A guide to how Provably Fair works.

[🏰 TradeFortress 🏰]

You're playing a simple dice game, where the site generates a lucky number for each bet. The problem is, how do you know the site is generating random numbers fairly? How do you know they're not cheating or rigging the game? They could be secretly making you lose more often.

The solution: Provably Fair games.

Hashing

A hash is a message digest. It summarizes a message one way - you can't find out what the original message was from a hash, unless you brute force everything. Take "hello", the sha256 (an hashing algorithm) hash of that is "2cf24dba5fb0a30e[..]". Add a space to the end, "hello " and you get "5e3235a8346e5a4585f8c5[..]". So you can see changing a tiny part makes it completely different - random mapping.

The important part is hashes are one way, and are unpredictable. If I give you a hash of a very long string of numbers (say, 30 digits), you can't tell me what the original numbers are from the hash. (You actually theoretically can, by trying out all the numbers from 0000..00 to 9999..99, but it's implausible with a large search space).

Hashes are also tamper resistant. I can't find another number that gives the same hash. So you know I can't change my responses. (You actually can, it's called hash collisions, but the chances of that happening are 8.64e-78 which means it won't happen in real life for all intents and purposes.)

Provably Fairness

Let's say I run a blackjack game. [Ad: play blackjack on bitzino] I could provide a hash of the deck. But that only tells the player I haven't changed the deck after showing the hash, I could swapped cards in the deck beforehand. To solve this, the player needs to be able to influence the results of the deck. Here's where provably fairness comes in.

Outcome = hash(dealerSecret + playerSecret)

Outcome can be determined in any way, as long as it's public. Maybe first four pairs of numbers in the outcome are winning lotto numbers. Maybe first bit == 0 means heads, first bit == 1 means tails. Doesn't matter, because SHA256 is effectively a random mapping function.

The site hashes their randomly generated secret (they can generate it any way they wish, but if it is not random then the player will be able to beat the house and the site goes bankrupt) and shows it to the player. This way, the player knows the site isn't changing their secret after the player sends their secret to the site.

The dealer secret sometimes is hashed and presented before each play (eg bitZino, BitVegas), or it is generated well in advance - one secret for each day. The hashes of each day's secrets are published, and the actual secret is revealed after the day is over (so players can't cheat). This is used on sites like satoshiDICE.

For the player's secret, it could be generated in the browser via javascript, with an option for the player to specify it for themselves, or for blockchain games it uses the transaction ID. The transaction ID is just a hash of the transaction sent. The player needs to be able to change their secret (which you can do with transactions, by not sending a TX with a secret you don't like for some odd reason).

No player secrets

Some types of games don't need player secrets. They just need to hash their outcome and show you that before you play. Take coin flipping - IF you can bet on heads or tails. Sure, the site might have heads come up 55% of the time, but players will be able to perform statistical analysis and start betting on heads all the time and the house goes bankrupt. (Nitpick: Site can actually rig it, by giving heads more often if you bet more often on tails for example and vice versa, but that can be exploited with different bet amounts by the player -> site goes bankrupt)

Another example is minesweeper/minefield. Mines are predetermined. You choose which squares to dig. In either of those examples, you don't need to influence the result with a secret - you already are influencing the result by deciding which square to click or heads/tails to bet upon. So those sites are provably fair without requiring secrets exchange.

[giantdragon]

Another approach is to use hash of the next Bitcoin block, coming right after all bets were made.

[🏰 TradeFortress 🏰]

Another approach is to use hash of the next Bitcoin block, coming right after all bets were made.

Not the best way to do provably fairness. When the block reward halves to 12.5 BTC, you better make sure there are no bets > 12.5 BTC otherwise mining pools can cheat by discarding blocks.

[giantdragon]

Not the best way to do provably fairness. When the block reward halves to 12.5 BTC, you better make sure there are no bets > 12.5 BTC otherwise mining pools can cheat by discarding blocks.

This is only one method which can be used in multiplayer games (raffles and lotteries).
To prevent cheating from miners you should generate secret string and use combination of hash(secret + block_hash) to determine the winner.

[🏰 TradeFortress 🏰]

Not the best way to do provably fairness. When the block reward halves to 12.5 BTC, you better make sure there are no bets > 12.5 BTC otherwise mining pools can cheat by discarding blocks.

This is only one method which can be used in multiplayer games (raffles and lotteries).
To prevent cheating from miners you should generate secret string and use combination of hash(secret + block_hash) to determine the winner.

Add everyone's secret together?

[giantdragon]

Not the best way to do provably fairness. When the block reward halves to 12.5 BTC, you better make sure there are no bets > 12.5 BTC otherwise mining pools can cheat by discarding blocks.

This is only one method which can be used in multiplayer games (raffles and lotteries).
To prevent cheating from miners you should generate secret string and use combination of hash(secret + block_hash) to determine the winner.

Add everyone's secret together?

