Bitcoin Forum
August 21, 2017, 08:08:05 PM *
News: Latest stable version of Bitcoin Core: 0.14.2  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Bustabit.com Provably Fair Seeding Event  (Read 20800 times)
RHavar
Legendary
*
Offline Offline

Activity: 1050


head of customer success @ bustabit


View Profile WWW
January 12, 2015, 10:50:35 PM
 #1

Welcome to the first provably fair seeding event. One of the most requested features of bustabit has been to create a provably distribution of game crashes, to replace our provably predetermined multipliers.

The original scheme of turning a multiplayer game in which peers do not trust each other was first proposed by Dooglus, refined by Eric and solidified into code by Steve.

The high level of the scheme is as follows:

1) We have generated a chain of 10 million sha256 hashes, starting with a server secret that has been repeatedly fed the output of sha256 back into itself 10 million times. The sha256 of the final hash in the chain is: c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d, by publicising it here we are preventing any ability to pick an alternate sha256 chain.


2) Bustabit will play through that chain of hashes, in reverse order, and use the hashes to determine the crash point in a probably fair manner.

3) To avoid criticism that the Bitcoin address used in step 1 was carefully chosen to generate lots of "bad" crash points, each hash in the chain will be salted with a client seed, which we have no control of. The client seed will be the block hash of a Bitcoin block that hasn't yet been mined: block 339300.


The reference code (javascript) is as follows:

The method to create the hash chain is simply sha256:
Code:
function genGameHash(serverSeed) {
  return crypto.createHash('sha256').update(serverSeed).digest('hex');
}

The method to convert a game hash, mix it with the picked client seed to a money pot multiplier:

Code:
function crashPointFromHash(serverSeed, clientSeed) {
  function divisible(hash, mod) {
    // We will read in 4 hex at a time, but the first chunk might be a bit smaller
    // So ABCDEFGHIJ should be chunked like  AB CDEF GHIJ
    var val = 0;
    
    var o = hash.length % 4;
    for (var i = o > 0 ? o - 4 : 0; i < hash.length; i += 4) {
      val = ((val << 16) + parseInt(hash.substring(i, i+4), 16)) % mod;
    }

    return val === 0;
  }

  var hash = crypto.createHmac('sha256', serverSeed).update(clientSeed).digest('hex');

  /* In 1 of 101 games the game crashes instantly. */
  if (divisible(hash, 101))
     return 0;

  /* Use the most significant 52-bit from the hash
     to calculate the crash point */
  var h = parseInt(hash.slice(0,52/4),16);
  var e = Math.pow(2,52);

  return Math.floor((100 * e - h) / (e - h));
}

The chain could be generated with code such as:

Code:
var serverSecret =  'If you knew this, you could steal all my money';
var clientSeed = '0000examplehash';

var gamesToGenerate = 1e7;

var serverSeed = serverSecret;

for (var game = gamesToGenerate; game > 0; --game) {
  serverSeed = genGameHash(serverSeed);
  console.log('Game ' +  game + ' has a crash point of ' + (crashPointFromHash(serverSeed, clientSeed) / 100).toFixed(2) +'x', '\t\tHash: ' + serverSeed);
}

var terminatingHash = genGameHash(serverSeed);

console.log('The terminating hash is: ', terminatingHash);


Using our chosen starting serverSeed, the hash terminating the chain is c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d. That is to say, the first game's hash played under the new provably fair scheme, when hashed will be c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d.

bustabit.com :: The social bitcoin gambling site
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1503346085
Hero Member
*
Offline Offline

Posts: 1503346085

View Profile Personal Message (Offline)

Ignore
1503346085
Reply with quote  #2

1503346085
Report to moderator
1503346085
Hero Member
*
Offline Offline

Posts: 1503346085

View Profile Personal Message (Offline)

Ignore
1503346085
Reply with quote  #2

1503346085
Report to moderator
blockage
Member
**
Offline Offline

Activity: 99

Vires in numeris.


