Pages:
Author

Topic: Are dices for generating seed words fair? - page 13. (Read 3456 times)

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
There is an analog method of using 2 or 3 dice rolls to "unbias" any biased dice rolls. Then you can use that as your RNG. Of course, for 256 bit equivalent, instead of rolling 100 times, you would roll 200 or 300 times. Or more. Not sure of the math.

I just bough a pack of 100 colored dice from amazon for kids to play with, but I keep it. They seem random enough and you can toss the whole bunch all at once, line them up at the bottom of a box and use that. Your physical security is more important than the perceived bias of the dice. Do it in a room where it is very noisy and under a blanket so that no one else can see or hear the dice rolls.

If you are writing it down, make sure there are no impressions left under the paper (use a clipboard or other hard surface to write on top of.)
legendary
Activity: 3472
Merit: 10611
Here is a complementary idea: mix the result
Extending the proposal: Use the hash function thousands of times. Not only you ensure that a dice bias isn't enough to betray you, but you also make it much harder for an attacker to find your entropy.

For example, let's assume that one of the dices you use has a 50% chance of returning the number 6. Let's also assume that your RNG is weakened. Now it's much easier for an attacker to hash the dices' entropy mixed with the semipredictable generated number. But, if you use the hash function twice, you've just made it two times more difficult. Do it a few million times and you've made it realistically impossible.

I can't believe how paranoid, schizophrenic and miserable I've become since I made an account here.  Tongue
That sounds like overkill to me because the dice has to be really broken to create a bias big enough to make the end result weak, same with the RNG. But hey it never hurts to add more cost to your process as long as you can endure the extra time it needs.
In that case I'd suggest using an expensive KDF such as scrypt to derive the key instead of increasing the number of hashes you compute. You can change scrypt parameters to use a lot of memory to maximize the expense.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
When throwing dice at a casino the shooter has to have the dice hit the back wall of the table. The casinos want that to happen because when the dice hit the back wall they believe the dice then become fully random. Many casinos tend have the wall covered in a multi angled surface. Doing it a home, not so much if you are just throwing them on your computer desk.

However, with the availability of dice with up to 120 sides you can actually come up with some really ways to do things.

-Dave
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Here is a complementary idea: mix the result
Extending the proposal: Use the hash function thousands of times. Not only you ensure that a dice bias isn't enough to betray you, but you also make it much harder for an attacker to find your entropy.

For example, let's assume that one of the dices you use has a 50% chance of returning the number 6. Let's also assume that your RNG is weakened. Now it's much easier for an attacker to hash the dices' entropy mixed with the semipredictable generated number. But, if you use the hash function twice, you've just made it two times more difficult. Do it a few million times and you've made it realistically impossible.

I can't believe how paranoid, schizophrenic and miserable I've become since I made an account here.  Tongue
legendary
Activity: 3472
Merit: 10611
Here is a complementary idea: mix the result

You want to make sure that the final key/seed you produce is not affected by any kind of bias then generate your entropy using the dice then generate another entropy using another source (easiest is using a computer RNG) and then mix the two results.
It could be a simple computation of HMACSHA256 to derive a 256 key (used as a private key or a seed to BIP39/32) where one entropy is your key and another is your message.

This way you aren't relying on one source of entropy and can eliminate the bias well enough.
staff
Activity: 3304
Merit: 4115
Anyone that's willing to use a known weighted dice, and compare the results to one that is completely balanced, would be appreciated Tongue. I'm guessing there would be some sort of bias, but I imagine it would still largely depend on the power/speed of the person throwing it.

In casinos, the throwers (if they aren't using a automatic machine) have very likely got into a habit, and therefore throw the same dice, the same way, at the same projective/angle/technique. However, my technique, and speed/power will differ from if you threw it. So, even though the dice might be weighted, you would assume we would get vastly different results regardless. There could be a small bias to a certain side of the dice due to the balancing issues, but without knowing what sort of bias that is, as it could be very small, I don't think it's something we really need to be worried about.

Personally, while it might be something to consider, I don't think checking if your dice are weighted perfectly is something that's totally necessary. If you are going to be generating a seed with dice, then just make sure you're throwing at a different angle, and intensity every time.
legendary
Activity: 2212
Merit: 7064
I recently saw interesting discussion about casino dices that are being used for generating seed words for Bitcoin, and someone asked a question can you really trust dices.
Dices need to be properly balanced if we want to have real random number generation, and many cheap chinese dices are often not balanced at all.
Easy way to check if your dices are balanced is by using something called Dice Caliper, and you can easily find them in Vegas and other places where gambling is popular.
There is also a way to 3d print your dice caliper (like shown in image below) or use alternative way for testing if your dices are balanced is by using salt water.


https://orange.surf/dice-calipers/

If you have 3d printer available you can even go step further and print your own weighted balanced dices, and be 100% sure you are getting random results.
OrangeSurf made all .stl and .step files available for free on his github page, but you can always support his work with donations.
I personally prefer version 1 dices with sharp edges, like they are used in casinos, version V3 is chamfered and it works just fine, version 4 is containing m8 nut inside and printer needs to pause for this.


https://github.com/orangesurf/weighted-die

Now let's start 3d printing and generating some true randomness Wink

PS
If you find this information useful consider visiting OrangeSurf donation page.
Pages:
Jump to: