bitcoin address used in step 1 was carefully chosen to generate lots of "bad" crash points, each hash in the chain will be salted with a client seed, which we have no control of. The client seed will be the block hash of a Bitcoin block that hasn't yet been mined: block 339300.


The reference code (javascript) is as follows:

The method to create the hash chain is simply sha256:
Code:
function genGameHash(serverSeed) {
  return crypto.createHash('sha256').update(serverSeed).digest('hex');
}

The method to convert a game hash, mix it with the picked client seed to a money pot multiplier:

Code:
function crashPointFromHash(serverSeed, clientSeed) {
  function divisible(hash, mod) {
    // We will read in 4 hex at a time, but the first chunk might be a bit smaller
    // So ABCDEFGHIJ should be chunked like  AB CDEF GHIJ
    var val = 0;
    
    var o = hash.length % 4;
    for (var i = o > 0 ? o - 4 : 0; i < hash.length; i += 4) {
      val = ((val << 16) + parseInt(hash.substring(i, i+4), 16)) % mod;
    }

    return val === 0;
  }

  var hash = crypto.createHmac('sha256', serverSeed).update(clientSeed).digest('hex');

  /* In 1 of 101 games the game crashes instantly. */
  if (divisible(hash, 101))
     return 0;

  /* Use the most significant 52-bit from the hash
     to calculate the crash point */
  var h = parseInt(hash.slice(0,52/4),16);
  var e = Math.pow(2,52);

  return Math.floor((100 * e - h) / (e - h));
}

The chain could be generated with code such as:

Code:
var serverSecret =  'If you knew this, you could steal all my money';
var clientSeed = '0000examplehash';

var gamesToGenerate = 1e7;

var serverSeed = serverSecret;

for (var game = gamesToGenerate; game > 0; --game) {
  serverSeed = genGameHash(serverSeed);
  console.log('Game ' +  game + ' has a crash point of ' + (crashPointFromHash(serverSeed, clientSeed) / 100).toFixed(2) +'x', '\t\tHash: ' + serverSeed);
}

var terminatingHash = genGameHash(serverSeed);

console.log('The terminating hash is: ', terminatingHash);


Using our chosen starting serverSeed, the hash terminating the chain is c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d. That is to say, the first game's hash played under the new provably fair scheme, when hashed will be c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d.

just to save the copy, if it gets edited..

▄▄▄        Payment Porte        |   digital payment solutions   ▄▄▄
||███      (((  SERNVI SES  )))  ▐ ███  JOIN OUR "Initial Exchange Offering"(IEO)   ███ ▌       ███||
|   WEB SITE  |  ANN  |  Facebook  |  Twitter  |  Telegram   |
JasonXG
Hero Member
*****
Offline Offline

Activity: 770
Merit: 500


View Profile
August 24, 2016, 05:16:15 PM
 #47

if bitcoin is still around at the end of the week, i'll check it out

Lol why do you say that ? Of coarse it will still be around silly Smiley

Its good to see vista bit doing this to renenforce the fairness factor. Personally I have never felt cheated. I just day "omg bs" lol but everyone in the room loses as well so ita not like its just me so in that way its actually great to prove fairness.

I dont know Ryan personally but he really doesn't seem the kind to steal. He knows how to conduct business and this is clearly demonstrated by the success of bustabit. People who run and only shooting the!selves in the foot. Why run why you can simply keep at it and create a lovely passive income in the long term.

Do not eat everything today for tomorrow is a new day. Runners eat everything in one day and forget about the future. They could have made much more but they have no foresight. Ryan knows this so he makes more then these runners. Well done Ryan. Also ita a very fun unique game.
A7mad1978
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
December 20, 2016, 05:19:13 PM
 #48

do you call this scam FARE !!!!!!!
get real life site is the biggest scam site tell now this site running on to collect every body bitcoin it's not fair and it's 100% controlled by Ryan he run it and stop it as he wish it's not fare it's scam and every one can gave you a hash do you need hash's ?
rfisher1968
Sr. Member
****
Offline Offline

Activity: 319
Merit: 250


View Profile
December 22, 2016, 04:41:44 PM
 #49

Rayn

If I get the hash of a game, how do I determine what block hash(clientseed) was used? How do you get the block hash(clientseed), the timing of it being used is unknown?
dooglus
Legendary
*
Offline Offline

Activity: 2730
Merit: 1188



View Profile
December 22, 2016, 05:22:02 PM
 #50

If I get the hash of a game, how do I determine what block hash(clientseed) was used? How do you get the block hash(clientseed), the timing of it being used is unknown?

There was only one seeding event. Only a single block hash was used.

The client seed is 000000000000000007a9a31ff7f07463d91af6b5454241d5faf282e5e0fe1b3a, as mentioned in this post.

Did you read my post which tries to make the process clearer? Does it help?

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
RHavar
Legendary
*
Offline Offline

Activity: 1806
Merit: 1454



View Profile
December 22, 2016, 05:41:27 PM
 #51

^ Yeah, what Dooglus said.