View Profile
January 12, 2015, 11:01:44 PM
 #2

Welcome to the first provably fair seeding event. One of the most requested features of Money Pot has been to create a provably distribution of game crashes, to replace our provably predetermined multipliers.

The original scheme of turning a multiplayer game in which peers do not trust each other was first proposed by Dooglus, refined by Eric and solidified into code by Steve.

In order to ensure fairness, we need to select a client seed in a verifiable way, after we have publicised all details and cannot control the outcome of the client seed picking. This is where the seeding event comes in, we need you to witness the process to ensure nothing has changed. A good way to do this might be save the post, quote it somewhere, save a copy in some archiving services. If anyone wants me to email them a copy, PM me your email address.

Our plan is to use hash of the bitcoin block 339300 as the client seed. If anyone finds any flaws in the code or methodology, we will push the block back to accommodate.  

The technical details are as follows:

The method to convert a serverSeed and clientSeed to a game hash is quite simple:
Code:
function genGameHash(serverSeed, clientSeed) {
  return crypto.createHmac('sha256', serverSeed).update(clientSeed).digest('hex');
}

The method to convert a game hash to a money pot multiplier is a bit more complex:
Code:
function crashPointFromHash(hash) {
  // Returns an integers corresponding to the game crash. 123 = Game crashes at 1.23x

  function divisible(hash, mod) {
    // We will read in 4 hex at a time, but the first chunk might be a bit smaller
    // So ABCDEFGHIJ should be chunked like  AB CDEF GHIJ
    var val = 0;
    
    var o = hash.length % 4;
    for (var i = o > 0 ? o - inc : 0; i < hash.length; i += 4) {
      val = ((val << 16) + parseInt(hash.substring(i, i+4), 16)) % mod;
    }

    return val === 0;
  }

  /* In 1 of 101 games the game crashes instantly. */
  if (divisible(hash, 101))
    return 0;

  /* Use the most significant 52-bit from the hash
     to calculate the crash point */
  var h = parseInt(hash.slice(0,52/4),16);
  var e = Math.pow(2,52);

  /* Assuming the 52-bit prefix is uniformly distributed
     then r is uniformly distributed over [0,1). */
  var r = h / e;

  /* Perfect is the perfectly continuous distributed
     multiplier for a zero sum game. */
  var perfect    = 1 / (1 - r);

  /* Apply a house edge to the perfect distribution. */
  var houseEdge  = (perfect-1) * 0.01;
  var multiplier = perfect - houseEdge;

  // return Math.floor(multiplier * 100);

  /* Inlining and simplifying the above yields the following version
     which is slightly more numerically stable. The multiplication
     100 * e still leaves the exactly representable integers.
  */
  return Math.floor((100 * e - h) / (e - h));
}

The chain could be generated with code such as:

Code:
var serverSeed = 'If you knew this, you could steal all my money'; // example
var clientSeed = '000000000000000012e8c0efdff2b8f67282e211749cc5530bd6e709f70279e1'; // determined by this seeding event

var gamesToGenerate = 100; // It'll be much larger in reality

for (var game = gamesToGenerate; game > 0; --game) {
  serverSeed = genGameHash(serverSeed, clientSeed);
  console.log('Game ' +  game + ' has a crash point of ' + (crashPointFromHash(serverSeed) / 100).toFixed(2) +'x', '\t\tHash: ' + serverSeed);
}


Using our chosen starting serverSeed, the hash chain terminating with the hash 7ebfb0e6cbfbdb4de6940fb954f4c554f388de114e04caeb5a26144458b551c1


Just a quote to have a copy not editable by OP. Maybe somebody with higher trust can re-quote Wink
RHavar
Legendary
*
Offline Offline

Activity: 1050


head of customer success @ bustabit


View Profile WWW
January 12, 2015, 11:44:21 PM
 #3

I generated a snapshot here: https://web.archive.org/web/20150112230357/https://bitcointalk.org/index.php?topic=922898.0

Also, made an inconsequential bug fix of the line:

Code:
for (var i = o > 0 ? o - inc : 0; i < hash.length; i += 4) {

to

Code:
for (var i = o > 0 ? o - 4 : 0; i < hash.length; i += 4) {


It doesn't matter, as o is always 0, but just for clarity sake I fixed it.

bustabit.com :: The social bitcoin gambling site
gmannnnn
Member
**
Offline Offline

Activity: 72


View Profile
January 13, 2015, 10:17:03 AM
 #4

this seems really good. Has it already been implemented? If not, when does it start?



