Bitcoin Forum
October 18, 2017, 09:52:11 AM
 News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 Home Help Search Donate Login Register
 Pages: [1] 2 3 4 5  All
 Author Topic: A guide to how Provably Fair works.  (Read 11205 times)
VIP
Legendary

Offline

Activity: 910

 March 30, 2013, 04:49:14 AM

You're playing a simple dice game, where the site generates a lucky number for each bet. The problem is, how do you know the site is generating random numbers fairly? How do you know they're not cheating or rigging the game? They could be secretly making you lose more often.

The solution: Provably Fair games.

Hashing

A hash is a message digest. It summarizes a message one way - you can't find out what the original message was from a hash, unless you brute force everything. Take "hello", the sha256 (an hashing algorithm) hash of that is "2cf24dba5fb0a30e[..]". Add a space to the end, "hello " and you get "5e3235a8346e5a4585f8c5[..]". So you can see changing a tiny part makes it completely different - random mapping.

The important part is hashes are one way, and are unpredictable. If I give you a hash of a very long string of numbers (say, 30 digits), you can't tell me what the original numbers are from the hash. (You actually theoretically can, by trying out all the numbers from 0000..00 to 9999..99, but it's implausible with a large search space).

Hashes are also tamper resistant. I can't find another number that gives the same hash. So you know I can't change my responses. (You actually can, it's called hash collisions, but the chances of that happening are 8.64e-78 which means it won't happen in real life for all intents and purposes.)

Provably Fairness

Let's say I run a blackjack game. [Ad: play blackjack on bitzino] I could provide a hash of the deck. But that only tells the player I haven't changed the deck after showing the hash, I could swapped cards in the deck beforehand. To solve this, the player needs to be able to influence the results of the deck. Here's where provably fairness comes in.

Outcome = hash(dealerSecret + playerSecret)

Outcome can be determined in any way, as long as it's public. Maybe first four pairs of numbers in the outcome are winning lotto numbers. Maybe first bit == 0 means heads, first bit == 1 means tails. Doesn't matter, because SHA256 is effectively a random mapping function.

The site hashes their randomly generated secret (they can generate it any way they wish, but if it is not random then the player will be able to beat the house and the site goes bankrupt) and shows it to the player. This way, the player knows the site isn't changing their secret after the player sends their secret to the site.

The dealer secret sometimes is hashed and presented before each play (eg bitZino, BitVegas), or it is generated well in advance - one secret for each day. The hashes of each day's secrets are published, and the actual secret is revealed after the day is over (so players can't cheat). This is used on sites like satoshiDICE.

For the player's secret, it could be generated in the browser via javascript, with an option for the player to specify it for themselves, or for blockchain games it uses the transaction ID. The transaction ID is just a hash of the transaction sent. The player needs to be able to change their secret (which you can do with transactions, by not sending a TX with a secret you don't like for some odd reason).

No player secrets

Some types of games don't need player secrets. They just need to hash their outcome and show you that before you play. Take coin flipping - IF you can bet on heads or tails. Sure, the site might have heads come up 55% of the time, but players will be able to perform statistical analysis and start betting on heads all the time and the house goes bankrupt. (Nitpick: Site can actually rig it, by giving heads more often if you bet more often on tails for example and vice versa, but that can be exploited with different bet amounts by the player -> site goes bankrupt)

Another example is minesweeper/minefield. Mines are predetermined. You choose which squares to dig. In either of those examples, you don't need to influence the result with a secret - you already are influencing the result by deciding which square to click or heads/tails to bet upon. So those sites are provably fair without requiring secrets exchange.
1508320331
Hero Member

Offline

Posts: 1508320331

Ignore
 1508320331

1508320331
 Report to moderator
1508320331
Hero Member

Offline

Posts: 1508320331

Ignore
 1508320331

1508320331
 Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508320331
Hero Member

