Bitcoin Forum
March 06, 2021, 04:57:17 AM *
News: Latest Bitcoin Core release: 0.21.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: mutterings from mem: Provable Results vs Provably Fair  (Read 4859 times)
mem
Hero Member
*****
Offline Offline

Activity: 644
Merit: 501


Herp Derp PTY LTD


View Profile
August 02, 2013, 12:39:41 PM
Merited by Financisto (1)
 #1

I think people need to revisit the concept of provably fair.

First, lets give some examples of my gold standard for provably fair:

1: blockchain games that user the players txid (or another input they have no control over) and a daily site secret.
This imho is still as good as it gets, the entire betting history is public and anyone could choose perform an audit to verify outcomes.

2: Any site that shows you a hash of the site seed used for the next round and allows for users to provide their own seed or randomly generates one for them.
This is as good as it gets without a publically auditable db. Bonus points for no blockchain spam as well.

Now lets look @ 'Provable Results'.

2: Any site that shows you a hash of the site seed used for the next round and does not allow users to provide their own seed.

This is not provably fair, this is only provable results.

What is the difference you ask and why are you such a prick about these things site operators ask ?

Let me use my favourite game roulette as an example.
I as an operator silently observe the bettors and pick their patterns (red/ martingale/ singles/ whatever).
I pre-generate a huge sample of site seeds and client seeds (remember the client cannot set their own) and then cherry pick the results I want.

Say we had a player martingaling their bets on red, to fucking easy throw out 10 blacks and then insist they were randomly selected where in actual fact there is no proof of randomness only proof of result.

I have previously been to lenient on this and will be revisiting and speaking with casino operators who have (conveniently ?) overlooked this.

Flu meds wearing off, back to the tv and my heater.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1615006637
Hero Member
*
Offline Offline

Posts: 1615006637

View Profile Personal Message (Offline)

Ignore
1615006637
Reply with quote  #2

1615006637
Report to moderator
1615006637
Hero Member
*
Offline Offline

Posts: 1615006637

View Profile Personal Message (Offline)

Ignore
1615006637
Reply with quote  #2

1615006637
Report to moderator
vlees
Full Member
***
Offline Offline

Activity: 196
Merit: 100



View Profile
August 02, 2013, 01:15:02 PM
 #2

I think this discussion has been here a few times already and I completely agree with you.

http://v20.nl/primedice/

BEEP BEP
mem
Hero Member
*****
Offline Offline

Activity: 644
Merit: 501


Herp Derp PTY LTD


View Profile
August 02, 2013, 05:24:05 PM
 #3

I think this discussion has been here a few times already and I completely agree with you.

http://v20.nl/primedice/

excellent demonstration

BitcoinVideoPoker
Hero Member
*****
Offline Offline

Activity: 799
Merit: 500



View Profile WWW
August 03, 2013, 01:43:34 PM
 #4

Hello! Bitcoin Video Casino chiming in here...

We just want to say hello and talk about how we do our provably fair system. 

Our system works by picking a server seed before you spin or deal.  With every spin or deal request the javascript code, running in your browser, selects a random number and includes that number in the HTTP AJAX request.  We incorporate that client seed into the number generator seed like so:

Code:
game_seed = server_seed + client_seed;
shuffle_seed = sha256(game_seed);

where shuffle_seed is then used to seed a Mersenne Twister random number generator.  This guarantees that we haven't manipulated the server seed as we send you the result of sha256(server_seed) *before* you choose to deal the cards/throw dice/spin the wheel.  Every time you refresh the browser, you'll get a new server seed.  After the deal we reveal the server seed and you can verify that the hash of the server seed was correct, that the client seed you provided was indeed incorporated into the final game seed and that the game seed produces the correct set of random numbers.

In fact, since our client-side code is publicly available you can see (for each of our games) the check_game function (see http://bitcoinvideocasino.com/static/slots.js around line 330 function check_game) where we check every single game that's played in your browser.

Quote
I as an operator silently observe the bettors and pick their patterns (red/ martingale/ singles/ whatever).
I pre-generate a huge sample of site seeds and client seeds (remember the client cannot set their own) and then cherry pick the results I want.

We definitely can't do this as our system requires the incorporation of a client seed into the dice/deck shuffles.  The client seed is chosen via crypto.getRandomValues() or if that isn't available, Math.random().

Quote
2: Any site that shows you a hash of the site seed used for the next round and does not allow users to provide their own seed.