Basically the "client seed" is a single value which is used throughout the whole chain. It's there to prevent against an attack in which I unfairly picked a hash chain (as no one knows how I seeded the hash chain). In order to come up with a client seed, we had have a few options. One obvious option would be used a trusted third party (e.g. random.org) but we can do better, by using the bitcoin blockchain itself.

The way it was done (see: the start of this thread) was preannounce that what ever hash block 339300 is going to be, would be our client seed. As we conducted this well in advance of block 339300, there was absolutely no way I (or anyone) could have known what that hash would be.

Typically when you use bitcoin block hashes, you need to be careful against what is known as a "discarding attack" where a bitcoin miner can look at the hash and decide to not publish the block. However in this case, the attack isn't relevant because the low chance of conducting it (what ever hash power I control), and the cost of conducting would've been 25 BTC, and to significantly bias the results would take at least millions (or billions) of attempts.

So I think we can be quite confident that the seed was fairly picked and there's no issues with it =)
dooglus
Legendary
*
Offline Offline

Activity: 2730
Merit: 1188



View Profile
December 22, 2016, 06:36:30 PM
 #52

So I think we can be quite confident that the seed was fairly picked

do you call this scam FARE !!!!!!!

(just kidding) Wink

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
Benchman
Full Member
***
Offline Offline

Activity: 219
Merit: 100



View Profile
February 19, 2017, 02:27:52 AM
 #53

Hehe, funny to play but will small amounts.

Got recenty @ 20x. Sent $0,5, cashed about total $40. Enough for nice dinner with gf.
Keyoliver
Newbie
*
Offline Offline

Activity: 53
Merit: 0


View Profile
July 19, 2017, 11:05:58 AM
 #54

Welcome to the first provably fair seeding event. One of the most requested features of bustabit has been to create a provably distribution of game crashes, to replace our provably predetermined multipliers.

The original scheme of turning a multiplayer game in which peers do not trust each other was first proposed by Dooglus, refined by Eric and solidified into code by Steve.

The high level of the scheme is as follows:

1) We have generated a chain of 10 million sha256 hashes, starting with a server secret that has been repeatedly fed the output of sha256 back into itself 10 million times. The sha256 of the final hash in the chain is: c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d, by publicising it here we are preventing any ability to pick an alternate sha256 chain.


2) Bustabit will play through that chain of hashes, in reverse order, and use the hashes to determine the crash point in a probably fair manner.

3) To avoid criticism that the Bitcoin address used in step 1 was carefully chosen to generate lots of "bad" crash points, each hash in the chain will be salted with a client seed, which we have no control of. The client seed will be the block hash of a Bitcoin block that hasn't yet been mined: block 339300.


The reference code (javascript) is as follows:

The method to create the hash chain is simply sha256:
Code:
function genGameHash(serverSeed) {
  return crypto.createHash('sha256').update(serverSeed).digest('hex');
}

The method to convert a game hash, mix it with the picked client seed to a money pot multiplier:

Code:
function crashPointFromHash(serverSeed, clientSeed) {
  function divisible(hash, mod) {
    // We will read in 4 hex at a time, but the first chunk might be a bit smaller
    // So ABCDEFGHIJ should be chunked like  AB CDEF GHIJ
    var val = 0;
    
    var o = hash.length % 4;
    for (var i = o > 0 ? o - 4 : 0; i < hash.length; i += 4) {
      val = ((val << 16) + parseInt(hash.substring(i, i+4), 16)) % mod;
    }

    return val === 0;
  }

  var hash = crypto.createHmac('sha256', serverSeed).update(clientSeed).digest('hex');

  /* In 1 of 101 games the game crashes instantly. */
  if (divisible(hash, 101))
     return 0;

  /* Use the most significant 52-bit from the hash
     to calculate the crash point */
  var h = parseInt(hash.slice(0,52/4),16);
  var e = Math.pow(2,52);

  return Math.floor((100 * e - h) / (e - h));
}

The chain could be generated with code such as:

Code:
var serverSecret =  'If you knew this, you could steal all my money';
var clientSeed = '0000examplehash';

var gamesToGenerate = 1e7;

var serverSeed = serverSecret;

for (var game = gamesToGenerate; game > 0; --game) {
  serverSeed = genGameHash(serverSeed);
  console.log('Game ' +  game + ' has a crash point of ' + (crashPointFromHash(serverSeed, clientSeed) / 100).toFixed(2) +'x', '\t\tHash: ' + serverSeed);
}

var terminatingHash = genGameHash(serverSeed);

console.log('The terminating hash is: ', terminatingHash);


Using our chosen starting serverSeed, the hash terminating the chain is c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d. That is to say, the first game's hash played under the new provably fair scheme, when hashed will be c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d.

hello are u mod in there i need help right now
adfaucet
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
January 12, 2019, 05:43:52 PM
 #55

Hi,

You can find a PHP implemetation of this code here: https://github.com/rogervila/provably-fair
Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!