Rollin.io is not a fair gambling site

[lugrugzo]

Despite they claim they are "provably fair", according to their number generation algorithm they are not. Fair sites like PD or JD uses nonce based number generation algorithm like this:

Code:

Your client_seed: "iamlucky"
Your server_seed: "randomserverseed"
Your current nonce: 1 (increases every bet until you change your seeds)

Rolled number = roll(client_seed, server_seed, nonce)

Above approach guarantees that every number is generated with your own seeds you know that the next nonce is 2, 3. It's known before and after the bet. And then when you reveal your server seed, you can check the fairness of rolled number. (Casino can still cheat you by skipping nonce's, like the DiceBitco.in did)

Rollin.io is not using this approach. Here theirs:

Code:

Your client_seed: "iamlucky"
Your server_seed: "randomserverseed"
You random_seed for bet: "randomstringgivenbyserver" (instead of nonce)

Rolled number = roll(client_seed, server_seed, random_seed)

That random_seed is calculated when you bet. This is possible they have a code block like this in server:

Code:

var rolled = roll(...)

if(win && amount > 1 BTC) {
    rolled = rollAgain(...)
}

Rollin.io can easily manipulate the random_seed whenever they want. It's "fair" but not "provable fair". Think twice before betting in Rollin.io.

Example bet: https://rollin.io/dice/history/4261348079

Please correct me if I'm wrong.


Edit:

You really dorollin.io is really a fair site, this has been recognized through the process of using, this is the first time I saw a negative article about this site. Everything appears with random probabilities as many have considered before, no reason for your rating to be received. Perhaps your bad luck has cost you all the money and makes you angry. Please consider again. I believe you understand what I mean.

I am not playing in dice games, at least not in Rollin.io. I was just checking their site.

Thanks NLNico for correcting me. I totally miss that information whlie sleepy.

[NLNico]

Please correct me if I'm wrong.

You are indeed wrong. Rollin is provably fair.




The serverseed hash that you get before you bet, is the hash of both the server and random seed:

Code:

SHA256(server_seed + random_seed)

So they cannot change the random_seed during your bet (technically they can change it, but the hash would change so you would notice it = provably fair)

edit: additionally random_seed is not used for bet result:

Code:

HmacSHA512(server_seed, client_seed)

'random_seed' is simply an extra string for the hash.. probably because they are afraid someone might brute-force server_seed (which isn't possible with that length - but okay.)

I also made a verifier for them: https://dicesites.com/rollin/verifier




Note that I still prefer the nonce-method, because ideally on Rollin you will copy-paste the serverseed hash and clientseed every time before you bet, while with the nonce-method you only have to do it once before your session.

[HCP]

edit: additionally random_seed is not used for bet result:

Code:

HmacSHA512(server_seed, client_seed)

'random_seed' is simply an extra string for the hash.. probably because they are afraid someone might brute-force server_seed (which isn't possible with that length - but okay.)

Actually... that does strike me as being a bit of a flawed system... It would appear that they are manipulating the server_seed hash they give to you before a roll and this actually prevents them from being able to prove that they haven't modified the server_seed. All you get is a "random_seed" that was supposedly hashed with the "server_seed" to give the server_seed hash.

Note: I am NOT claiming this is what Rollin does, but what could potentially happen with a setup like this...

What's to stop someone from just pre-generating a couple of different server_seed+random_seed combinations that make the same hashes... Now, a player gets a big "win", and then the casino could just search through their list of server+random seed combinations until they find the one where the server_seed makes that roll a loss... Then, they could just post the loss result, say here is the server_seed that was used... and we can "prove" it because it matches up with the server_seed_hash... provided you add in this "random" number that we just picked out of nowhere but didn't give you up front?

I'm sure the math involved in the hashing functions probably makes the likelihood of hash collisions for server+random seed combinations very very very small... but then, why even use the random_seed in the first place? The chances of someone brute_forcing the server_seed from just the hash are supposed to be just as tiny, aren't they?

[seuntjie]

edit: additionally random_seed is not used for bet result:

Code:

HmacSHA512(server_seed, client_seed)

'random_seed' is simply an extra string for the hash.. probably because they are afraid someone might brute-force server_seed (which isn't possible with that length - but okay.)

Actually... that does strike me as being a bit of a flawed system... It would appear that they are manipulating the server_seed hash they give to you before a roll and this actually prevents them from being able to prove that they haven't modified the server_seed. All you get is a "random_seed" that was supposedly hashed with the "server_seed" to give the server_seed hash.

Note: I am NOT claiming this is what Rollin does, but what could potentially happen with a setup like this...

What's to stop someone from just pre-generating a couple of different server_seed+random_seed combinations that make the same hashes... Now, a player gets a big "win", and then the casino could just search through their list of server+random seed combinations until they find the one where the server_seed makes that roll a loss... Then, they could just post the loss result, say here is the server_seed that was used... and we can "prove" it because it matches up with the server_seed_hash... provided you add in this "random" number that we just picked out of nowhere but didn't give you up front?

I'm sure the math involved in the hashing functions probably makes the likelihood of hash collisions for server+random seed combinations very very very small... but then, why even use the random_seed in the first place? The chances of someone brute_forcing the server_seed from just the hash are supposed to be just as tiny, aren't they?

What stops them from generating different combinations that match is the 2^512 resulting hashes that you get from HmacSHA512. It'd be nearly impossible to generate two seed pairs with matching hashes.

I also prefer nonce based RNGs, but one upside or a per bet based system is that you can verify the rolls as you play, where with nonce based systems you can only catch nonce skipping as you play. There's some security in that I guess.

[Vantix]

Rollin is provably fair dude

[soul-impact]

You really dorollin.io is really a fair site, this has been recognized through the process of using, this is the first time I saw a negative article about this site. Everything appears with random probabilities as many have considered before, no reason for your rating to be received. Perhaps your bad luck has cost you all the money and makes you angry. Please consider again. I believe you understand what I mean.

[moooonu]

Well you can use dicebot to verify your each bet from now on. And I don't think that any site exists for such long without being a probably fair site.