Transparent Random Number "Generation"

[lulzplzkthx]

I've noticed many websites, especially gambling, or chance related, needing transparent random number generations. Some have taken to MD5 hashes, etc. but I'd like to offer another method.

Each day, there will be 40,000 new numbers added to a list of numbers I have downloaded from random.org. The way my system works is this:

1. You send a GET request to http://testingzone.zapto.org/random/
2. You will receive a JSON output, similar to this: {"id":"3","number":"556194503","password":"4dfbaa53d6e28","time":1308338771,"error":0}
3. Check that the error is 0.
4. The ID you give to the user, the number you use, and you have the option to give the time to the user.
5. When everything has been done, you give the user the password.

Errors are as follows:
1 - Database error.
2 - Error generating numbers (ran out.)

On the user's side, it works like this:

1. You go to http://testingzone.zapto.org/random/?act=view&id=3
2. You will receive an output similar to this: Number generated at 06/17/2011 07:26:11 UTC. This hopefully lets you know that the owner of the website isn't reusing old IDs.
3. When you are given the password, you add &password=4dfbaa53d6e28 to the end of the URL (so, http://testingzone.zapto.org/random/?act=view&id=3&password=4dfbaa53d6e28)
4. You will receive an output similar to this: Number generated at 06/17/2011 07:26:11 UTC. Correct password given. The number was: 556194503
5. You verify the number is correct with the way the system works, and are satisfied.

The numbers are between the length of 1 and 1,000,000,000. It is up to you as a developer to turn that number into what you need.
The format of the time variable is an integer number of 10 digits. It's the UNIX Epoch time.
The numbers come from random.org.

Feel free to use this however you wish, just please don't try to eat up all of my numbers (i.e. don't be a douche.)

Any suggestions?

If you'd like to donate: 1a23UGMAVM6MtF31pBZNCaWgEWyBT32vS

~lulzplzkthx

[1713567367]

1713567367

[1713567367]

1713567367

[1713567367]

1713567367

[CAFxX]

The only reason one might need true random numbers is for generating cryptographic keys. Asking such numbers to an external entity would render pointless the whole cryptography attempt (not to mention, exceptionally slow).
What's wrong with /dev/random in your opinion?

[xlcus]

Some have taken to MD5 hashes, etc. but I'd like to offer another method.

How do you see your method as being better than the MD5 hash method, considering the user/player now has another 3rd party to trust?

[lulzplzkthx]

Some have taken to MD5 hashes, etc. but I'd like to offer another method.

How do you see your method as being better than the MD5 hash method, considering the user/player now has another 3rd party to trust?

It's not necessarily a "better" method, it's "another" method. In my opinion, the user isn't confused about what an MD5 hash is. Of course, they may want to know more about what MY service is, so that might be useless. However, the reason I created this service wasn't so that I could use it, but so that people no longer had an excuse to say "oh, well, we don't want to compromise our security", and so they stop abusing random.org asking for a number every time they need one, instead of generating a block list, like I did.

And, as I said, I created it so I couldn't use it, but so others could. It's something that they did not create, and thus I have no motivation to help them cheat.

The only reason one might need true random numbers is for generating cryptographic keys. Asking such numbers to an external entity would render pointless the whole cryptography attempt (not to mention, exceptionally slow).
What's wrong with /dev/random in your opinion?

Lotteries need true random numbers. Would you like to see a graphic representation of PHP's rand() function on a Windows machine? It's pretty. It's pretty because there's a diagnol pattern across the whole thing.

[CAFxX]

Lotteries need true random numbers. Would you like to see a graphic representation of PHP's rand() function on a Windows machine? It's pretty. It's pretty because there's a diagnol pattern across the whole thing.

That's what mt_rand() is for.

[bitlotto]

Interesting. The problem is NO MATTER WHAT, people don't trust computers for truly random numbers. Even if it truly is. They'll think your computer is defective. Hacked or somehow altered after the fact. For small lotteries your method is fine. For bigger ones I don't think you'll find any lottery worth a lot of money using computers for the numbers. They all use some type of balls in a dome or some type of physical device. People trust those. They understand it better why you can't manipulate it. Computer randomness is beyond most people. Since they don't get it, they don't trust it. That's pretty much why I eventually just decided to use "real world" lottery numbers into mine. WAY easier to explain why it's impossible to manipulate the outcome.

[CAFxX]

Since we're talking bitcoin, then the most sensible way would be
- Take the N last confirmed blocks at time of extraction
- Hash them
- Sign hash with private key
- Treat the signed hash as a huge random integer - extract from it the random number(s) needed for your lottery.
- Anyone can verify that you haven't made it up by verifying the signed hash (using your public key) against the hash of the well-known last N confirmed blocks at time of extraction
- Profit!

[bitlotto]

Since we're talking bitcoin, then the most sensible way would be
- Take the N last confirmed blocks at time of extraction
- Hash them
- Sign hash with private key
- Treat the signed hash as a huge random integer - extract from it the random number(s) needed for your lottery.
- Anyone can verify that you haven't made it up by verifying the signed hash (using your public key) against the hash of the well-known last N confirmed blocks at time of extraction
- Profit!

The person with the private key could be cheating by generating the last block needed and not submitting if it doesn't work in their favor. They can slightly increase their odds.

I know I've tried something very similar. Still not cheat proof.