Offline

Posts: 1508320331

Ignore
 1508320331

1508320331
 Report to moderator
1508320331
Hero Member

Offline

Posts: 1508320331

Ignore
 1508320331

1508320331
 Report to moderator
1508320331
Hero Member

Offline

Posts: 1508320331

Ignore
 1508320331

1508320331
 Report to moderator
giantdragon
Legendary

Offline

Activity: 1596

 March 30, 2013, 05:14:03 AM

Another approach is to use hash of the next Bitcoin block, coming right after all bets were made.
VIP
Legendary

Offline

Activity: 910

 March 30, 2013, 05:15:26 AM

Another approach is to use hash of the next Bitcoin block, coming right after all bets were made.
Not the best way to do provably fairness. When the block reward halves to 12.5 BTC, you better make sure there are no bets > 12.5 BTC otherwise mining pools can cheat by discarding blocks.
gweedo
Legendary

Offline

Activity: 1246

Java, PHP, HTML/CSS Programmer for Hire!

 March 30, 2013, 05:21:19 AM

I know some sites that use the block time as the seed to be hashed.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
giantdragon
Legendary

Offline

Activity: 1596

 March 30, 2013, 05:22:33 AM

Not the best way to do provably fairness. When the block reward halves to 12.5 BTC, you better make sure there are no bets > 12.5 BTC otherwise mining pools can cheat by discarding blocks.
This is only one method which can be used in multiplayer games (raffles and lotteries).
To prevent cheating from miners you should generate secret string and use combination of hash(secret + block_hash) to determine the winner.
VIP
Legendary

Offline

Activity: 910

 March 30, 2013, 05:27:52 AM

Not the best way to do provably fairness. When the block reward halves to 12.5 BTC, you better make sure there are no bets > 12.5 BTC otherwise mining pools can cheat by discarding blocks.
This is only one method which can be used in multiplayer games (raffles and lotteries).
To prevent cheating from miners you should generate secret string and use combination of hash(secret + block_hash) to determine the winner.
giantdragon
Legendary

Offline

Activity: 1596

 March 30, 2013, 05:36:17 AM

Not the best way to do provably fairness. When the block reward halves to 12.5 BTC, you better make sure there are no bets > 12.5 BTC otherwise mining pools can cheat by discarding blocks.
This is only one method which can be used in multiplayer games (raffles and lotteries).
To prevent cheating from miners you should generate secret string and use combination of hash(secret + block_hash) to determine the winner.
Service generates secret, publishes it's hash. When all bets were made, service waits for next Bitcoin block and uses hash(secret_PLAINTEXT + block_hash) to determine the winner. Then makes available secret's plaintext to all players.
VIP
Legendary

Offline

Activity: 910

 March 30, 2013, 05:48:46 AM

Not the best way to do provably fairness. When the block reward halves to 12.5 BTC, you better make sure there are no bets > 12.5 BTC otherwise mining pools can cheat by discarding blocks.
This is only one method which can be used in multiplayer games (raffles and lotteries).
To prevent cheating from miners you should generate secret string and use combination of hash(secret + block_hash) to determine the winner.
Service generates secret, publishes it's hash. When all bets were made, service waits for next Bitcoin block and uses hash(secret_PLAINTEXT + block_hash) to determine the winner. Then makes available secret's plaintext to all players.
That'd work too - site can still cheat if the bets are large enough and they mined the block themselves (or have a shady deal with a mining pool), but that attack is pretty implausible / unlikely (miners might observe the shares and see one that should have being a block but isn't)
dooglus
Legendary

Offline

Activity: 2310

 March 30, 2013, 06:46:40 AM

BitVegas has an interesting take on this.  The multiplayer blackjack game takes the last thing each player said in the chat as the player seed, appending them all together.  So every player gets to influence the shuffle if they like.

 Just-Dice ██                        ██████████                ██████████████████        ██████████████████████████  ██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████    ██████████████████████            ██████████████                    ██████ Play or Invest ██                        ██████████                ██████████████████        ██████████████████████████  ██████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████    ██████████████████████            ██████████████                    ██████ 1% House Edge
SRoulette
Sr. Member

Offline

Activity: 364

 March 30, 2013, 07:22:21 AM

BitVegas has an interesting take on this.  The multiplayer blackjack game takes the last thing each player said in the chat as the player seed, appending them all together.  So every player gets to influence the shuffle if they like.

