Provably Fair vs. Independent Auditing

[marvolous]

I am an avid gambler and have done thorough research on "provably fair" casinos and it seems that every article I read affirming it there are just as many articles describing how provably fair isn't necessary provably fair.  Here is one of the articles:  http://coinbits.com/2013/06/06/provably-fair-by-bitzino-not-provable-with-proof-of-concepts/  

Many of the traditional casinos I play on have independent auditing services frequently reviewing and certifying their games.  Also, these websites license their games from larger companies and thus do not even have the ability to manipulate the games, whereas the "provably fair" casinos have full control over the game.  I am not saying that any of the "provable fair" casinos are cheating anybody, but is the bitcoin community over relying on the provably fair concept?  After reading the above article it is easy to see that the provably fair casinos can be manipulated, yet those with games licensed from larger, reputable companies can't be manipulated in anyway by the Licensor.  Just my thoughts.

Either way, I perform just as well with the traditional online casinos and find my winnings / performance to be the same and experience better.  Therefore, I guess if it makes people feel better that is a good thing.  Or is it?

[1714994518]

1714994518

[1714994518]

1714994518

[1714994518]

1714994518

[moderate]

Dear lord, thorough research is not reading paid articles or copy & paste from reddit and other dumb sources. Come back when you actually understand the concept, till there feel free to get scammed by bitwincasino and others providing what you are after.

[marvolous]

Dear lord, thorough research is not reading paid articles or copy & paste from reddit and other dumb sources. Come back when you actually understand the concept, till there feel free to get scammed by bitwincasino and others providing what you are after.

Very interesting response, but that is to be expected.  We actually understand provably fair very well and understand how it can be manipulated.  We are not sure what bitwincasino uses for its casino software however we also play on traditional online casinos that license software from larger companies which have their software audited.  Are you sure you are not the one being scammed?   

[b!z]

A property of cryptographic hashes is: "it is infeasible to generate a message that has a given hash". If results are generated properly using a server seed and client seed, neither the house nor the player can find the result before both are revealed.

The article you linked to shows how the provably fair system could be circumvented by the house. Games that are truly provably fair are (almost) impossible to manipulate.

A truly provably fair casino is always better than one that is independently audited. Individual results from an RNG could be manipulated, while provably fair results cannot be feasibly modified.

Read this if you're looking for a detailed explanation of provably fair.

[balanghai]

Even so if it is Provably fair, still chances of winning is more likely less then the chance of being stuck by a lightning.

[moderate]

Even so if it is Provably fair, still chances of winning is more likely less then the chance of being stuck by a lightning.

According to http://en.wikipedia.org/wiki/Lightning_strike the chance of being stuck by lightning in your lifetime is 1/6250.

Pretty much all provably fair casino-style games like Blackjack and Roulette have the same or better odds compared to real life casinos.
On many dice games, you can adjust your winning odds.

companies use provably fair as a marketing tactic ... when the reality is they have the same odds as all casinos but typically inferior gameplay.

Completely unrelated comparison. Just because you paid someone to make a shiny crap unprovably fair casino for you, it doesn't make it better than the other ones.

Provably fair is not a marketing tactic. You either provide it, or you don't and scam your players.

[DoubleMyCoins!]

marvolous: it's possible for some casinos to market themselves as "provably fair" but actually not be so.

Part of the problem is a misunderstanding by players of what provably fair actually means. In the Bitcoin community provably fair is supposed to mean players can't be cheated by a crafty house, at least not without being potentially found out and exposed.

Let me give an example with DoubleMyCoins, which has an easy to verify Provably Fair system. We have a 50/50 game, where a player picks the left or right card. One card wins, one card loses, simple. Now at the bottom of the screen before a player picks we actually show the winning answer - but it's in SHA-256 hashed form, so the player can't read it.

After they pick we show the revealed winning message and secret key used to make the hash shown previously. By using these values anyone can use any SHA-256 script to verify the values equal the hash, so it's known we couldn't change anything (we wouldn't get that hash).

That's the way math and hash algorithms work. Now, one way we could attempt to cheat is realize users won't always pay attention to the hash we show. We might then swap in a similar looking hash to make the player lose when we want. As long as players don't notice the switch we could successfully cheat them.

