drawingthesun
Legendary
Offline
Activity: 1176
Merit: 1015
|
|
September 24, 2013, 05:07:30 PM |
|
Deposits have stopped...
server issues?
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
September 24, 2013, 05:12:41 PM |
|
2. The RNG is not even a RNG. It uses a deterministic but secure hash function in a message authentication code format. The results look random. They are not. They are uniformly distributed.
JD's rolls have 3 components: a server seed, a client seed, and an incrementing nonce. The server seed does not change until you Randomize. The client seed does not change. The nonce goes up by one for every roll.
I believed, and I still do, that you can predict a pattern.
[...]
For lack of a true scientific explanation, I resorted to just saying I had magic seeds. However, my understanding of statistics and probabilities, or the lack thereof, convinced me that I can exploit this predictable or deterministic pattern.
But. No one believes me, and I can't explain myself.
I have the same suspicion and the same problem. I can't even think clearly when sha256 is involved . Maybe a tried-and-true PRNG could be used seeded with sha256(server_seed || ":" || user_seed) or whatever) instead of that nonce-postfix-thingy that is implemented, which only changes a couple of bits (down to only one bit rougly every second time) of the sha256 input between rolls. I'm not saying this is a flawed approach (I clearly do not know this), just that it's impossible for me to be sure it's not (partly) predictable. I'm not very firm with math-stuff, just wanted to assure Dabs he's not alone in his suspicion. EDIT: I highly doubt a human brain would be able to detect such things, btw. Nakowa is just a lucky gambler.
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
September 24, 2013, 05:14:33 PM |
|
Deposits have stopped...
server issues?
just deposited ~ 2 hours ago with no problem.
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
elm
Legendary
Offline
Activity: 1050
Merit: 1000
|
|
September 24, 2013, 05:15:30 PM |
|
I typed a long reply, then the forum crapped on me some error so I lost it. I will try to recreate my answer. 1. How can one be sure? I think if it is 100% provably fair and the OP and player and whoever else has no chance to get hold of the final outcome in advance than the OP is honest. does something like 100% provably fair exist? if yes, then my next question would be, is JD 100% provably fair? 2. if the numbers of the RNG are not random this would explain everything. but why would JD chose a RNG that is not random? a RNG that is not random is not a RNG imho could You explain Your view in more depth. this would be very interesting to understand (at least for me) thanks 1. The site is provably fair for players. No site or dice game is provably fair for investors other than the owner. Slow games, like my lotto, are perfectly provably fair, but you have to wait 1 week for the results. No one is going to play dice with a 1 week delay. 2. The RNG is not even a RNG. It uses a deterministic but secure hash function in a message authentication code format. The results look random. They are not. They are uniformly distributed. JD's rolls have 3 components: a server seed, a client seed, and an incrementing nonce. The server seed does not change until you Randomize. The client seed does not change. The nonce goes up by one for every roll. I believed, and I still do, that you can predict a pattern. For a short time, I ran a pseudo gambling investment (DIGS) where I collected other people's money and gambled them in a carefully planned martingale strategy. Mostly for fun. Until I made a mistake, which was something I actually predicted. I lost 6 consecutive times. The bet now is, I'm going to win the next roll, or the 7th bet. Everyone calls this the Gambler's Fallacy. Doesn't matter. Nakowa is afflicted with the same disease. For lack of a true scientific explanation, I resorted to just saying I had magic seeds. However, my understanding of statistics and probabilities, or the lack thereof, convinced me that I can exploit this predictable or deterministic pattern. But. No one believes me, and I can't explain myself. If I lose, they told me so. If I win, I just got lucky. Even though I said I knew it, I couldn't possible have predicted it. So, no one is sending me coins, I'll just have to wait patiently until I have enough to go gamble it again. Wanna bet? Send me coins and I will gamble it for you using my so called magic seeds, and I'll send you back the profit, if you'll let me keep the change. I told everyone, send me 100, I will send back 110, after making 112, and I'll keep the 2, if I win. If I lose, it was a gamble huh.... ... Hehehehe. Stupid magic seeds, stupid dragon babies, stupid dung beetle... Anyway, you asked for my point of view. thank You for taking the time. what You are saying is that Provably Fair is only for the player fair and not for the owner/investors. that is very bad then. if You found a pattern to Your advantage, You should know how to explain it, IMHO. I believe in patterns in connection with RNG games.
|
|
|
|
drawingthesun
Legendary
Offline
Activity: 1176
Merit: 1015
|
|
September 24, 2013, 05:16:10 PM |
|
Maybe a tried-and-true PRNG could be used seeded with sha256(server_seed || ":" || user_seed) or whatever) instead of that nonce-postfix-thingy that is implemented, which only changes a couple of bits (down to only one bit rougly every second time) of the sha256 input between rolls. I'm not saying this is a flawed approach (I clearly do not know this), just that it's impossible for me to be sure it's not (partly) predictable.