BitVegas is a truly impressive project.

to ensure even number distribution we recommend using something similar to our provably fair RNG which is a a combination of hmac_sha512 + Mersine Twister:
Code:
#!/usr/bin/perl -w
# bet_verify.pl

use strict;
use warnings;

use Digest::SHA qw(hmac_sha512_hex);
use Math::Random::MT;

if(!\$ARGV[0] || \$ARGV[0] eq "--help" || \$ARGV[0] eq "-h" || \$ARGV[0] eq "/?")
{
print "usage: bet_verify.pl <RANGE> <SECRET> <TXID> \n";
exit;
}
my \$range=\$ARGV[0];
my \$secret=\$ARGV[1];
my \$tx=\$ARGV[2];

my \$seed = Digest::SHA::hmac_sha512_hex(\$tx, \$secret);          # hash txid and secret
\$seed =~ s/^(.{8}).*\$/\$1/;                                      # use 1st 8 characters of hash for secret
\$seed = hex(\$seed) + 0;                                         # convert hex to number
my \$gen = Math::Random::MT->new(\$seed);                         # seed MT

my \$number = int(\$gen->rand(\$range)+1);                         # generate random result inside game range using seeded MT

print "Result: \$number\n";
exit;

MPOE-PR
Hero Member

Offline

Activity: 756

 March 30, 2013, 11:41:06 AM

Nice work Fortress.

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
playtin
Full Member

Offline

Activity: 201

https://playt.in

 March 30, 2013, 03:16:01 PM

Excellent summary of provably fair.
Keep on spreading the word so that eventually players avoid sites that prefer to manipulate/cheat.

Hero Member

Offline

Activity: 628

https://satoshibet.com

 March 30, 2013, 10:51:44 PM

Excellent summary of provably fair.
Keep on spreading the word so that eventually players avoid sites that prefer to manipulate/cheat.

Qft! Provably fair should become the standard, not the exception. Bitcoin is an excellent gateway to achieve this.

VIP
Legendary

Offline

Activity: 910

 April 11, 2013, 11:21:12 AM

Bumpy
Hero Member

Offline

Activity: 740

 April 11, 2013, 02:06:19 PM

Seems to me that provable fairness gives the spotlight to crypto-charlatans, I would much rather trust my funds to large licensed casinos than a bunch of dorks hashing each other hashes in someones basement.

 ▄▄▄▄▄               ▄▄▄▄▄   ▄▄█▀▀▀▀▀▀██▄        ▄▄█▀▀▀▀▀▀▀█▄ ▄██▀        ▀██▄    ▄██▀         ▀█▄██▀            ▀██▄  ▀▀             ████               ▀██        ▄▄▄▄▄▄▄▄████                ▀██▄      ▀▀▀▀▀▀▀▀▀▀ ██▄          ▄██   ▀██▄          ▄▄▄  ▀██▄      ▄██▀      ▀██▄▄     ▄██▀    ▀▀██████▀▀          ▀▀██████▀▀ æternityThe Oracle Machine █║█ ✔ Unchained Smart Contracts✔ Decentralized Oracle✔ Infinitly Scalable ✔ Blockchain Technology✔ Turing-Complete✔ State-Channels █║█ ▄████▄▄    ▄██             ████████████▀ ████▄         █████████████▀ ▀████████▄▄   █████████████▄▄███████████████████████████████████████████████████  ▀██████████████████████    █████████████████████     ▀█████████████████▀      ▄█████████████▀▄▄███████████████▀    ▀▀▀▀▀▀▀▀▀▀▀ .TWITTER.TELEGRAM ▄██▄     ▄      ▐████   ▄▄   █████     ██████████    █████████████████▀  ▄████████████▀████▌██████████     ▀████      ▀▀   █████     ██████████      ▀████▌▄████████████▀    ▄▄▄███████████████▌   ██████████▀    ▐████    ▀▀▀  ████▌     ▀▀▀         ▀███▀ .SLACK.REDDIT f .FACEBOOK.LINKEDIN █║█ Scalable Smart ContractsStart of phase 2 contribution campaign ▬ May 29
gweedo
Legendary

Offline

Activity: 1246

Java, PHP, HTML/CSS Programmer for Hire!

