Bitcoin Forum
February 27, 2021, 10:46:37 PM *
News: Latest Bitcoin Core release: 0.21.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: How random the last digit of a block hash really is?  (Read 23538 times)
Cryddit
Legendary
*
Offline Offline

Activity: 924
Merit: 1057


View Profile
July 12, 2016, 03:56:28 AM
 #21

To be fair: 

You shouldn't rely on the randomness of the hash if people are betting on it.  Especially not after the hashing.

If you have a miner who stands to make more on the bet than they would on the block subsidy, the economics can favor them getting a hash low enough to make a block, but then withholding it, looking for a hash low enough to make the block *AND* having a final digit that will win them the bet as well.  They risk losing the block subsidy if another miner finds a block first, but they can also instantly release the block they found the first instant they get a whiff of the other miner's block, and then they have a nearly-equal chance of getting the block subsidy anyhow.  Meanwhile, they go on looking to win the bet. 

1614465997
Hero Member
*
Offline Offline

Posts: 1614465997

View Profile Personal Message (Offline)

Ignore
1614465997
Reply with quote  #2

1614465997
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1614465997
Hero Member
*
Offline Offline

Posts: 1614465997

View Profile Personal Message (Offline)

Ignore
1614465997
Reply with quote  #2

1614465997
Report to moderator
1614465997
Hero Member
*
Offline Offline

Posts: 1614465997

View Profile Personal Message (Offline)

Ignore
1614465997
Reply with quote  #2

1614465997
Report to moderator
1614465997
Hero Member
*
Offline Offline

Posts: 1614465997

View Profile Personal Message (Offline)

Ignore
1614465997
Reply with quote  #2

1614465997
Report to moderator
cr1776
Legendary
*
Offline Offline

Activity: 2898
Merit: 1151


View Profile
July 12, 2016, 11:30:23 AM
 #22

To be fair: 

You shouldn't rely on the randomness of the hash if people are betting on it.  Especially not after the hashing.

If you have a miner who stands to make more on the bet than they would on the block subsidy, the economics can favor them getting a hash low enough to make a block, but then withholding it, looking for a hash low enough to make the block *AND* having a final digit that will win them the bet as well.  They risk losing the block subsidy if another miner finds a block first, but they can also instantly release the block they found the first instant they get a whiff of the other miner's block, and then they have a nearly-equal chance of getting the block subsidy anyhow.  Meanwhile, they go on looking to win the bet. 



This.

When there is no incentive to mess with the hash, it may be safe to rely on the last digit. But as was said here (and DH above previously) when there is incentive to do so, it is possible to do so.

Using the last digit of the hash of a single block as the sole random value for a sufficiently large prize is asking for problems.

Even looking at all the values showing it looks random is not sufficient if the lottery drawing (for example) happens every 1000 blocks because you only need to do it once to win a massive sum (eg in the US's Powerball drawing the subsidy is minimal in comparison).  In most of the blocks there is no incentive to select a particular hash so even if someone did it successfully 10% of the time (every 10000 blocks in this example)  it would be undetectable in the noise. 



Albert Hamilton
Full Member
***
Offline Offline

Activity: 128
Merit: 100


View Profile
August 20, 2016, 11:08:49 AM
 #23

To be fair: 

You shouldn't rely on the randomness of the hash if people are betting on it.  Especially not after the hashing.

If you have a miner who stands to make more on the bet than they would on the block subsidy, the economics can favor them getting a hash low enough to make a block, but then withholding it, looking for a hash low enough to make the block *AND* having a final digit that will win them the bet as well.  They risk losing the block subsidy if another miner finds a block first, but they can also instantly release the block they found the first instant they get a whiff of the other miner's block, and then they have a nearly-equal chance of getting the block subsidy anyhow.  Meanwhile, they go on looking to win the bet. 


So, according to you, if this game goes big, miners may not publish valid blocks and thereby disrupt bitcoin block generation altogether?
ranochigo
Legendary
*
Offline Offline

Activity: 2268
Merit: 1915

@ me if you need my response


View Profile
August 20, 2016, 01:12:20 PM
 #24

To be fair:  

You shouldn't rely on the randomness of the hash if people are betting on it.  Especially not after the hashing.