Service generates secret, publishes it's hash. When all bets were made, service waits for next Bitcoin block and uses hash(secret_PLAINTEXT + block_hash) to determine the winner. Then makes available secret's plaintext to all players.

[🏰 TradeFortress 🏰]

Not the best way to do provably fairness. When the block reward halves to 12.5 BTC, you better make sure there are no bets > 12.5 BTC otherwise mining pools can cheat by discarding blocks.

This is only one method which can be used in multiplayer games (raffles and lotteries).
To prevent cheating from miners you should generate secret string and use combination of hash(secret + block_hash) to determine the winner.

Add everyone's secret together?

Service generates secret, publishes it's hash. When all bets were made, service waits for next Bitcoin block and uses hash(secret_PLAINTEXT + block_hash) to determine the winner. Then makes available secret's plaintext to all players.

That'd work too - site can still cheat if the bets are large enough and they mined the block themselves (or have a shady deal with a mining pool), but that attack is pretty implausible / unlikely (miners might observe the shares and see one that should have being a block but isn't)

[dooglus]

BitVegas has an interesting take on this.  The multiplayer blackjack game takes the last thing each player said in the chat as the player seed, appending them all together.  So every player gets to influence the shuffle if they like.

[SRoulette]

BitVegas has an interesting take on this.  The multiplayer blackjack game takes the last thing each player said in the chat as the player seed, appending them all together.  So every player gets to influence the shuffle if they like.

BitVegas is a truly impressive project.

to ensure even number distribution we recommend using something similar to our provably fair RNG which is a a combination of hmac_sha512 + Mersine Twister:

Code:

#!/usr/bin/perl -w
# bet_verify.pl

use strict;
use warnings;

use Digest::SHA qw(hmac_sha512_hex);
use Math::Random::MT;

if(!$ARGV[0] || $ARGV[0] eq "--help" || $ARGV[0] eq "-h" || $ARGV[0] eq "/?")
{
        print "usage: bet_verify.pl <RANGE> <SECRET> <TXID> \n";
        exit;
}
my $range=$ARGV[0];
my $secret=$ARGV[1];
my $tx=$ARGV[2];

my $seed = Digest::SHA::hmac_sha512_hex($tx, $secret);          # hash txid and secret
$seed =~ s/^(.{8}).*$/$1/;                                      # use 1st 8 characters of hash for secret
$seed = hex($seed) + 0;                                         # convert hex to number
my $gen = Math::Random::MT->new($seed);                         # seed MT

my $number = int($gen->rand($range)+1);                         # generate random result inside game range using seeded MT

print "Result: $number\n";
exit;

[MPOE-PR]

Nice work Fortress.

[playtin]

Excellent summary of provably fair.
Keep on spreading the word so that eventually players avoid sites that prefer to manipulate/cheat.

[addi]

Excellent summary of provably fair.
Keep on spreading the word so that eventually players avoid sites that prefer to manipulate/cheat.

Qft! Provably fair should become the standard, not the exception. Bitcoin is an excellent gateway to achieve this.

[🏰 TradeFortress 🏰]

Bumpy

[madmadmax]

Seems to me that provable fairness gives the spotlight to crypto-charlatans, I would much rather trust my funds to large licensed casinos than a bunch of dorks hashing each other hashes in someones basement.

[madmadmax]

Seems to me that provable fairness gives the spotlight to crypto-charlatans, I would much rather trust my funds to large licensed casinos than a bunch of dorks hashing each other hashes in someones basement.

So you rather know that your gambling could have been fixed by the casino so for sure lose. Or would you rather have something that is as random as it gets, the software can't fix it to make sure you lose. I don't know what planet your from. Also why you have to name call? LMAO Does it in-power you in some way?

The chance of it being fixed by an established and licensed casino is much lower than ANY bitcoin casino.

S. Dice for example claim they have fair play, yet it is possible for them to submit selective bets since they know the secret word in advance and potentially steal from their investors. Okay not bad right? Wrong, nobody can vouch for the quality of the numbers that satoshidice generates and how random they are exactly, have they been certified by the Swiss Federal Office of Metrology (also known as METAS) and confirmed for quality number output that could compare to commercial RNGs such as Quantis? No? Didn't think so, it was certified by a bunch of smartasses on bitcointalk.

Using the (salted) hash of the chat as a seed is also a bad idea for various reasons, please leave it to the pros to generate quality random numbers, especially when it comes to gambling on virtual property, fund your project properly and hire a qualified person to do that work.

[gweedo]

Seems to me that provable fairness gives the spotlight to crypto-charlatans, I would much rather trust my funds to large licensed casinos than a bunch of dorks hashing each other hashes in someones basement.

So you rather know that your gambling could have been fixed by the casino so for sure lose. Or would you rather have something that is as random as it gets, the software can't fix it to make sure you lose. I don't know what planet your from. Also why you have to name call? LMAO Does it in-power you in some way?

The chance of it being fixed by an established and licensed casino is much lower than ANY bitcoin casino.