To prevent that, however, we also record every game with hash information automatically for the player and give them an online check tool which calculates any SHA-256 hash. We make it super easy for any player, even if they don't program, or pay attention to hashes while playing, to verify any of their games at any time. That means it would be very risky for us to try and swap in a fake hash, because we've empowered players to check games easily. The damage to our reputation wouldn't be worth it to risk swapping a few games, especially since we have a 1% house edge already. I hope that make sense for truly Provably Fair  

[moderate]

marvolous: it's possible for some casinos to market themselves as "provably fair" but actually not be so.

Part of the problem is a misunderstanding by players of what provably fair actually means. In the Bitcoin community provably fair is supposed to mean players can't be cheated by a crafty house, at least not without being potentially found out and exposed.

There is also another problem, where people that think they're providing something provably fair are not in fact doing so. Let me give an example with DoubleMyCoins, they do the following:

We have a 50/50 game, where a player picks the left or right card. One card wins, one card loses, simple. Now at the bottom of the screen before a player picks we actually show the winning answer - but it's in SHA-256 hashed form, so the player can't read it.

After they pick we show the revealed winning message and secret key used to make the hash shown previously. By using these values anyone can use any SHA-256 script to verify the values equal the hash, so it's known we couldn't change anything (we wouldn't get that hash).

The issue with that is that there is no user input involved, you're free to always generate a key that results in the right card being the winning one if you check that the new players always pick the left card. The user must always contribute to the process, and it must be done after the server picked whatever seeds it wanted to pick.

[DoubleMyCoins!]

The issue with that is that there is no user input involved, you're free to always generate a key that results in the right card being the winning one if you check that the new players always pick the left card. The user must always contribute to the process, and it must be done after the server picked whatever seeds it wanted to pick.

No, not for how our game works. You're thinking about games like Dice sites or Lottery sites where the winning answer is generated after a player chooses. For example, if you choose a "high roll" on Just Dice you will take that action before their server knows the answer. You click "high" and the server then makes a calculation based on the seed etc. to see if you win.

In our game the winning solution is known by the server before a user picks. So we actually show them the answer at the bottom of the screen. Here is an example of an answer:

left:18845f1e40ab0a8a2c0568f51e44b4aa834b6105e1b3d83f152172fcc35ae57d

We take that message and add a secret key to it to make a game hash which we show the user:

15063ea21c5a75d013008877740faa96ecc16b6f0b2c850e6e54104a2bdd4348

Now, after the user picks we show them the message above (showing left in this case) and the secret key used to make that shown hash, which is 530090401876695576969539 in this case. You can check these values with our Online Check tool.

With SHA-256 changing even one character of a message or secret key results in a completely different hash. So there is no way we could make the message say "right" in any way and get the same game hash we showed the user. Dooglus actually gave me the idea for streamlining my provably fair system to what it is now from when I first started out.

[moderate]

Yes, you missed the point entirely. I'm not interested in what someone else told you, the fact is that with the current scheme you are free to set whatever pattern you want as the user has no input into this.

[nimda]

The issue with that is that there is no user input involved, you're free to always generate a key that results in the right card being the winning one if you check that the new players always pick the left card. The user must always contribute to the process, and it must be done after the server picked whatever seeds it wanted to pick.

No, not for how our game works. You're thinking about games like Dice sites or Lottery sites where the winning answer is generated after a player chooses. For example, if you choose a "high roll" on Just Dice you will take that action before their server knows the answer. You click "high" and the server then makes a calculation based on the seed etc. to see if you win.

In our game the winning solution is known by the server before a user picks. So we actually show them the answer at the bottom of the screen. Here is an example of an answer:

left:18845f1e40ab0a8a2c0568f51e44b4aa834b6105e1b3d83f152172fcc35ae57d

That happens to be exactly what moderate is referring to. With some statistical analysis, you can make educated guesses as to which card the player will pick next. Then you generate a hash of the opposite one.