If this is the case, wouldn't the entire proof of work for Bitcoin be compromised? Bitcoin = SHA256(SHA256) JD = HMAC-SHA512(sever seed, client seed, nonce) They both use the SHA family right?
|
|
|
|
wolverine.ks
|
|
September 24, 2013, 05:18:16 PM |
|
dooglus should put out a bounty to prove the RNG is flawed. allow people to benefit financially without losing their soul...
|
|
|
|
willphase
|
|
September 24, 2013, 05:22:39 PM |
|
SHA512 is secure, all these posts are just FUD. No attacks have been proven against SHA512 or even SHA256.
Only tweaking 1 bit in the input to SHA would still give a completely different output - that's the point of a hashing algorithm!
I find it quite funny that there's all these posts from people saying how they think they have found 'patterns' of high high low low or whatever, then they end their post with 'but I'm not a mathematician'.
Believe me, if SHA512 or SHA256 were broken, we would know about it - firstly the entire TLS/SSL CA infrastructure would collapse..
Will
|
|
|
|
drawingthesun
Legendary
Offline
Activity: 1176
Merit: 1015
|
|
September 24, 2013, 05:23:23 PM |
|
SHA512 is secure, all these posts are just FUD. No attacks have been proven against SHA512 or even SHA256.
Only tweaking 1 bit in the input to SHA would still give a completely different output - that's the point of a hashing algorithm!
I find it quite funny that there's all these posts from people saying how they think they have found 'patterns' of high high low low or whatever, then they end their post with 'but I'm not a mathematician'.
Believe me, if SHA512 or SHA256 were broken, we would know about it - firstly the entire TLS/SSL CA infrastructure would collapse..
Will
And Bitcoins proof of work too right?
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
September 24, 2013, 05:24:57 PM |
|
Maybe a tried-and-true PRNG could be used seeded with sha256(server_seed || ":" || user_seed) or whatever) instead of that nonce-postfix-thingy that is implemented, which only changes a couple of bits (down to only one bit rougly every second time) of the sha256 input between rolls. I'm not saying this is a flawed approach (I clearly do not know this), just that it's impossible for me to be sure it's not (partly) predictable.
If this is the case, wouldn't the entire proof of work for Bitcoin be compromised? Bitcoin = SHA256(SHA256) JD = HMAC-SHA512(sever seed, client seed, nonce) They both use the SHA family right? No, a predictable pattern existing in JD PRNG would not mean proof of work for Bitcoin is compromised. POW involves "guessing" a nonce so that the sha output is smaller than x. Predicting a pattern in JD means exploiting properties of sha256 that have nothing directly to do with its "irreversibility". In JD the difference between two consecutive inputs to the function is known (nonce = nonce + 1). This could lead one to be able to predict (maybe statistically and using past data) changes between 2 consecutive outputs. Again: I'm not saying this is the case and sure as hell I'm not saying I found something like that, but I just can't rule it out for myself.
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
September 24, 2013, 05:26:34 PM |
|
SHA512 is secure, all these posts are just FUD. No attacks have been proven against SHA512 or even SHA256.
secure against what? "Attacks" against cryptographic hash functions are attacks against the complexitiy of calculating their inverse function (EDIT: or finding a collision). This is not the way these functions are used in JD. Existence of predictable pattern in JD dice rolls does not imply sha256 is "broken", does it?
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
drawingthesun
Legendary
Offline
Activity: 1176
Merit: 1015
|
|
September 24, 2013, 05:27:54 PM |
|
Thanks for the explanation molecular.
|
|
|
|
molecular
Donator
Legendary
Offline
Activity: 2772
Merit: 1019
|
|
September 24, 2013, 05:29:26 PM |
|
Thanks for the explanation molecular. These are just my thoughts. I might be falling victim to gamblers phallacy .
|
PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0 3F39 FC49 2362 F9B7 0769
|
|
|
pascal257
|
|
September 24, 2013, 05:33:08 PM |
|
We recently learnt that some RNGs or their APIs are not completely safe. Unless JD is using a physical RNG thats also a possible point of failure.
|
|
|
|
drawingthesun
Legendary
Offline
Activity: 1176
Merit: 1015
|
|
September 24, 2013, 05:33:58 PM |
|
We recently learnt that some RNGs or their APIs are not completely safe. Unless JD is using a physical RNG thats also a possible point of failure.
Except a physical RNG is not provably fair for the gambler.
|
|
|
|
pascal257
|
|
September 24, 2013, 05:37:41 PM |
|
We recently learnt that some RNGs or their APIs are not completely safe. Unless JD is using a physical RNG thats also a possible point of failure.