You need to give us a hash of the initial server seed.

For your own sake I hope you make this seed random / long enough Wink
RHavar
Legendary
*
Offline Offline

Activity: 1050


head of customer success @ bustabit


View Profile WWW
January 13, 2015, 01:33:23 PM
 #5

this seems really good. Has it already been implemented? If not, when does it start?

Not yet, it will start after the drawing -- probably at the end of the week


Quote
You need to give us a hash of the initial server seed.

It's not actually required, but you it is the private key to the address: 1J6qabbRQmxiii4j8mmAZ3XTvURZ8yzwfy

Quote
For your own sake I hope you make this seed random / long enough Wink

If anyone does discover it, they are welcome to use it to make a spend Grin

bustabit.com :: The social bitcoin gambling site
blockage
Member
**
Offline Offline

Activity: 99

Vires in numeris.


View Profile
January 13, 2015, 02:43:50 PM
 #6

The chain could be generated with code such as:

Code:
var serverSeed = 'If you knew this, you could steal all my money'; // example
var clientSeed = '000000000000000012e8c0efdff2b8f67282e211749cc5530bd6e709f70279e1'; // determined by this seeding event

var gamesToGenerate = 100; // It'll be much larger in reality

for (var game = gamesToGenerate; game > 0; --game) {
  serverSeed = genGameHash(serverSeed, clientSeed);
  console.log('Game ' +  game + ' has a crash point of ' + (crashPointFromHash(serverSeed) / 100).toFixed(2) +'x', '\t\tHash: ' + serverSeed);
}


Using our chosen starting serverSeed, the hash chain terminating with the hash 7ebfb0e6cbfbdb4de6940fb954f4c554f388de114e04caeb5a26144458b551c1

The serverSeeds should be a pure sha256 chain without mixing the clientSeed in. Else you can't really give us the end of the chain ahead of the clientSeed Wink So
Code:
 serverSeed = genGameHash(serverSeed, clientSeed);
should in fact be
Code:
 serverSeed = sha256(serverSeed);

Also the end of the chain 7ebf.... is that the hash for determining the crashpoint of game 1 or is it the hash thereof? Please make that clear.
gmannnnn
Member
**
Offline Offline

Activity: 72


View Profile
January 13, 2015, 02:50:07 PM
 #7


The serverSeeds should be a pure sha256 chain without mixing the clientSeed in. Else you can't really give us the end of the chain ahead of the clientSeed Wink So

this is just false. there is no way to recover the serverseed from the chain, even with a known client.

edit:misunderstood. true, how can you be giving us the end value, if you yourself dont know the client seed OP?

Anyway, OP, doesnt this mean you will need to generate such chains every week? seems unpractical, both to you and to players.  how many rolls did you pregenerate?
blockage
Member
**
Offline Offline

Activity: 99

Vires in numeris.


View Profile
January 13, 2015, 02:56:51 PM
 #8


The serverSeeds should be a pure sha256 chain without mixing the clientSeed in. Else you can't really give us the end of the chain ahead of the clientSeed Wink So

this is just false. there is no way to recover the serverseed from the chain, even with a known client.

edit:misunderstood. true, how can you be giving us the end value, if you yourself dont know the client seed OP?

Yes I noticed the misunderstanding. Terminology is not clear. I would call the start of the chain 'server secret' and then every element of the chain is a server seed for a specific game.

Anyway, OP, doesnt this mean you will need to generate such chains every week? seems unpractical, both to you and to players.  how many rolls did you pregenerate?