1. User picks "left" four times in a row
2. Server creates string "right:54fb18c1a..."
3. Server hashes the string ("0dd38ef...") and shows the hash to the player
4. The user loses, and checks the hash

With a client seed, this becomes more difficult. With some nice client-side Javascript which suggests a random client seed, this becomes much more difficult.

[DoubleMyCoins!]

Yes, you missed the point entirely. I'm not interested in what someone else told you, the fact is that with the current scheme you are free to set whatever pattern you want as the user has no input into this.

That's true, but setting a pattern would be a disadvantage. Any user that discovered the pattern could then accurately predict the answer and break the bank. I've done a lot of thinking on the topic of random numbers, Martingale systems, roulette, etc., because the subject interests me

The fact is we show the player exactly what the answer is at the bottom of the screen before they choose. How we arrive at that answer is irrelevant, because we can't control what the player will do. If they pick the correct side they win and we can't change that without providing a different game hash to what we showed.

That happens to be exactly what moderate is referring to. With some statistical analysis, you can make educated guesses as to which card the player will pick next. Then you generate a hash of the opposite one.

1. User picks "left" four times in a row
2. Server creates string "right:54fb18c1a..."
3. Server hashes the string ("0dd38ef...") and shows the hash to the player
4. The user loses, and checks the hash

With a client seed, this becomes more difficult. With some nice client-side Javascript which suggests a random client seed, this becomes much more difficult.

Yes, you're correct that we could try to pre-guess what the player will do, but you're forgetting any player can imagine we're doing that, just as you're imagining. They can then know with higher probability what the computer will select and alter their choice to win -- in other words "fake out" any prediction algorithm, choose "left" four times in a row to get the computer to select "right" as you say.

As I describe above, there are only 2 choices, and one will win, which is shown. The player always has a 50/50 chance to choose correctly. There is nothing we can do to stop that.

[nimda]

Yes, you're correct that we could try to pre-guess what the player will do, but you're forgetting any player can imagine we're doing that, just as you're imagining. They can then know with higher probability what the computer will select and alter their choice to win -- in other words "fake out" any prediction algorithm, choose "left" four times in a row to get the computer to select "right" as you say.

As I describe above, there are only 2 choices, and one will win, which is shown. The player always has a 50/50 chance to choose correctly. There is nothing we can do to stop that.

I'm not forgetting anything.

Do me a favor and beat this in 30 rounds:

http://www.nytimes.com/interactive/science/rock-paper-scissors.html

[Light]

Pretty much all provably fair casino-style games like Blackjack and Roulette have the same or better odds compared to real life casinos.

Some of the BTC online Blackjack sites actually hit on soft 17 which is not usually the case with real world casino. It adds about 0.2% house edge which is quite large compared to the standard house edge of ~0.4%. So I'm not too sure that there are that many sites with better odds.

[DoubleMyCoins!]

I'm not forgetting anything.

Do me a favor and beat this in 30 rounds:

http://www.nytimes.com/interactive/science/rock-paper-scissors.html

I've seen and played that before

I can't remember my score, but I believe I was successful making the computer "think" I was going to do something I wasn't, allowing me to win -- in other words behave irrationally on purpose.

But that's my point, and why like I said this topic interest me, why I built the game in the first place. It's actually very hard to know when something is truly random. Often a pattern can function well enough to be random, even though it's a pattern. This is known as pseudo-random, and is how computers usually generate random numbers (computers are not random by nature).

Like I said, though, the point is the site can never control what the user will do. Let's say my site tried your statistical analysis (which it doesn't). If anyone discovered the tendency of the algorithm they could use that to their advantage, and win reliably which would be costly. Second, according to that link humans are not very random. Let's say that's true (and I think it mostly is). Find a nickel and flip it. If it's heads choose right, tails choose left. Flip that coin over and over to make your choice if you don't trust yourself. You can't tell me my computer could analyze and accurately predict the result of your random coin flip...  

The day computers can accurately predict the result of random coin flips we should all just pack up and go home.

[Light]

Yes, you're correct that we could try to pre-guess what the player will do, but you're forgetting any player can imagine we're doing that, just as you're imagining. They can then know with higher probability what the computer will select and alter their choice to win -- in other words "fake out" any prediction algorithm, choose "left" four times in a row to get the computer to select "right" as you say.

