As we all know, hashchain is commonly used in multiplayer games like Crash where each successive hash is a SHA256 hash of the previous hash and then hashes are used in reverse order as the server seed.
Just to drop some history, this method was either invented by (or at least: suggested by) Dooglus, as a solution for how to make bustabit provably fair. I was the person to first implement it (and added the seeding event to avoid the possibility of picking a bad hash chain).
Q. Do you keep th entire hashchain on the live database or only a chunk for next 100-200 rounds?
On one extreme you can only storing the last games hash. But then it'll take linear [to the amount of how far the game is from the end time to calculate a given game ids hash. The other extreme would be to store every hash but you can lookup any games hash in const time. As you noted, you could for instance do a hybrid solution and store the hash of every Nth game. This would work fine, but I don't think you could justify the complexity unless you had a MASSIVE hash chain. Most bustabit-clones have a hashchain of ~10M or so. That's nothing to store. But if you had a much faster paced game, and needed a hash chain of billions .... it probably would make sense to only store every 1000th or so hash, and derive from it.
Q. Do you keep bare hashes or encrypted? If encrypted then using which encryption and how is the hash decrypted before each round?
Well generally they're going to be stored in a database, and generally that database is going to have some sort of physical drive encryption. But fundamentally before (or at least during) each game, the game server needs to know when the game will bust ...
Q. How do you keep hashchain secure?
Same way you keep any secret secure, I guess. A good starting point is perhaps to store the secrets on a machine that is physically in your possession. Probably a little harder for it to be compromised than cloud servers, for instance.
Q. Has your hashchain ever compromised? If yes, how did you tackle the hack?
Q. It may be possible that a player got hold of the hashchain. In such condition, he may smartly use hashes and make infinite profits on games like Crash. So do you regularly check players' accounts and scrutinise whether someone making huge profits? If yes then did you replace your hashchain considering the possibility of compromise?
I remember the monero (?) guys wrote a paper on how you'd detect someone cheating in dice, which is the same thing. Basically I think their solution was to look at something to do with the amount of variance in their wins. In practice, it wouldn't be very useful at all against someone smart who knew the busts... After all, there's a constant stream of people winning millions -- it's pretty easy for someone who knows the busts to blend into the people who are lucky.