I think OP wanted to generate a chain of 10M seeds which would last ~6 years. OP obviously you already generated the chain, because you already told us the end. So what's 'gamesToGenerate' in reality?
gmannnnn
Member
**
Offline Offline

Activity: 72


View Profile
January 13, 2015, 02:59:48 PM
 #9


The serverSeeds should be a pure sha256 chain without mixing the clientSeed in. Else you can't really give us the end of the chain ahead of the clientSeed Wink So

this is just false. there is no way to recover the serverseed from the chain, even with a known client.

edit:misunderstood. true, how can you be giving us the end value, if you yourself dont know the client seed OP?

Yes I noticed the misunderstanding. Terminology is not clear. I would call the start of the chain 'server secret' and then every element of the chain is a server seed for a specific game.

Anyway, OP, doesnt this mean you will need to generate such chains every week? seems unpractical, both to you and to players.  how many rolls did you pregenerate?

I think OP wanted to generate a chain of 10M seeds which would last ~6 years. OP obviously you already generated the chain, because you already told us the end. So what's 'gamesToGenerate' in reality?


i think that was the hash of the example case. he could not have created the real hash as he himself does not yet know the client seed - that block has not been mined yet!

op you need to comunicate more clearly if you want your system to be seen as transparent.
RHavar
Legendary
*
Offline Offline

Activity: 1050


head of customer success @ bustabit


View Profile WWW
January 13, 2015, 03:14:15 PM
 #10

Thanks very much guys. I've updated the original post to address all the concerns and fix. Since we're well and truly before bitcoin block 339300 I have updated the final terminating hash and more tightly specified what it means.

Could you guys please give it a re-review, and generate another snapshot?

bustabit.com :: The social bitcoin gambling site
blockage
Member
**
Offline Offline

Activity: 99

Vires in numeris.


View Profile
January 13, 2015, 03:18:01 PM
 #11

Thanks very much guys. I've updated the original post to address all the concerns and fix. Since we're well and truly before bitcoin block 339300 I have updated the final terminating hash and more tightly specified what it means.

Could you guys please give it a re-review, and generate another snapshot?

Ok looks good. Here is another snapshot http://web.archive.org/web/20150113151628/https://bitcointalk.org/index.php?topic=922898.0 and a new quote of OP:


Welcome to the first provably fair seeding event. One of the most requested features of Money Pot has been to create a provably distribution of game crashes, to replace our provably predetermined multipliers.

The original scheme of turning a multiplayer game in which peers do not trust each other was first proposed by Dooglus, refined by Eric and solidified into code by Steve.

In order to ensure fairness, we need to select a client seed in a verifiable way, after we have publicised all details and cannot control the outcome of the client seed picking. This is where the seeding event comes in, we need you to witness the process to ensure nothing has changed. A good way to do this might be save the post, quote it somewhere, save a copy in some archiving services. If anyone wants me to email them a copy, PM me your email address.

Our plan is to use hash of the bitcoin block 339300 as the client seed. If anyone finds any flaws in the code or methodology, we will push the block back to accommodate.  

The technical details are as follows:

The method to create the hash chain is simply sha256:
Code:
function genGameHash(serverSeed) {
  return crypto.createHash('sha256').update(serverSeed).digest('hex');
}

The method to convert a game hash to a money pot multiplier is a bit more complex:

Code:
function crashPointFromHash(serverSeed, clientSeed) {
  function divisible(hash, mod) {
    // We will read in 4 hex at a time, but the first chunk might be a bit smaller
    // So ABCDEFGHIJ should be chunked like  AB CDEF GHIJ
    var val = 0;
    
    var o = hash.length % 4;
    for (var i = o > 0 ? o - 4 : 0; i < hash.length; i += 4) {
      val = ((val << 16) + parseInt(hash.substring(i, i+4), 16)) % mod;
    }

    return val === 0;
  }

  var hash = crypto.createHmac('sha256', serverSeed).update(clientSeed).digest('hex');

