Why does Satoshi Dice use a secret?

[maxmint]

I have a question about Satoshi Dice, the popular Bitcoin casino.

I don't understand why they have to use secrets when determining the lucky number for a bet.
Here's how the lucky number is made:

The lucky number [...] is simply the first bytes of hmac_sha512(secret,txid:out_idx)

Why the need for a secret here? If the "secret" wasn't a secret but a public number – what would be the problem about this?

Thanks for your enlightening comments!

(I hope this is not off topic – if so, please move to the right subforum)

[1715538963]

1715538963

[DannyHamilton]

I believe on the same page where you found your quote, if you scroll to the top and start reading, you'll find the following answer to your question:

They are not released right away, since they could be used to submit selective transactions and win bets unfairly.

[maxmint]

Yes, I read that but I have no clue how one could "submit selective transactions".
I mean, either I send a transaction or not. Once it is sent, then it's gone and I can't manipulate it in any way – or am I stupidly missing something here?

I believe on the same page where you found your quote, if you scroll to the top and start reading, you'll find the following answer to your question:

They are not released right away, since they could be used to submit selective transactions and win bets unfairly.

[eb3full]

If you had access to the secret beforehand, you would be able to generate transactions (without immediately broadcasting them) that win the bet by, say, treating a second txout as a "nonce" of sorts. The integrity of Satoshi Dice is achieved through the principle: the secret should be unknown to the betters, and immutable by the house.

[DannyHamilton]

. . . either I send a transaction or not. Once it is sent, then it's gone and I can't manipulate it in any way – or am I . . . missing something here?

If they knew the "secret" ahead of time, a halfway decent programmer could write a program to create a transaction and check the value of hmac_sha512(secret,txid:out_idx).  Then if the transaction was a winner, submit it. If it was a loser, toss the transaction out and try creating a new transaction.

Essentially they would be "mining" for winning satoshi transactions, and just like miners only submit "winning" blocks to the blockchain, this cheating programmer could submit only winning transactions to SatoshiDice.

[maxmint]

Got it, thanks for the explanation!

[MPOE-PR]

Yes, I read that but I have no clue how one could "submit selective transactions".
I mean, either I send a transaction or not. Once it is sent, then it's gone and I can't manipulate it in any way – or am I stupidly missing something here?

It would seem that if a salt is not added you can simply hash the block yourself and see what it comes to, then bet accordingly.

[DannyHamilton]

It would seem that . . .

MPOE-PR, It would seem that you are a little late to the party.  This has already been explained (twice), and the OP has acknowledged that he understands.

[MPOE-PR]

It would seem that . . .

MPOE-PR, It would seem that you are a little late to the party.  This has already been explained (twice), and the OP has acknowledged that he understands.

Thirty minutes, sucks to be me I guess.