[lulzplzkthx]

Interesting. The problem is NO MATTER WHAT, people don't trust computers for truly random numbers. Even if it truly is. They'll think your computer is defective. Hacked or somehow altered after the fact. For small lotteries your method is fine. For bigger ones I don't think you'll find any lottery worth a lot of money using computers for the numbers. They all use some type of balls in a dome or some type of physical device. People trust those. They understand it better why you can't manipulate it. Computer randomness is beyond most people. Since they don't get it, they don't trust it. That's pretty much why I eventually just decided to use "real world" lottery numbers into mine. WAY easier to explain why it's impossible to manipulate the outcome.

Random.org does not use pure computer randomization functions:
RANDOM.ORG offers true random numbers to anyone on the Internet. The randomness comes from atmospheric noise, which for many purposes is better than the pseudo-random number algorithms typically used in computer programs. People use RANDOM.ORG for holding drawings, lotteries and sweepstakes, to drive games and gambling sites, for scientific applications and for art and music.

However, your argument is enough to dispel the mt_rand() argument (which is, of course, MUCH better than rand(). I created a gist on GitHub awhile ago to display the differences [note there isn't a big difference on Linux]: https://gist.github.com/1011023).

Since we're talking bitcoin, then the most sensible way would be
- Take the N last confirmed blocks at time of extraction
- Hash them
- Sign hash with private key
- Treat the signed hash as a huge random integer - extract from it the random number(s) needed for your lottery.
- Anyone can verify that you haven't made it up by verifying the signed hash (using your public key) against the hash of the well-known last N confirmed blocks at time of extraction
- Profit!

This does not only need to be used for Bitcoin. This is useful in any number of scenarios with users who don't want to trust the owner of the website for their "randomization".

[bitlotto]

Random.org does not use pure computer randomization functions:
RANDOM.ORG offers true random numbers to anyone on the Internet. The randomness comes from atmospheric noise, which for many purposes is better than the pseudo-random number algorithms typically used in computer programs. People use RANDOM.ORG for holding drawings, lotteries and sweepstakes, to drive games and gambling sites, for scientific applications and for art and music.

I agree its random but people still have a hard time understanding and trusting it. I can't think of a single million dollar lottery that uses computers. Only balls. People can see it and everyone understands it. Does random.org allow for getting data at a very specific time. If not there is no way to verify what the person got is right or not.

This is useful in any number of scenarios with users who don't want to trust the owner of the website for their "randomization".

It works but like I said, because it depends on a generated block the person with the key can cheat with the last block. Yes, I know they would need a pretty nice computer but it's within the realm of possibility. HIGHLY improbable as it would cost a fortune but without spending too much you could in theory help your odds *very slightly* by trying to solve the last block checking it and seeing if you like it and not submitting the block if you don't. It gives the cheater with the key a do over at the end. Probably could only do it once and he's not even guaranteed he'd be the last one anyways. For small jackpots it doesn't matter as the cost to cheat would be huge. But if it was 100's of millions. It would be worth it. Maybe.   

[CAFxX]

Since we're talking bitcoin, then the most sensible way would be
- Take the N last confirmed blocks at time of extraction
- Hash them
- Sign hash with private key
- Treat the signed hash as a huge random integer - extract from it the random number(s) needed for your lottery.
- Anyone can verify that you haven't made it up by verifying the signed hash (using your public key) against the hash of the well-known last N confirmed blocks at time of extraction
- Profit!

The person with the private key could be cheating by generating the last block needed and not submitting if it doesn't work in their favor. They can slightly increase their odds.

I know I've tried something very similar. Still not cheat proof.

The person with the private key is the same organizing the lottery. He could very well disappear before the extraction or simply refuse to pay the winners.

[CAFxX]

Random.org does not use pure computer randomization functions:
RANDOM.ORG offers true random numbers to anyone on the Internet. The randomness comes from atmospheric noise, which for many purposes is better than the pseudo-random number algorithms typically used in computer programs. People use RANDOM.ORG for holding drawings, lotteries and sweepstakes, to drive games and gambling sites, for scientific applications and for art and music.

I agree its random but people still have a hard time understanding and trusting it. I can't think of a single million dollar lottery that uses computers. Only balls. People can see it and everyone understands it. Does random.org allow for getting data at a very specific time. If not there is no way to verify what the person got is right or not.

The problem is that you have to trust random.org (or whatever else) and all the routers inbetween... (last time I checked, random.org didn't offer reliable https). More generally, the problem is that all source of true randomness are, by definition, not verifiable. That's why I proposed something that could be verifiable but extremely hard to willfully manipulate - both for those placing bets and for the lottery itself.

[bitlotto]

The person with the private key is the same organizing the lottery. He could very well disappear before the extraction or simply refuse to pay the winners.

I know, I'm strictly talking cheating with the random part. In that case it would be WAY easier to just take the money than cheat with the randomness but it is possible. Perhaps someone stole the key or someone with money wanted to help his chances. I don't know. But it does have a SMALL flaw.

[CAFxX]

The person with the private key is the same organizing the lottery. He could very well disappear before the extraction or simply refuse to pay the winners.

I know, I'm strictly talking cheating with the random part. In that case it would be WAY easier to just take the money than cheat with the randomness but it is possible. Perhaps someone stole the key or someone with money wanted to help his chances. I don't know. But it does have a SMALL flaw.

It is possible, but you (the lottery owner*) would need so much computing power that it would be surely more practical to simply take control of the block chain. And in that case, you'd surely wouldn't bother with the lottery.

* anybody else wouldn't be able to mount such an attack without the private key (or without breaking the asymmetric encryption scheme)

[bitlotto]

would need so much computing power that it would be surely more practical to simply take control of the block chain

To win. But to SLIGHTLY increase your odds you just need a real fast computer. Chances are you won't make a difference but there is a chance you can. It all depends on if the very very tiny risk is ok with the people using the random data.