So, I've only had a cursory look at the codebase for now. When my schedule allows me, I will have a more thorough look later. But one thing I want to comment on right now is that I like the idea of calculating an external hash from network data. As long as the network is large and decentralized enough, this will usually result in a fair system if the result is used correctly, and is actually how some people conduct giveaways on Bitcointalk.
of course- we all do... but there are issues:
1. it’s harder to understand, and it expands the trust circle.
2. it's harder to give users an offline verification tool.
3. no "commitment ceremony" exists like the hashed server seed they hold in their hands.
4. no lever of control like the client seed, which has direct impact on system.
5. its not without doubt.. "miners can control the outcome".
6. decentralized is great but its NOT local and not 100%-- blocks get fucked up all the time.
7. surface area for attack increases.
8. some casino will give it a bad name by not using the hashes correctly and effectivly cheat.
9.
MOST important: the casino operator now has to TRUST SOMEONE ELSE, when before they knew their system was 100% legit.
** i know most people are used to this feeling, they have their trust spread out all over town in third party tools. but i'm a builder and
L0TT0 is 100% inhouse code which allows us to TRUST our system and the tools we give our users to verify it.
any IOU loses its power if its not written down before it's paid- it doesnt matter who is backing it.
there is something very powerful in PF systems with the server seed hash promise and the tool to reset it with the client seed.