If you have a miner who stands to make more on the bet than they would on the block subsidy, the economics can favor them getting a hash low enough to make a block, but then withholding it, looking for a hash low enough to make the block *AND* having a final digit that will win them the bet as well.  They risk losing the block subsidy if another miner finds a block first, but they can also instantly release the block they found the first instant they get a whiff of the other miner's block, and then they have a nearly-equal chance of getting the block subsidy anyhow.  Meanwhile, they go on looking to win the bet.  


So, according to you, if this game goes big, miners may not publish valid blocks and thereby disrupt bitcoin block generation altogether?
That is if they have sufficient resources to even generate a block. They would probably need a significant hash rate to be able to generate blocks at a reasonable frequency. The miner can always mine the block and start mining on it before publishing it. The miner have a chance to publish two blocks at once and no one else could've solved on it. This theoretically can give them a higher chance of getting the subsequent blocks.

The method mentioned above is quite effective for the attacker and would have a significant chance of succeeding if you have a good amount of hashpower. However, if you do not have a good portion of the network's hash power, your probability of succeeding will be close to insignificant. If someone mined the block when you are withholding it, unless you have a high amount of hash power, more often than not, the block you mined would be orphaned. That obviously depends on which block the miners decided to work on. There is a chance for them to lose both the block reward and the bet altogether.

Miners would have to continue to publish the blocks since the game uses it to determine the results. Bitcoin's block would at the very most be delayed.


Dabs
Legendary
*
Offline Offline

Activity: 2884
Merit: 1563


The Concierge of Crypto


View Profile
August 27, 2016, 07:29:15 PM
 #25

How about the last 2 digits of the block hash? 256 choices / chances.
How about the last 4 digits of the block hash? 65k.

Why not just use the whole block hash, and hash it again. Pair that with another value that is unknown until it is published (but with a SHA256/512 hash) and it's as "provably fair" as it gets. The only one who could cheat is the owner of the site AND if he is a big miner.

Someone else made another site (that has since been gone or sold or something) that computed more hashes for a good half hour (or about 3 blocks worth) on decently powerful hardware so that this eliminated the "miner withholding the block problem", but I think that's overkill and too much work.

My site uses 64 consecutive block hashes, but that's just for following the theme. I could have just use 1 block hash for the same result.

Shockaftermoon
Full Member
***
Offline Offline

Activity: 224
Merit: 100


beatcoin team leader


View Profile WWW
September 06, 2016, 12:11:20 AM
 #26

never seen this b4 http://www.bitcoinbetting.website/

MyBTT
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250


View Profile
September 09, 2016, 05:31:46 AM
 #27

It is random as long miners/pools don't care about the site.

If the bets become bigger than subsidy (25BTC), it gets interesting.

Miners/pools can participate on site, rig future block digit to be zero, and sweep all unsuspecting user's funds who bet on 1.

OH and by the way, I know about system how truly fair betting can be constructed, but it's a secret Smiley

Lol there is no such thing has truly fair betting. You could use random.org, but their numbers are based on results of a physical anomaly, which is not totally fair.

The best thing atm is probably fair, which has been documented many times.


 
 
           ▄████▄
         ▄████████▄
       ▄████████████▄
     ▄████████████████▄
    ████████████████████      ▄█▄                 ▄███▄                 ▄███▄                 ▄████████████████▀   ▄██████████

  ▄▄▄▀█████▀▄▄▄▄▀█████▀▄▄▄     ▀██▄             ▄██▀ ▀██▄             ▄██▀ ▀██▄             ▄██▀                   ██
▄█████▄▀▀▀▄██████▄▀▀▀▄█████▄     ▀██▄         ▄██▀     ▀██▄         ▄██▀     ▀██▄         ▄██▀        ▄█▄          ▀██████████████▄
████████████████████████████       ▀██▄     ▄██▀         ▀██▄     ▄██▀         ▀██▄     ▄██▀          ▀█▀                        ██
 ▀████████████████████████▀          ▀██▄ ▄██▀             ▀██▄ ▄██▀     ▄█▄     ▀██▄ ▄██▀                                       ██
   ▀████████████████████▀              ▀███▀                 ▀███▀       ▀█▀       ▀███▀      ▄███████████████████████████████████▀
     ▀████████████████▀
       ▀████████████▀
         ▀████████▀
           ▀████▀
║║


║║
.
.