  /* In 1 of 101 games the game crashes instantly. */
  if (divisible(hash, 101))
     return 0;

  /* Use the most significant 52-bit from the hash
     to calculate the crash point */
  var h = parseInt(hash.slice(0,52/4),16);
  var e = Math.pow(2,52);

  return Math.floor((100 * e - h) / (e - h));
}

The chain could be generated with code such as:

Code:
var serverSecret =  'If you knew this, you could steal all my money';
var clientSeed = '0000examplehash';

var gamesToGenerate = 1e7;

var serverSeed = serverSecret;

for (var game = gamesToGenerate; game > 0; --game) {
  serverSeed = genGameHash(serverSeed);
  console.log('Game ' +  game + ' has a crash point of ' + (crashPointFromHash(serverSeed, clientSeed) / 100).toFixed(2) +'x', '\t\tHash: ' + serverSeed);
}



Using our chosen starting serverSeed, the hash chain terminating with the hash c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d. That is to say, the first game played under the new provably fair scheme, will be played with this hash. The second money pot game played, when hashed will be this hash.

The server secret is a bitcoin private key, which corresponds to the address:
1J6qabbRQmxiii4j8mmAZ3XTvURZ8yzwfy, where a 10 bitcoin bounty awaits anyone who discovers the leaked server secret.

blockage
Member
**
Offline Offline

Activity: 99

Vires in numeris.


View Profile
January 13, 2015, 03:22:38 PM
 #12

Using our chosen starting serverSeed, the hash terminating the chain is c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d. That is to say, the first game played under the new provably fair scheme, will be played with this hash. The second money pot game played, when hashed will be this hash.

I don't like the wording. Was clearer before but fine with me. An offset of 1 doesn't really matter. But if you want to give everyone a free roll with a known hash, that's also fine with me Wink
RHavar
Legendary
*
Offline Offline

Activity: 1050


head of customer success @ bustabit


View Profile WWW
January 13, 2015, 03:25:59 PM
 #13

Using our chosen starting serverSeed, the hash terminating the chain is c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d. That is to say, the first game played under the new provably fair scheme, will be played with this hash. The second money pot game played, when hashed will be this hash.

I don't like the wording. Was clearer before but fine with me. An offset of 1 doesn't really matter. But if you want to give everyone a free roll with a known hash, that's also fine with me Wink

Yeah, it's not going to matter ( I doubt anyone will catch the first few games) but it's a bit icky. I changed the quote to:
Quote
That is to say, the first game's hash played under the new provably fair scheme, when hashed will be this hash.

bustabit.com :: The social bitcoin gambling site
gmannnnn
Member
**
Offline Offline

Activity: 72


View Profile
January 13, 2015, 03:27:06 PM
 #14

Using our chosen starting serverSeed, the hash terminating the chain is c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d. That is to say, the first game played under the new provably fair scheme, will be played with this hash. The second money pot game played, when hashed will be this hash.

I don't like the wording. Was clearer before but fine with me. An offset of 1 doesn't really matter. But if you want to give everyone a free roll with a known hash, that's also fine with me Wink

I dont understand either.

please correct me where im wrong:
client seed: not yet known
server seed: priv. key of address

 hash terminating chain: c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d

^ how did you calculate that if you dont know the client seed?

blockage
Member
**
Offline Offline

Activity: 99

Vires in numeris.


View Profile
January 13, 2015, 03:30:03 PM
 #15

Using our chosen starting serverSeed, the hash terminating the chain is c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d. That is to say, the first game played under the new provably fair scheme, will be played with this hash. The second money pot game played, when hashed will be this hash.

I don't like the wording. Was clearer before but fine with me. An offset of 1 doesn't really matter. But if you want to give everyone a free roll with a known hash, that's also fine with me Wink

I dont understand either.

please correct me where im wrong:
client seed: not yet known
server seed: priv. key of address

 hash terminating chain: c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d

^ how did you calculate that if you dont know the client seed?