As I describe above, there are only 2 choices, and one will win, which is shown. The player always has a 50/50 chance to choose correctly. There is nothing we can do to stop that.

I'm not forgetting anything.

Do me a favor and beat this in 30 rounds:

http://www.nytimes.com/interactive/science/rock-paper-scissors.html

Man this thing is pretty good fun, finally got there on my second try. I'm not exactly sure what the whole purpose of the exercise proves, just because thought patterns can be "predicted" over a set range doesn't mean that statistical probability doesn't approximate the expected for extremely large cases.

[nimda]

Find a nickel and flip it. If it's heads choose right, tails choose left. Flip that coin over and over to make your choice if you don't trust yourself. You can't tell me my computer could analyze and accurately predict the result of your random coin flip...  

No, I can't, and your destruction of that strawman proves nothing.

What percentage of your users, would you guess, use coin flips or other reliable sources of random data to base their decisions on? (I have a guess: "low.")

Like I said, though, the point is the site can never control what the user will do

Like I said, though, the point is the site can predict what the user will do with enough accuracy to effectively increase the house edge. This would be fine, and even fun, but not if the game were doing it under the pretense of being random. (I'm not making any allegations here; it's a hypothetical.)

If anyone discovered the tendency of the algorithm they could use that to their advantage, and win reliably which would be costly.

I'll bite:

Then the site could use a stop-loss and go back to being random. With enough laypersons playing, being dishonest would still be profitable.

[DoubleMyCoins!]

Like I said, though, the point is the site can never control what the user will do

Like I said, though, the point is the site can predict what the user will do with enough accuracy to effectively increase the house edge.

It can? This is something you know? Or something you're just thinking, because I can tell you my site can't. Further, I'd be interested in you telling me any computer on earth that can predict what I'm going to do accurately. If that was possible why should anyone live life? They could just go to this super smart computer and have it tell them what actions they would take before they need to -- live their life for them in other words.

Even if you could convince me that was possible you think I could build something like that myself? Further, that I would make such a fancy contraption to try increasing the house edge? By how much? At some point the complexity of trying to make such a thing isn't worth it for how much extra money would be gained, especially if users proved such existed and tarnished the site's reputation. It's simply not worth it.

This would be fine, and even fun, but not if the game were doing it under the pretense of being random. (I'm not making any allegations here; it's a hypothetical.)

Sometime even things that seem random are not. Supposedly, when you go to Las Vegas and a dealer spins the roulette ball he can't control where it falls. It's supposed to be random. But are you really sure no amount of his skill can influence it? I'm not. Anyway, I've set my site up to be random, to what I believe is actually random. I even play myself. Anyone is welcome to try and discover a pattern or analysis algorithm and if they do exploit it.

EDIT: and one more thing, you can see here that the win/loss ratio is almost exactly 50%, just as would be expected. If my site was influencing winning, wouldn't it need to win more than 50%? http://doublemycoins.com/games

[moderate]

Like I said, though, the point is the site can predict what the user will do with enough accuracy to effectively increase the house edge.

It can? This is something you know?

Irrelevant.

EDIT: and one more thing, you can see here that the win/loss ratio is almost exactly 50%, just as would be expected. If my site was influencing winning, wouldn't it need to win more than 50%?

Irrelevant, too. Maybe this one will take a bit longer for you to understand why it is irrelevant.


The thing is, your friend dooglus pointed you to something that is flawed and you cannot see by yourself why is that. It has been pointed already, but you can't understand it.

[DoubleMyCoins!]

Irrelevant.

That's irrelevant.

EDIT: and one more thing, you can see here that the win/loss ratio is almost exactly 50%, just as would be expected. If my site was influencing winning, wouldn't it need to win more than 50%?

Irrelevant, too. Maybe this one will take a bit longer for you to understand why it is irrelevant.


The thing is, your friend dooglus pointed you to something that is flawed and you cannot see by yourself why is that. It has been pointed already, but you can't understand it.

Your words are irrelevant, if you don't know why try thinking on it some more and maybe you'll see.

See, two can play the game of talking while saying nothing.