 April 11, 2013, 06:08:02 PM

Seems to me that provable fairness gives the spotlight to crypto-charlatans, I would much rather trust my funds to large licensed casinos than a bunch of dorks hashing each other hashes in someones basement.

So you rather know that your gambling could have been fixed by the casino so for sure lose. Or would you rather have something that is as random as it gets, the software can't fix it to make sure you lose. I don't know what planet your from. Also why you have to name call? LMAO Does it in-power you in some way?

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
Hero Member

Offline

Activity: 740

 April 11, 2013, 10:30:10 PM

Seems to me that provable fairness gives the spotlight to crypto-charlatans, I would much rather trust my funds to large licensed casinos than a bunch of dorks hashing each other hashes in someones basement.

So you rather know that your gambling could have been fixed by the casino so for sure lose. Or would you rather have something that is as random as it gets, the software can't fix it to make sure you lose. I don't know what planet your from. Also why you have to name call? LMAO Does it in-power you in some way?

The chance of it being fixed by an established and licensed casino is much lower than ANY bitcoin casino.

S. Dice for example claim they have fair play, yet it is possible for them to submit selective bets since they know the secret word in advance and potentially steal from their investors. Okay not bad right? Wrong, nobody can vouch for the quality of the numbers that satoshidice generates and how random they are exactly, have they been certified by the Swiss Federal Office of Metrology (also known as METAS) and confirmed for quality number output that could compare to commercial RNGs such as Quantis? No? Didn't think so, it was certified by a bunch of smartasses on bitcointalk.

Using the (salted) hash of the chat as a seed is also a bad idea for various reasons, please leave it to the pros to generate quality random numbers, especially when it comes to gambling on virtual property, fund your project properly and hire a qualified person to do that work.

 ▄▄▄▄▄               ▄▄▄▄▄   ▄▄█▀▀▀▀▀▀██▄        ▄▄█▀▀▀▀▀▀▀█▄ ▄██▀        ▀██▄    ▄██▀         ▀█▄██▀            ▀██▄  ▀▀             ████               ▀██        ▄▄▄▄▄▄▄▄████                ▀██▄      ▀▀▀▀▀▀▀▀▀▀ ██▄          ▄██   ▀██▄          ▄▄▄  ▀██▄      ▄██▀      ▀██▄▄     ▄██▀    ▀▀██████▀▀          ▀▀██████▀▀ æternityThe Oracle Machine █║█ ✔ Unchained Smart Contracts✔ Decentralized Oracle✔ Infinitly Scalable ✔ Blockchain Technology✔ Turing-Complete✔ State-Channels █║█ ▄████▄▄    ▄██             ████████████▀ ████▄         █████████████▀ ▀████████▄▄   █████████████▄▄███████████████████████████████████████████████████  ▀██████████████████████    █████████████████████     ▀█████████████████▀      ▄█████████████▀▄▄███████████████▀    ▀▀▀▀▀▀▀▀▀▀▀ .TWITTER.TELEGRAM ▄██▄     ▄      ▐████   ▄▄   █████     ██████████    █████████████████▀  ▄████████████▀████▌██████████     ▀████      ▀▀   █████     ██████████      ▀████▌▄████████████▀    ▄▄▄███████████████▌   ██████████▀    ▐████    ▀▀▀  ████▌     ▀▀▀         ▀███▀ .SLACK.REDDIT f .FACEBOOK.LINKEDIN █║█ Scalable Smart ContractsStart of phase 2 contribution campaign ▬ May 29
gweedo
Legendary

Offline

Activity: 1246

Java, PHP, HTML/CSS Programmer for Hire!