Except a physical RNG is not provably fair for the gambler. Well I don't know the implementation of JD, but shouldn't it the possible to use the output of a PRNG to make a fair system?
|
|
|
|
drawingthesun
Legendary
Offline
Activity: 1176
Merit: 1015
|
|
September 24, 2013, 05:42:59 PM |
|
We recently learnt that some RNGs or their APIs are not completely safe. Unless JD is using a physical RNG thats also a possible point of failure.
Except a physical RNG is not provably fair for the gambler. Well I don't know the implementation of JD, but shouldn't it the possible to use the output of a PRNG to make a fair system? https://just-dice.com/lucky.txtYou can prove this is the code because if you run the server seed, client seed and nonce it comes out exactly the same.
|
|
|
|
IdealDarkness
Newbie
Offline
Activity: 41
Merit: 0
|
|
September 24, 2013, 07:48:44 PM |
|
Think doog has to maximize the bets, 10-20 BTC, or sg else. If he won't do that, the site will be destroyed in a week by Nakowa....
|
|
|
|
maqifrnswa
|
|
September 24, 2013, 07:58:24 PM |
|
Think doog has to maximize the bets, 10-20 BTC, or sg else. If he won't do that, the site will be destroyed in a week by Nakowa....
We should coin the term "investors fallacy." The mathematical correct thing to do to push profit in your favor is to pump the house edge. Variance will flicker around a quicker growing profit line. Minimum bet can be raised to full Kelly, or kept at fractional Kelly.
|
|
|
|
Lohoris
|
|
September 24, 2013, 08:40:09 PM |
|
Problem is that the whole point of j-d is to gather funds from many investors, to raise a high max bet. If he was to lower the max bet, likely he would have been able to do it with his own funds. (as Deprived has explained many times, assuming I got it right)
While this assertion is true, I believe that JD's public funding model has at least 2 advantages regardless of maxbet : - creating a little army of advertisers (investors) - turning a portion of investors into gamblers I doubt that JD would be where it stands nowadays without this unique feature. I totally agree. Not for these exact reasons, though they are similar: the solve fact that you can be an investor, and not through a traditional share-system, rather through a bankroll, is so innovative that brings automatic success. But I've also not seen you, dooglus, take the possibility seriously that he has exploited your site. [...] As a potential investor / sender of money to your site, I find that confidence worrying.
I'm also a bit concerned about this. While I think it's more likely he's just been quite lucky (<2% chances, IIRC), I find a bit disconcerting that absolute confidence everything's fine and site hasn't been cracked. dooglus should put out a bounty to prove the RNG is flawed. allow people to benefit financially without losing their soul...
Doesn't make much sense: if you find a flaw, you can exploit it and make much more. Of course there are people that wouldn't do it, but still...
|
|
|
|
galbros
Legendary
Offline
Activity: 1022
Merit: 1000
|
|
September 24, 2013, 09:22:46 PM |
|
As for the calls to "change something", if he's cheating then limiting the maximum bet won't stop him winning, and if he isn't cheating and is just lucky then limiting the maximum bet will only slow his inevitable losses. I don't see how it helps in either case.
One thing that I can change that will protect investors is whether the site is up or not. If I take it down they won't lose any more. But I suspect that most investors wouldn't like that decision. They want the site to stay up so they can win their coins back again. The ones who want this to end have the option already of divesting.
I'm quite tempted to just give up on this whole thing. It looks like the site is simply at nakowa's mercy. He's promised me in the past that he won't play any more, but never sticks to his word. So what do I do? Continue to let the investors take these horrific losses?
I am a small investor and love just-dice, thanks dooglus for making it possible for small fry like me to play with you. Now that we know Nakowa's basic system - willingness to absorb large losses while waiting for a targeted win number - it seems like investors can now design a counter strategy, for example I bailed out today for his final run of winnings. I am not anti-Nakowa, I'm glad he plays at JD but I appreciate a lot of the discussion and analysis in this thread that has highlighted he is not superman or supremely lucky, he's got a very sensible cash management strategy and JD's low 1% edge gives him a decent chance to pull it off. I don't think he's cheating and I don't think you should do anything drastic like change the max bet of the site. Personally, I'd increase it, but I have not run the analysis you have. What would help me as an investor is some kind of ability to put in a stop loss order, e.g. if my investment balance is < X then divest X % of my investment balance. However, I imagine that would be hard to program and result in a lot of variability in your investment total which you probably don't want. But right now I have to "lucky" enough to be on when he's on and manually monitor my balance and try and get out before I lose what are for me very hard to replace coins. When the site had 50K btc invested you said you had too much investment, what in your mind is the ideal level of investment? Please do not give up! Your site is one of the best things about BTC and you are a great member of this community.
|
|
|
|
|