║║
██
║║
.
.

║║
██
║║
.
║║


║║
Dabs
Legendary
*
Offline Offline

Activity: 2884
Merit: 1563


The Concierge of Crypto


View Profile
September 09, 2016, 01:36:20 PM
 #28

Lol there is no such thing has truly fair betting. You could use random.org, but their numbers are based on results of a physical anomaly, which is not totally fair.

The best thing atm is probably fair, which has been documented many times.

I don't know what you're trying to say. If both the site and the player have no way to determine the result before it is shown, then it is fair. Using random.org is fair, but no one wants to use that because people in this bitcoin world want provably fair.

Probably fair is not something anyone wants. The probabilities are there, but you want it proven beyond doubt.

CounterEntropy
Full Member
***
Offline Offline

Activity: 196
Merit: 203


View Profile
September 17, 2016, 10:29:13 PM
 #29

Everything has a first time. No?
AOL
Jr. Member
*
Offline Offline

Activity: 108
Merit: 3


View Profile
September 30, 2016, 11:31:57 AM
 #30

The best thing atm is probably fair, which has been documented many times.
It is not probably fair. It is provably fair.
Decoded
Legendary
*
Offline Offline

Activity: 1232
Merit: 1024


give me your cryptos


View Profile
September 30, 2016, 12:09:27 PM
 #31

Lol there is no such thing has truly fair betting. You could use random.org, but their numbers are based on results of a physical anomaly, which is not totally fair.

The best thing atm is probably fair, which has been documented many times.

I don't know what you're trying to say. If both the site and the player have no way to determine the result before it is shown, then it is fair. Using random.org is fair, but no one wants to use that because people in this bitcoin world want provably fair.

Probably fair is not something anyone wants. The probabilities are there, but you want it proven beyond doubt.

I think what he's trying to say is not that nothing is probably fair, but nothing is 100% fair and random. A formula will always be restricted by parameters.

looking for a signature campaign, dm me for that
Dabs
Legendary
*
Offline Offline

Activity: 2884
Merit: 1563


The Concierge of Crypto


View Profile
September 30, 2016, 02:05:11 PM
 #32

I think what he's trying to say is not that nothing is probably fair, but nothing is 100% fair and random. A formula will always be restricted by parameters.
I know what he tried to say, I'm just being a jerk about it, grammar police, whatever. Smiley

But when you say "restricted by parameters", ... 128, 256, or 512 bit output... Not something to worry about from a practical point of view. You can argue about it academically all day, won't really matter as it's essentially unpredictable and random for all intents and purposes except analyzing it. They are deterministic.

To predict a block hash, or any digit of the hash, you would need ... to actually mine.

Jimmy Wales
Member
**
Offline Offline

Activity: 131
Merit: 17


View Profile
October 04, 2016, 06:53:21 PM
 #33

When there is no incentive to mess with the hash, it may be safe to rely on the last digit. But as was said here (and DH above previously) when there is incentive to do so, it is possible to do so.
Recently, www.bitcoinbetting.website made the following announcement...

Maximum bet amount allowed has been raised from 0.1 BTC to 1 BTC. Anything over this amount will be considered as donation.

So, the winning amount, i.e. 16 BTC, is more than a block reward, i.e. 12.5 BTC. Do u think, miners may hold a block now if they place 1 BTC bet with a wrong choice? Appears impossible to me...
Dabs
Legendary
*
Offline Offline

Activity: 2884
Merit: 1563


The Concierge of Crypto


View Profile
October 05, 2016, 03:28:25 AM
 #34

I think the "threshold" for risking losing 99.99% of earning 12.5 BTC is a gamble of how many percent of their hashpower is to the total network of about double or triple. Or 25 BTC. Or more.