 April 11, 2013, 10:36:33 PM

Seems to me that provable fairness gives the spotlight to crypto-charlatans, I would much rather trust my funds to large licensed casinos than a bunch of dorks hashing each other hashes in someones basement.

So you rather know that your gambling could have been fixed by the casino so for sure lose. Or would you rather have something that is as random as it gets, the software can't fix it to make sure you lose. I don't know what planet your from. Also why you have to name call? LMAO Does it in-power you in some way?

The chance of it being fixed by an established and licensed casino is much lower than ANY bitcoin casino.

S. Dice for example claim they have fair play, yet it is possible for them to submit selective bets since they know the secret word in advance and potentially steal from their investors. Okay not bad right? Wrong, nobody can vouch for the quality of the numbers that satoshidice generates and how random they are exactly, have they been certified by the Swiss Federal Office of Metrology (also known as METAS) and confirmed for quality number output that could compare to commercial RNGs such as Quantis? No? Didn't think so, it was certified by a bunch of smartasses on bitcointalk.

Using the (salted) hash of the chat as a seed is also a bad idea for various reasons, please leave it to the pros to generate quality random numbers, especially when it comes to gambling on virtual property, fund your project properly and hire a qualified person to do that work.

You clearly never been to a licensed casino, slots are the worst odds and how is 95% in a bitcoin casino less than a licensed casino?

S.Dice has certainly had losing months, and they can't do that and if you check up on that, so if they do it you can show the forum, but I doubt that. They have made millions and don't need to fix the bets, that would make them lose everyone that was using the site.

You can't do random numbers in computers hence why you need hash something can be random, like a chat, and it clearly works as you can see it working.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
Hero Member

Offline

Activity: 740

 April 11, 2013, 10:42:56 PM

Seems to me that provable fairness gives the spotlight to crypto-charlatans, I would much rather trust my funds to large licensed casinos than a bunch of dorks hashing each other hashes in someones basement.

So you rather know that your gambling could have been fixed by the casino so for sure lose. Or would you rather have something that is as random as it gets, the software can't fix it to make sure you lose. I don't know what planet your from. Also why you have to name call? LMAO Does it in-power you in some way?

The chance of it being fixed by an established and licensed casino is much lower than ANY bitcoin casino.

S. Dice for example claim they have fair play, yet it is possible for them to submit selective bets since they know the secret word in advance and potentially steal from their investors. Okay not bad right? Wrong, nobody can vouch for the quality of the numbers that satoshidice generates and how random they are exactly, have they been certified by the Swiss Federal Office of Metrology (also known as METAS) and confirmed for quality number output that could compare to commercial RNGs such as Quantis? No? Didn't think so, it was certified by a bunch of smartasses on bitcointalk.

Using the (salted) hash of the chat as a seed is also a bad idea for various reasons, please leave it to the pros to generate quality random numbers, especially when it comes to gambling on virtual property, fund your project properly and hire a qualified person to do that work.

You clearly never been to a licensed casino, slots are the worst odds and how is 95% in a bitcoin casino less than a licensed casino?

S.Dice has certainly had losing months, and they can't do that and if you check up on that, so if they do it you can show the forum, but I doubt that. They have made millions and don't need to fix the bets, that would make them lose everyone that was using the site.

You can't do random numbers in computers hence why you need hash something can be random, like a chat, and it clearly works as you can see it working.

It might work, it might even generate the house edge they claim, but it is unfair to the players that the numbers are not generated according to the standards of the industry, e.g. players could have "cold"/"hot" periods with S dice whereas players would loose 15 times in a row or win 15 times in a row. Same thing with other bitcoin casinos, nobody can guarantee how chaostic they are exactly. People need to start pulling their head out of their asses.