OP updated the code. The server seed chain is calculated without the client seed as it's supposed to be. Look at the line in the for loop that updated the server seed variable:
Code:
  serverSeed = genGameHash(serverSeed);
RHavar
Legendary
*
Offline Offline

Activity: 1050


head of customer success @ bustabit


View Profile WWW
January 13, 2015, 03:35:05 PM
 #16

hash terminating chain: c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d

^ how did you calculate that if you dont know the client seed?

The point is I am proving I have calculated, and committed to using a particular a hash chain before the client seed is known. The client-seed is used in interpreting the hashes to create a game outcome, so there's no way I could have created a "bad" or "good" hash chain.

bustabit.com :: The social bitcoin gambling site
omahapoker
Hero Member
*****
Offline Offline

Activity: 868



View Profile
January 13, 2015, 03:38:11 PM
 #17

if bitcoin is still around at the end of the week, i'll check it out
gmannnnn
Member
**
Offline Offline

Activity: 72


View Profile
January 13, 2015, 03:38:48 PM
 #18

Welcome to the first provably fair seeding event. One of the most requested features of Money Pot has been to create a provably distribution of game crashes, to replace our provably predetermined multipliers.

The original scheme of turning a multiplayer game in which peers do not trust each other was first proposed by Dooglus, refined by Eric and solidified into code by Steve.

In order to ensure fairness, we need to select a client seed in a verifiable way, after we have publicised all details and cannot control the outcome of the client seed picking. This is where the seeding event comes in, we need you to witness the process to ensure nothing has changed. A good way to do this might be save the post, quote it somewhere, save a copy in some archiving services. If anyone wants me to email them a copy, PM me your email address.

Our plan is to use hash of the bitcoin block 339300 as the client seed. If anyone finds any flaws in the code or methodology, we will push the block back to accommodate.  

The technical details are as follows:

The method to create the hash chain is simply sha256:
Code:
function genGameHash(serverSeed) {
  return crypto.createHash('sha256').update(serverSeed).digest('hex');
}

The method to convert a game hash to a money pot multiplier is a bit more complex:

Code:
function crashPointFromHash(serverSeed, clientSeed) {
  function divisible(hash, mod) {
    // We will read in 4 hex at a time, but the first chunk might be a bit smaller
    // So ABCDEFGHIJ should be chunked like  AB CDEF GHIJ
    var val = 0;
    
    var o = hash.length % 4;
    for (var i = o > 0 ? o - 4 : 0; i < hash.length; i += 4) {
      val = ((val << 16) + parseInt(hash.substring(i, i+4), 16)) % mod;
    }

    return val === 0;
  }

  var hash = crypto.createHmac('sha256', serverSeed).update(clientSeed).digest('hex');

  /* In 1 of 101 games the game crashes instantly. */
  if (divisible(hash, 101))
     return 0;

  /* Use the most significant 52-bit from the hash
     to calculate the crash point */
  var h = parseInt(hash.slice(0,52/4),16);
  var e = Math.pow(2,52);

  return Math.floor((100 * e - h) / (e - h));
}

The chain could be generated with code such as:

Code:
var serverSecret =  'If you knew this, you could steal all my money';
var clientSeed = '0000examplehash';

var gamesToGenerate = 1e7;

var serverSeed = serverSecret;

for (var game = gamesToGenerate; game > 0; --game) {
  serverSeed = genGameHash(serverSeed);
  console.log('Game ' +  game + ' has a crash point of ' + (crashPointFromHash(serverSeed, clientSeed) / 100).toFixed(2) +'x', '\t\tHash: ' + serverSeed);
}

var terminatingHash = genGameHash(serverSeed);

console.log('The terminating hash is: ', terminatingHash);


Using our chosen starting serverSeed, the hash terminating the chain is c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d. That is to say, the first game's hash played under the new provably fair scheme, when hashed will be c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d.