S. Dice for example claim they have fair play, yet it is possible for them to submit selective bets since they know the secret word in advance and potentially steal from their investors. Okay not bad right? Wrong, nobody can vouch for the quality of the numbers that satoshidice generates and how random they are exactly, have they been certified by the Swiss Federal Office of Metrology (also known as METAS) and confirmed for quality number output that could compare to commercial RNGs such as Quantis? No? Didn't think so, it was certified by a bunch of smartasses on bitcointalk.

Using the (salted) hash of the chat as a seed is also a bad idea for various reasons, please leave it to the pros to generate quality random numbers, especially when it comes to gambling on virtual property, fund your project properly and hire a qualified person to do that work.

You clearly never been to a licensed casino, slots are the worst odds and how is 95% in a bitcoin casino less than a licensed casino?

S.Dice has certainly had losing months, and they can't do that and if you check up on that, so if they do it you can show the forum, but I doubt that. They have made millions and don't need to fix the bets, that would make them lose everyone that was using the site.

You can't do random numbers in computers hence why you need hash something can be random, like a chat, and it clearly works as you can see it working.

[madmadmax]

Seems to me that provable fairness gives the spotlight to crypto-charlatans, I would much rather trust my funds to large licensed casinos than a bunch of dorks hashing each other hashes in someones basement.

So you rather know that your gambling could have been fixed by the casino so for sure lose. Or would you rather have something that is as random as it gets, the software can't fix it to make sure you lose. I don't know what planet your from. Also why you have to name call? LMAO Does it in-power you in some way?

The chance of it being fixed by an established and licensed casino is much lower than ANY bitcoin casino.

S. Dice for example claim they have fair play, yet it is possible for them to submit selective bets since they know the secret word in advance and potentially steal from their investors. Okay not bad right? Wrong, nobody can vouch for the quality of the numbers that satoshidice generates and how random they are exactly, have they been certified by the Swiss Federal Office of Metrology (also known as METAS) and confirmed for quality number output that could compare to commercial RNGs such as Quantis? No? Didn't think so, it was certified by a bunch of smartasses on bitcointalk.

Using the (salted) hash of the chat as a seed is also a bad idea for various reasons, please leave it to the pros to generate quality random numbers, especially when it comes to gambling on virtual property, fund your project properly and hire a qualified person to do that work.

You clearly never been to a licensed casino, slots are the worst odds and how is 95% in a bitcoin casino less than a licensed casino?

S.Dice has certainly had losing months, and they can't do that and if you check up on that, so if they do it you can show the forum, but I doubt that. They have made millions and don't need to fix the bets, that would make them lose everyone that was using the site.

You can't do random numbers in computers hence why you need hash something can be random, like a chat, and it clearly works as you can see it working.

It might work, it might even generate the house edge they claim, but it is unfair to the players that the numbers are not generated according to the standards of the industry, e.g. players could have "cold"/"hot" periods with S dice whereas players would loose 15 times in a row or win 15 times in a row. Same thing with other bitcoin casinos, nobody can guarantee how chaostic they are exactly. People need to start pulling their head out of their asses.

[00null]

The chance of it being fixed by an established and licensed casino is much lower than ANY bitcoin casino.

The chance of it being fixed by say bitzino is 0% because of math. And you claim that it is lower in established casinos? LOL. If your point would be true it would also be possible to counterfeit bitcoins, spend coins from wallets without having the private key, and so on. Sorry, but it only shows that you have no clue about math and hashes.

[madmadmax]

The chance of it being fixed by an established and licensed casino is much lower than ANY bitcoin casino.

The chance of it being fixed by say bitzino is 0% because of math. And you claim that it is lower in established casinos? LOL. If your point would be true it would also be possible to counterfeit bitcoins, spend coins from wallets without having the private key, and so on. Sorry, but it only shows that you have no clue about math and hashes.

Have you read the rest of my post and comprehended my point though?

....
Oh so you want standards of the industry where your win and loses are capped, come on dude, if you don't like it don't play. But this is fair, and can be prove. I will make a casino just for you where you only get 25% edge and the house gets 75% cause that is what slots are set too.

You just lost me there,

They are misrepresenting themselves to the gullible bitcointalk masses, the quality of the numbers generated is unknown, I rest my case.

[dooglus]

The difference appears to be that traditional casinos can pay to get the stamp of approval from some body that says the random number generator they demonstrated to that body is good.  There's no way they can prove that they actually use that good random number generator when the public plays against them however.

With provably fair games the players can be sure that the algorithm that is used is the one that the casinos claim is used, because they can check the maths for themselves.

It's possible to run huge simulations to check the distributions created by the provably fair algorithms to see if there's any bias.  I don't know if anyone has done that.

And claiming that provably fair doesn't work because SatoshiDice can cheat to defraud their shareholders is disingenuous because any business can cheat its shareholders no matter what business they're in.  It's not like that is unique to provably fair casinos.

All provable fairness gives you is the assurance that the house isn't cheating the players.  And that's a lot.