 ▄▄▄▄▄               ▄▄▄▄▄   ▄▄█▀▀▀▀▀▀██▄        ▄▄█▀▀▀▀▀▀▀█▄ ▄██▀        ▀██▄    ▄██▀         ▀█▄██▀            ▀██▄  ▀▀             ████               ▀██        ▄▄▄▄▄▄▄▄████                ▀██▄      ▀▀▀▀▀▀▀▀▀▀ ██▄          ▄██   ▀██▄          ▄▄▄  ▀██▄      ▄██▀      ▀██▄▄     ▄██▀    ▀▀██████▀▀          ▀▀██████▀▀ æternityThe Oracle Machine █║█ ✔ Unchained Smart Contracts✔ Decentralized Oracle✔ Infinitly Scalable ✔ Blockchain Technology✔ Turing-Complete✔ State-Channels █║█ ▄████▄▄    ▄██             ████████████▀ ████▄         █████████████▀ ▀████████▄▄   █████████████▄▄███████████████████████████████████████████████████  ▀██████████████████████    █████████████████████     ▀█████████████████▀      ▄█████████████▀▄▄███████████████▀    ▀▀▀▀▀▀▀▀▀▀▀ .TWITTER.TELEGRAM ▄██▄     ▄      ▐████   ▄▄   █████     ██████████    █████████████████▀  ▄████████████▀████▌██████████     ▀████      ▀▀   █████     ██████████      ▀████▌▄████████████▀    ▄▄▄███████████████▌   ██████████▀    ▐████    ▀▀▀  ████▌     ▀▀▀         ▀███▀ .SLACK.REDDIT f .FACEBOOK.LINKEDIN █║█ Scalable Smart ContractsStart of phase 2 contribution campaign ▬ May 29
gweedo
Legendary

Offline

Activity: 1246

Java, PHP, HTML/CSS Programmer for Hire!

 April 11, 2013, 10:46:37 PM

Seems to me that provable fairness gives the spotlight to crypto-charlatans, I would much rather trust my funds to large licensed casinos than a bunch of dorks hashing each other hashes in someones basement.

So you rather know that your gambling could have been fixed by the casino so for sure lose. Or would you rather have something that is as random as it gets, the software can't fix it to make sure you lose. I don't know what planet your from. Also why you have to name call? LMAO Does it in-power you in some way?

The chance of it being fixed by an established and licensed casino is much lower than ANY bitcoin casino.

S. Dice for example claim they have fair play, yet it is possible for them to submit selective bets since they know the secret word in advance and potentially steal from their investors. Okay not bad right? Wrong, nobody can vouch for the quality of the numbers that satoshidice generates and how random they are exactly, have they been certified by the Swiss Federal Office of Metrology (also known as METAS) and confirmed for quality number output that could compare to commercial RNGs such as Quantis? No? Didn't think so, it was certified by a bunch of smartasses on bitcointalk.

Using the (salted) hash of the chat as a seed is also a bad idea for various reasons, please leave it to the pros to generate quality random numbers, especially when it comes to gambling on virtual property, fund your project properly and hire a qualified person to do that work.

You clearly never been to a licensed casino, slots are the worst odds and how is 95% in a bitcoin casino less than a licensed casino?

S.Dice has certainly had losing months, and they can't do that and if you check up on that, so if they do it you can show the forum, but I doubt that. They have made millions and don't need to fix the bets, that would make them lose everyone that was using the site.

You can't do random numbers in computers hence why you need hash something can be random, like a chat, and it clearly works as you can see it working.

It might work, it might even generate the house edge they claim, but it is unfair to the players that the numbers are not generated according to the standards of the industry, e.g. players could have "cold"/"hot" periods with S dice whereas players would loose 15 times in a row or win 15 times in a row. Same thing with other bitcoin casinos, nobody can guarantee how chaostic they are exactly. People need to start pulling their head out of their asses.

Oh so you want standards of the industry where your win and loses are capped, come on dude, if you don't like it don't play. But this is fair, and can be prove. I will make a casino just for you where you only get 25% edge and the house gets 75% cause that is what slots are set too.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
 Pages: [1] 2 3 4 5  All
 « previous topic next topic »