This is not provably fair, this is only provable results.

We will definitely look into providing some way for the user to specify a lucky client seed if this is something our players want to see!

Zaih
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500


View Profile
August 03, 2013, 01:55:27 PM
 #5

Quote
2: Any site that shows you a hash of the site seed used for the next round and allows for users to provide their own seed or randomly generates one for them.

If the site also generates the client seed, it's just like two server/site seeds. The user HAS to choose it themselves, AFTER showing the server seed. A nonce should be used to make this more user friendly & so lazy people can't be potentially abused (Looking at you Stunna..)
darkmule
Legendary
*
Offline Offline

Activity: 1176
Merit: 1005



View Profile
August 03, 2013, 02:11:37 PM
 #6

Flu meds wearing off, back to the tv and my heater.

Some kinds of game are going to be a lot easier to make provably fair than others.  One necessity for being able to prove fairness (without some kind of independent audit) is that you actually know all the results.  In a dice game, you can basically know everyone's results over the history of the game.  In a lottery game, you can have some independently verifiable source of the seed, like for instance an actual real world lottery.  Basically, you need very little entropy for a probable result.

In games like poker, you need a tremendous amount of pseudorandom numbers generated in real time.  You also don't get to see the final results, just whatever hands make it to the river.  People are also generally going to be unwilling to have the cards they had known to the other players without seeing a showdown.  

Now, by collecting large numbers of hand histories, you can analyze whether the action is funky, like flush draws are coming in more often than they should, but you can't really prove it's honest.  You can just show the results are consistent (or inconsistent) with the PRNG being fair.  I'm sure there are other games where it would be difficult to be provably fair, but poker is definitely a big one where it would be tricky to do.
dice64
Newbie
*
Offline Offline

Activity: 34
Merit: 0


View Profile WWW
August 04, 2013, 12:52:52 AM
 #7

I too have the same concerns about you, many operators have a few hours delay before releasing a secret, giving them plenty of time to change the secret hash, invalidate bets, or even just outride delete them and pretend the deposit address they gave out doesn't belong to them.

I have just posted this link and scrolled down to see your post. I think I have closed some of the gaps in the off-blockchain provably fair by using the ecdsa cryptographic signing functions of Bitcoin. Take a look.

https://bitcointalk.org/index.php?topic=267659.new#new
GigaDice
Full Member
***
Offline Offline

Activity: 224
Merit: 100



View Profile
August 04, 2013, 02:06:53 AM
 #8

You're totally right Mem, a site that doesn't allow for users to provide a seed prior to the roll or isn't Blockchain based shouldn't be considered provably fair. There is far too many provably fair games out right now.
Insanity
Sr. Member
****
Offline Offline

Activity: 338
Merit: 250


View Profile
August 04, 2013, 11:33:57 AM
 #9

Another suggestion is to have the site operator video the bets with camtasia, this would be a lot more verifiable than any server or client seed generator nonsense that can easily just be edited. 
vlees
Full Member
***
Offline Offline

Activity: 196
Merit: 100



View Profile
August 04, 2013, 11:34:47 AM
 #10

Another suggestion is to have the site operator video the bets with camtasia, this would be a lot more verifiable than any server or client seed generator nonsense that can easily just be edited. 

I agree. If you have any concerns with this method, please contact me at blobsrs@gmail.com

BEEP BEP
boot52
Newbie
*
Offline Offline

Activity: 42
Merit: 0



View Profile WWW
August 06, 2013, 08:33:23 PM
 #11

Some kinds of game are going to be a lot easier to make provably fair than others.
Best I can figure, the whole concept of 'provably fair' (as defined here) doesn't really apply to online poker. The closest approximation I can think of might be 'provably fair shuffling', but even that seems problematic because now you have multiple players per shuffle.  Just thinking about it now, wouldn't that require every player to know the client seed of every other player? Or maybe there is a simpler solution? I would definitely add this feature to my site (boot52.nl) if I could come up with a reasonable implementation.