No miner in his right mind will give up the current block reward for anything less than double or triple that. I think no miner would give up 12.5 BTC unless the gamble has a higher than 50% chance of earning 25 BTC, or a higher than 75% of earning 50 BTC (if the bet or prize gets that big).

Now if the last digit of a block hash is used in conjunction with a secret, then the website owner would have to collude with a large or strong miner or a pool.

Currently, there is no known single pool or sufficiently large solo miner that has the hashpower to even consider this kind of attack, plus it is a gamble, so why would they do it?

So, the winning amount, i.e. 16 BTC, is more than a block reward, i.e. 12.5 BTC. Do u think, miners may hold a block now if they place 1 BTC bet with a wrong choice? Appears impossible to me...

Nope. Too risky for a winning amount that small. I'd rather take the 12.5 BTC because I have that now. (not even guaranteed).

Rupert Murdoch
Newbie
*
Offline Offline

Activity: 44
Merit: 0


View Profile
November 05, 2016, 02:59:27 PM
 #35

Hashes are uniformly distributed over the entire number space, so to answer you question, they are as random as they get. Furthermore, such hashes are routinely used in provably fair algorithms in other sites, sort of like an industry best practice.
Is there any mathematical proof of that or it is just an assumption based on previous data?
Ya-ing
Member
**
Offline Offline

Activity: 119
Merit: 100


View Profile
November 05, 2016, 05:43:57 PM
 #36

As I understand randomness... it is not that anything in the computer world is really random. It is just too complicated to calculate and predict.

Dabs
Legendary
*
Offline Offline

Activity: 2884
Merit: 1563


The Concierge of Crypto


View Profile
November 05, 2016, 07:10:59 PM
 #37

Hashes are uniformly distributed over the entire number space, so to answer you question, they are as random as they get. Furthermore, such hashes are routinely used in provably fair algorithms in other sites, sort of like an industry best practice.
Is there any mathematical proof of that or it is just an assumption based on previous data?

As far as I am aware, there is no "proof", not in the mathematical sense. Try this, make a list of numbers from 1 to 1 billion. Get the SHA256 (or any other) hash of these numbers. You'll see, the hashes are uniformly or evenly distributed. It's not perfect.

You can check the last digit and see if you get close to the expected results.

FruitBucket
Sr. Member
****
Offline Offline

Activity: 286
Merit: 250



View Profile
November 05, 2016, 09:04:01 PM
 #38

As per proof-of-work: Miners will need to find a hash which contains the right amount of zeros to match the difficulty. If a miner found the right hash in time but it does not match the hex number that he placed the bet one, than he can choose to not submit the block and instead continues to search for a different nonce/hash. This will likely take him on average twice as long and even then there is still a 15/16 chance that if he found a new hash that it is still not the hex number that he placed the bet on. However, meanwhile the miner risks that someone else finds the correct hash - so he is risking his block reward doing this.

The odds are entirely different if the house allows to place bets exactly until the block is announced. In this case the miner could just place a bet before announcing the block to the network. However, it is unlikely that the house would allow these last-minute bets.

Dabs
Legendary
*
Offline Offline

Activity: 2884
Merit: 1563


The Concierge of Crypto


View Profile
November 06, 2016, 04:05:43 AM
 #39

I don't know how other gambling sites operate, but a way to mitigate or lower the risk for the house (or investors) and for all other players to not have a clue about the winning number is to use a delay, and use a secret. As in, don't allow to bet on the block hash itself. But if the game or site we're talking about does that, ... they're asking for trouble.

betwithbitcoin8668
Newbie
*
Offline Offline

Activity: 21
Merit: 0


View Profile
November 06, 2016, 05:41:00 AM
 #40

I recently noticed a gambling website (www.bitcoinbetting.website) is offering 4 times return on correctly guessing the last digit of a block hash. I would like to know, how random is the last digit of a block hash really is? Is there any bias towards numbers or letters?

Update: Lately, they have increased return to 16 times for each winning bet.

16 times is too much , that means they didn't make money from it .

And I think people will rarelly play a game with 1/16 chance to win.
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!