The server secret is a bitcoin private key, which corresponds to the address:
1J6qabbRQmxiii4j8mmAZ3XTvURZ8yzwfy, where a 10 bitcoin bounty awaits anyone who discovers the leaked server secret.





got it.

quoted to prevent editing.
omahapoker
Hero Member
*****
Offline Offline

Activity: 868



View Profile
January 13, 2015, 03:44:58 PM
 #19

Welcome to the first provably fair seeding event. One of the most requested features of Money Pot has been to create a provably distribution of game crashes, to replace our provably predetermined multipliers.

The original scheme of turning a multiplayer game in which peers do not trust each other was first proposed by Dooglus, refined by Eric and solidified into code by Steve.

In order to ensure fairness, we need to select a client seed in a verifiable way, after we have publicised all details and cannot control the outcome of the client seed picking. This is where the seeding event comes in, we need you to witness the process to ensure nothing has changed. A good way to do this might be save the post, quote it somewhere, save a copy in some archiving services. If anyone wants me to email them a copy, PM me your email address.

Our plan is to use hash of the bitcoin block 339300 as the client seed. If anyone finds any flaws in the code or methodology, we will push the block back to accommodate.  

The technical details are as follows:

The method to create the hash chain is simply sha256:
Code:
function genGameHash(serverSeed) {
  return crypto.createHash('sha256').update(serverSeed).digest('hex');
}

The method to convert a game hash to a money pot multiplier is a bit more complex:

Code:
function crashPointFromHash(serverSeed, clientSeed) {
  function divisible(hash, mod) {
    // We will read in 4 hex at a time, but the first chunk might be a bit smaller
    // So ABCDEFGHIJ should be chunked like  AB CDEF GHIJ
    var val = 0;
    
    var o = hash.length % 4;
    for (var i = o > 0 ? o - 4 : 0; i < hash.length; i += 4) {
      val = ((val << 16) + parseInt(hash.substring(i, i+4), 16)) % mod;
    }

    return val === 0;
  }

  var hash = crypto.createHmac('sha256', serverSeed).update(clientSeed).digest('hex');

  /* In 1 of 101 games the game crashes instantly. */
  if (divisible(hash, 101))
     return 0;

  /* Use the most significant 52-bit from the hash
     to calculate the crash point */
  var h = parseInt(hash.slice(0,52/4),16);
  var e = Math.pow(2,52);

  return Math.floor((100 * e - h) / (e - h));
}

The chain could be generated with code such as:

Code:
var serverSecret =  'If you knew this, you could steal all my money';
var clientSeed = '0000examplehash';

var gamesToGenerate = 1e7;

var serverSeed = serverSecret;

for (var game = gamesToGenerate; game > 0; --game) {
  serverSeed = genGameHash(serverSeed);
  console.log('Game ' +  game + ' has a crash point of ' + (crashPointFromHash(serverSeed, clientSeed) / 100).toFixed(2) +'x', '\t\tHash: ' + serverSeed);
}

var terminatingHash = genGameHash(serverSeed);

console.log('The terminating hash is: ', terminatingHash);


Using our chosen starting serverSeed, the hash terminating the chain is c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d. That is to say, the first game's hash played under the new provably fair scheme, when hashed will be c1cfa8e28fc38999eaa888487e443bad50a65e0b710f649affa6718cfbfada4d.

The server secret is a bitcoin private key, which corresponds to the address:
1J6qabbRQmxiii4j8mmAZ3XTvURZ8yzwfy, where a 10 bitcoin bounty awaits anyone who discovers the leaked server secret.





got it.

quoted to prevent editing.



made it. i saved your reply to prevent major editing
gmannnnn
Member
**
Offline Offline

Activity: 72


View Profile
January 13, 2015, 03:50:07 PM
 #20

The server secret is a bitcoin private key, which corresponds to the address:
1J6qabbRQmxiii4j8mmAZ3XTvURZ8yzwfy, where a 10 bitcoin bounty awaits anyone who discovers the leaked server secret.

btw, are you saying there is a 10btc bounty for the compromisation of your scheme?
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!