But besides all that, there are much simpler ways for a crooked site operator to cheat. For example, the software might have a 'god mode' which would enable certain people to see all your hole cards. You see? So to me, it all boils down to trust. Either you trust the site operator or you don't.  And if you don't, then advanced cryptography probably isn't going to help -- at least in poker. At least that's my current thinking. Maybe you disagree? -boot
vlees
Full Member
***
Offline Offline

Activity: 196
Merit: 100



View Profile
August 07, 2013, 10:21:32 AM
 #12

For card shuffling you could let every user enter a client seed. Concatenate all client seeds alphabetically (to make it reproducible), add an own string and use this total as input for a (P)RNG; mersenne-twister for example

Then take a 52 card deck. Apply a shuffling algorithm to it with the chosen (P)RNG and for example the Fisher-Yates shuffle. Concatenate the deck (as in 2s8d9cJs....) and use some cryptographic hash on that string.

Before the game, publish the hash of the original seed and the hash of the shuffled deck.
Correctly specify in which order the game takes cards from the deck and if it burns cards (which makes no sense IMO, but some do it) and then after the game make all client seeds, the server seed and the final result permanently visible on the site (this is something I really want on your site, to at least see all previous games I had).

Ask all players for a new seed and start at the top.

Of course this won't help anyone in knowing if you cheat by seeing all cards of other players but it at least makes it impossible to deal yourself a royal flush and getting away with it.

BEEP BEP
Dabs
Legendary
*
Offline Offline

Activity: 2884
Merit: 1565


The Concierge of Crypto


View Profile
August 07, 2013, 01:41:21 PM
 #13

Ok, how do you fairly shuffle a deck, and provably show a player's own cards are fairly drawn, without showing other player's cards or hands? Poker specifically has this problem.

satcircle
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


SatoshiDice, SatoshiCircle & SatoshiSlot Support


View Profile WWW
August 07, 2013, 02:41:50 PM
 #14

I think people need to revisit the concept of provably fair.

First, lets give some examples of my gold standard for provably fair:

1: blockchain games that user the players txid (or another input they have no control over) and a daily site secret.
This imho is still as good as it gets, the entire betting history is public and anyone could choose perform an audit to verify outcomes.

2: Any site that shows you a hash of the site seed used for the next round and allows for users to provide their own seed or randomly generates one for them.
This is as good as it gets without a publically auditable db. Bonus points for no blockchain spam as well.

Now lets look @ 'Provable Results'.

2: Any site that shows you a hash of the site seed used for the next round and does not allow users to provide their own seed.

This is not provably fair, this is only provable results.

What is the difference you ask and why are you such a prick about these things site operators ask ?

Let me use my favourite game roulette as an example.
I as an operator silently observe the bettors and pick their patterns (red/ martingale/ singles/ whatever).
I pre-generate a huge sample of site seeds and client seeds (remember the client cannot set their own) and then cherry pick the results I want.

Say we had a player martingaling their bets on red, to fucking easy throw out 10 blacks and then insist they were randomly selected where in actual fact there is no proof of randomness only proof of result.

I have previously been to lenient on this and will be revisiting and speaking with casino operators who have (conveniently ?) overlooked this.

Flu meds wearing off, back to the tv and my heater.

Bang on MEM!

vlees
Full Member
***
Offline Offline

Activity: 196
Merit: 100



View Profile
August 07, 2013, 03:35:01 PM
 #15

Ok, how do you fairly shuffle a deck, and provably show a player's own cards are fairly drawn, without showing other player's cards or hands? Poker specifically has this problem.

As I explained in my post: Fisher-Yates shuffle, create a string out of the deck, hash it. Show the hash beforehand, the entire deck afterwards.
Did you read my post?

BEEP BEP
boot52
Newbie
*
Offline Offline

Activity: 42
Merit: 0



View Profile WWW
August 07, 2013, 05:43:53 PM
 #16

... Fisher-Yates shuffle, create a string out of the deck, hash it. Show the hash beforehand, the entire deck afterwards.

It's certainly an interesting problem ... much trickier than I first imagined. Even though 'provably fair shuffling' != provably fair, I agree that the feature is still worth implementing. Rumors are running rampant that the shuffling algorithm on Pokerstars is rigged to favor the weaker players. See http://www.pokerscout.com/AllReviews.aspx?id=1 , and the general mood seems to be that most of these poker sites are crooked as a barrel of snakes. This would at least help to build back some trust.

I like your idea though, and I recall that libertaad wrote some excellent aricles on 'provably fair' not so long ago which I need to go back and re-read. I'll give the subject some more thought and see what I can come up with.   

vlees
Full Member
***
Offline Offline

Activity: 196
Merit: 100



View Profile
August 07, 2013, 07:09:28 PM
 #17

Even though 'provably fair shuffling' != provably fair,

That is true, but as I said: if you implement this it is impossible for you to deal yourself a Royal Flush and get away with it. People would quickly look up the hashes and see that they don't match and know that you tampered with the shuffling. Of course at that moment everyone lost their money already but at least it is proven that it was rigged.

