Provably fair schemes: purpose of client seed?

[syskall]

Not technically related to Bitcoin but I couldn't find a better place to post.

Could someone explain the rationale for requiring a client seed as part of provably fair schemes?

Assuming the server seed commitment is known before placing a bet, the server can't alter the outcome in any way. Is is the idea that a server could predict betting patterns for an individual user (and shuffle cards / pick numbers accordingly)? That's the only thing I could think of which a client seed does prevent.

[pooya87]

the roll results are the result of a hash digest acquired from a hash function. what you feed to that hash function determines the result. so the point of these systems is to come up with a message (to be hashed) which is a concatenation of two or more parts that neither party could predict the result to.

so what the server does is that it generates a random seed, then doesn't reveal that to you. it only reveals the hash of it. this ensures that the server can not decide to change it later but at the same time you will not know what the seed is so you also can't predict the result of the final hash (like keep selecting different seeds to come up with your desired result and then publish your own seed).

then you come up with a seed and share it with the server, it combines your seed with their seed and runs the hash algorithm on it to come up with the final result. then they publish both final result and the seed so you could now verify it.

by the way, it might be a typo but the term is "provably" meaning "capable of being proved" not probably.

[PrimeNumber7]

Assuming the server seed commitment is known before placing a bet, the server can't alter the outcome in any way. Is is the idea that a server could predict betting patterns for an individual user (and shuffle cards / pick numbers accordingly)? That's the only thing I could think of which a client seed does prevent.

Yes, gamblers tend to be very predictable in their bets. If the gambler has the opportunity to add unique random data to the calculation of the result, the casino cannot predict the outcome of the bet ahead of time.

[syskall]

the roll results are the result of a hash digest acquired from a hash function. what you feed to that hash function determines the result. so the point of these systems is to come up with a message (to be hashed) which is a concatenation of two or more parts that neither party could predict the result to.

so what the server does is that it generates a random seed, then doesn't reveal that to you. it only reveals the hash of it. this ensures that the server can not decide to change it later but at the same time you will not know what the seed is so you also can't predict the result of the final hash (like keep selecting different seeds to come up with your desired result and then publish your own seed).

then you come up with a seed and share it with the server, it combines your seed with their seed and runs the hash algorithm on it to come up with the final result. then they publish both final result and the seed so you could now verify it.

by the way, it might be a typo but the term is "provably" meaning "capable of being proved" not probably.

It was indeed a typo. I know all of this but you haven't answered my question (appreciate the reply though).

[syskall]

Assuming the server seed commitment is known before placing a bet, the server can't alter the outcome in any way. Is is the idea that a server could predict betting patterns for an individual user (and shuffle cards / pick numbers accordingly)? That's the only thing I could think of which a client seed does prevent.

Yes, gamblers tend to be very predictable in their bets. If the gambler has the opportunity to add unique random data to the calculation of the result, the casino cannot predict the outcome of the bet ahead of time.

I see, so my assumption was correct. I just wanted to make sure it didn't serve some other purpose I hadn't thought of.

I am actually developing a multi party provably fair scheme (e.g. multiple players betting on the same "roll") but I'm slowly coming to the realization it might be impossible At least, not the perfect fairness that 2 party schemes enjoy. continued: https://bitcointalk.org/index.php?topic=5179222.msg52280258

[pooya87]

Assuming the server seed commitment is known before placing a bet, the server can't alter the outcome in any way. Is is the idea that a server could predict betting patterns for an individual user (and shuffle cards / pick numbers accordingly)? That's the only thing I could think of which a client seed does prevent.

Yes, gamblers tend to be very predictable in their bets. If the gambler has the opportunity to add unique random data to the calculation of the result, the casino cannot predict the outcome of the bet ahead of time.

I see, so my assumption was correct. I just wanted to make sure it didn't serve some other purpose I hadn't thought of.

I am actually developing a multi party provably fair scheme (e.g. multiple players betting on the same "roll") but I'm slowly coming to the realization it might be impossible At least, not the perfect fairness that 2 party schemes enjoy. continued: https://bitcointalk.org/index.php?topic=5179222.msg52280258

but there are no "patterns" to predict in these games that involve randomness (dice, random card pick, coin flip) not choice (poker). you are supposed to have come up with a random number that neither one of the people involved in it could predict. so they split the "input" into two parts, and that is why client seed exists.

as for your topic it seems to me that doing these three would solve the issue:
1. every player deposits his money with the house first (as they do with any other game like dice) so that they couldn't disconnect and run away from the unfavorable game
2. each party shares the hash of their seed before sharing the real seed. so that they couldn't change it and also so that sharing it wouldn't make it possible for others to calculate the final result.
3. a deadline to reveal the real seed. if any player fails to provide it in that time frame they are disqualified and the game will continue with the remaining players.

example:
hash sharing stage:

Code:

house: 58d2691facf7a8f32a321b7733a72fb3868c0cacb3a6ed39ff517b3e156694e6
Alice: 6778de0d2f12a06b2642e070bdbdac0c9198b0220e4a1a04848512b20ce3888f
Bob: 9b72133b264d521ec5ccf4a28b0d9eac765d37c8336d6ba0c46e29afd43d5430

move to real seed sharing:

Code:

this is house seed
The Alice SEED
and finallly bob's seed

compute the final hash:

Code:

Keccak_256(this is house seed The Alice SEED and finallly bob's seed) = 
d7b35184cf3c0386ce56c532e0e6dd46cfee4f0ed16f1d24240106b91e50b854

i also changed the final hash to eliminate any possibility of exploit!

[PrimeNumber7]

Assuming the server seed commitment is known before placing a bet, the server can't alter the outcome in any way. Is is the idea that a server could predict betting patterns for an individual user (and shuffle cards / pick numbers accordingly)? That's the only thing I could think of which a client seed does prevent.

Yes, gamblers tend to be very predictable in their bets. If the gambler has the opportunity to add unique random data to the calculation of the result, the casino cannot predict the outcome of the bet ahead of time.

I see, so my assumption was correct. I just wanted to make sure it didn't serve some other purpose I hadn't thought of.

I am actually developing a multi party provably fair scheme (e.g. multiple players betting on the same "roll")

There is something similar to what you describe, see https://www.bustabit.com/play

The server seed is committed to before any player starts gambling, and cannot be changed, so the casino cannot change the server seed based on betting patterns. There are multiple players betting on the same roll, however each player is betting against the house; this prevents a sockpuppet player beating the other players with inside information.

@ pooya87 - your proposed solution will not be provably fair, and is described in the OP's other thread. In your example, if Alice is a sockpuppet of the casino, it could wait until Bob reveals his seed based if the three combined seeds are a winning hand for the casino.

[pooya87]

@ pooya87 - your proposed solution will not be provably fair, and is described in the OP's other thread. In your example, if Alice is a sockpuppet of the casino, it could wait until Bob reveals his seed based if the three combined seeds are a winning hand for the casino.

as i explained in condition 3, the player that refuses to reveal its seed is disqualified and if games on such casino have more occurrence of something like this then the game and the casino will lose its reputation and nobody will play there anymore.

besides what is being explained here could be the case with any game not just this. for example in dice if you roll something that is supposed to win you a big reward the casino can show you an error saying something unknown went wrong instead of revealing their seed and giving you the number and reward. they wouldn't need a third player "sockpuppet" either.