Are dices for generating seed words fair?

[testingelcrypto]

Is this really necessary ?

I'll refer you to an answer I gave in another thread on this topic:

Maybe. Maybe not. The numbers given so far in this thread discuss the Shannon entropy, but have you calculated the min-entropy you would achieve from doing this? What randomness extractor algorithm are you planning to use to turn those dice rolls in to usable entropy? How are you converting those dice rolls to binary without introducing modulo bias? It's not as simple as just "roll the dice more" - it's a very complex topic which most people do not fully understand (and I do not profess to either), which is why whenever the topic of manually generating entropy comes up, I always suggest von Neumann's coin flips to simply, quickly, and most importantly verifiably generate 128 or 256 bits of provably unbiased entropy.

If the answer to generating true random numbers was as simple as "Take any old non-random and biased process and just repeat it a bunch of times", there would not be an entire field of research dedicated to it.

We have methods were are provable and verifiable. Why risk everything by coming up with your own ad hoc scheme?

I would use casino grade dices and test it for its bias before using it. To convert it to binary without bias i would use this model : number1 : 1 number2: 0 number3: 00 number4: 01 number5: 10 number6: 11.

I would then use https://iancoleman.io/bip39/ on an old offline pc to get to 24 words and then burn the pc on my furnace.

Do you think this is a a valid method?

[1714558353]

1714558353

[1714558353]

1714558353

[1714558353]

1714558353

[LoyceV]

I would use casino grade dices and test it for its bias before using it.

How are you going to test this?

[o_e_l_e_o]

I would use casino grade dices and test it for its bias before using it.

Which statistical tests are you going to use? What degree of bias are you trying to exclude? What p value are you happy with? How many rolls does that require?

To convert it to binary without bias i would use this model : number1 : 1 number2: 0 number3: 00 number4: 01 number5: 10 number6: 11.

This method has always "felt" like the best way to turn dice rolls in to bits to me, but I am not a cryptographer and I cannot rule out some bias or other flaw of which I am unaware. And this is why I always recommend that people don't come up with their own ad hoc schemes and instead stick to the tried, tested, and verified methods.

It will be far quicker using a Von Neumann approach to flipping a coin to generate a provably random stream of bits than it will be to even begin to test the fairness of your dice.

[testingelcrypto]

Which statistical tests are you going to use? What degree of bias are you trying to exclude? What p value are you happy with? How many rolls does that require?

I will runt it 500 times and see if theres a bias.I accept a bias of 30% for one side since it still has good entropy if i go for 24 word seed. Even though i know it cant have that bias since they are casino dice


this method is from iancoleman website. Do you think its not good enough since he is the creator of the bip39? why do you think the coin flip method is better?

[larry_vw_1955]

I would use casino grade dices and test it for its bias before using it. To convert it to binary without bias i would use this model : number1 : 1 number2: 0 number3: 00 number4: 01 number5: 10 number6: 11.

that sounds sketchy. but it could be valid. i have no idea. the thing is though that think about it. you're trying to get a 256-bit binary string. 4,5 and 6 reduce the entropy because they take more information to encode but they have the same probability of occuring as all the other numbers. that seems problematic maybe i'm not sure.

also, you have no idea how many dice rolls are going to be needed to generate your 256 bit number that seems problematic too. it could be 256 rolls but it could be 128 or anything in between which brings up another question: what if you roll the dice and have collected 255 bits and then on your final roll, you happen to roll a 4,5 or 6? then you have a problem.   it means you have to start all over again. i guess.

I would then use https://iancoleman.io/bip39/ on an old offline pc to get to 24 words

partly correct but you would not need to do all that fancy stuff you mentioned above since ian coleman has a "base 6" option. you can just enter your rolls using the digits 2-6. for example, 2342356533533225644331....

Do you think this is a a valid method?

not as valid as using  o_e_l_e_o's coin flipping bias eliminator method. it's in this thread...

[o_e_l_e_o]

I will runt it 500 times and see if theres a bias.

Rolling a die 500 times to look for bias is grossly insufficient. You need thousands of flips to exclude a small bias from a coin which only has two possible outcomes (which is why it is faster to not bother and just use a Von Neumann approach). For a die with (presumably) 6 possible outcomes you are looking at tens of thousands of rolls.

I accept a bias of 30% for one side since it still has good entropy if i go for 24 word seed.

You're sure about that? As soon as you deviate from a uniform distribution, then min entropy becomes more import than Shannon entropy. What's the min entropy of your biased die? If you don't know what I'm talking about, then how do you know your system is safe?

this method is from iancoleman website. Do you think its not good enough since he is the creator of the bip39? why do you think the coin flip method is better?

Ian Coleman did not create BIP39. You might also be interested in this discussion of bias on his GitHub: Bias in dice based entropy

A Von Neumann's coin flip method is better because it is faster, it is simpler, there is no possibility to introduce various biases such as modulo bias, and most importantly, it is verifiably random.

[larry_vw_1955]

I accept a bias of 30% for one side since it still has good entropy if i go for 24 word seed.

You're sure about that?

if one side had a 30% bias, that's almost double the normal theoretical bias of 1/6. there would have to be something REALLY wrong with a dice if it was that far off.