Right now you can deal anyone whatever you like and nobody will know.

BEEP BEP
Dabs
Legendary
*
Offline Offline

Activity: 2884
Merit: 1565


The Concierge of Crypto


View Profile
August 08, 2013, 01:41:52 AM
 #18

Ok, how do you fairly shuffle a deck, and provably show a player's own cards are fairly drawn, without showing other player's cards or hands? Poker specifically has this problem.

As I explained in my post: Fisher-Yates shuffle, create a string out of the deck, hash it. Show the hash beforehand, the entire deck afterwards.
Did you read my post?

But if you show the entire deck afterwards, and everyone knows the order the cards are handed out, everyone can know everyone else's hands. That's a problem in poker, if you do not want other players to know your cards even if you lost.

You only show your hand if you win. In fact, you don't need or you don't want to show your hand if you win because everyone else folded. However, you at least want to know that the cards you got were fairly given, and provably so.

The solution, I think is to hash each card and a nonce that indicates the position of that particular card in the deck. The player that holds the cards can see his own cards, but not the others, and can verify that his cards come from the deck in the order it was supposed to.

This is possible, but it might become unwieldy to verify. You have to create a hash for the shuffling seed, and a hash for each card. If you only use one deck, that is still 52 cards or 53 hashes. If you use multiple decks, that's a lot more hashes.

Also, it doesn't have to be Fisher-Yates, but any shuffling where everyone knows the procedure, that uses maybe SHA256 (as always) with random seeds that can be revealed after the game. (After reading about it, everything that can shuffle can fit into a Fisher-Yates variant or something similar.)

As far as players are concerned, it will be Provably Fair as well as Provable Results.

That still leaves the house being able to cheat by knowing all the cards and telling the players which cards they have. I'm not sure we can do anything about that. It's the same problem with dice sites. The owners (who know the server seeds) can play as a player and win or lose the game on purpose.

vlees
Full Member
***
Offline Offline

Activity: 196
Merit: 100



View Profile
August 08, 2013, 07:21:40 AM
 #19

That still leaves the house being able to cheat by knowing all the cards and telling the players which cards they have. I'm not sure we can do anything about that. It's the same problem with dice sites. The owners (who know the server seeds) can play as a player and win or lose the game on purpose.

Yes, and that is a problem when the money of the 'house' is not involved. I couldn't care less if Stunna plays his own game, but dooglus playing JD and I will refrain from visiting that site.

Also I forgot about the part where you have to be able to muck your cards... I will think about this today and hopefully come up with a way (just woke up so had problems understanding your text)

BEEP BEP
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756
Merit: 501



View Profile
August 08, 2013, 12:39:30 PM
 #20

I think people need to revisit the concept of provably fair.

First, lets give some examples of my gold standard for provably fair:

1: blockchain games that user the players txid (or another input they have no control over) and a daily site secret.
This imho is still as good as it gets, the entire betting history is public and anyone could choose perform an audit to verify outcomes.

2: Any site that shows you a hash of the site seed used for the next round and allows for users to provide their own seed or randomly generates one for them.
This is as good as it gets without a publically auditable db. Bonus points for no blockchain spam as well.

Now lets look @ 'Provable Results'.

2: Any site that shows you a hash of the site seed used for the next round and does not allow users to provide their own seed.

This is not provably fair, this is only provable results.

What is the difference you ask and why are you such a prick about these things site operators ask ?

Let me use my favourite game roulette as an example.
I as an operator silently observe the bettors and pick their patterns (red/ martingale/ singles/ whatever).
I pre-generate a huge sample of site seeds and client seeds (remember the client cannot set their own) and then cherry pick the results I want.

Say we had a player martingaling their bets on red, to fucking easy throw out 10 blacks and then insist they were randomly selected where in actual fact there is no proof of randomness only proof of result.

I have previously been to lenient on this and will be revisiting and speaking with casino operators who have (conveniently ?) overlooked this.

Flu meds wearing off, back to the tv and my heater.

This is an excellent point actually.

I think this discussion has been here a few times already and I completely agree with you.

http://v20.nl/primedice/

Very nice.

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!