Breaking: Shuffle-based Provably Fair Implementations Can Cheat Players (proof) - page 3.

bad_ip

newbie

Activity: 15

Merit: 0

Quote from: JackpotRacer on June 02, 2016, 02:30:50 AM

Quote from: bad_ip on June 02, 2016, 02:23:30 AM

Quote from: JackpotRacer on June 02, 2016, 02:18:04 AM

Quote from: bad_ip on June 02, 2016, 02:16:17 AM

Potential solution is to let the user "cut" the randomized set to determine the starting place.

Might be a bit of a UI nightmare, but fair none the less.

don't think a cut will help but a reshuffle could help as in real life

I think either works tbh.

the cut is never enough believe me

and even with a reshuffle the player needs to be sure that the decks are exactly as they should be and no cards taken out or added

For multi-draw results I see your point.

JackpotRacer

legendary

Activity: 1974

Merit: 1014

All Games incl Racer and Lottery game are Closed

Quote from: bad_ip on June 02, 2016, 02:23:30 AM

Quote from: JackpotRacer on June 02, 2016, 02:18:04 AM

Quote from: bad_ip on June 02, 2016, 02:16:17 AM

Potential solution is to let the user "cut" the randomized set to determine the starting place.

Might be a bit of a UI nightmare, but fair none the less.

don't think a cut will help but a reshuffle could help as in real life

I think either works tbh.

the cut is never enough believe me

and even with a reshuffle the player needs to be sure that the decks are exactly as they should be and no cards taken out or added

bad_ip

newbie

Activity: 15

Merit: 0

Quote from: JackpotRacer on June 02, 2016, 02:18:04 AM

Quote from: bad_ip on June 02, 2016, 02:16:17 AM

Potential solution is to let the user "cut" the randomized set to determine the starting place.

Might be a bit of a UI nightmare, but fair none the less.

don't think a cut will help but a reshuffle could help as in real life

I think either works tbh.

JackpotRacer

legendary

Activity: 1974

Merit: 1014

All Games incl Racer and Lottery game are Closed

Quote from: bad_ip on June 02, 2016, 02:16:17 AM

Potential solution is to let the user "cut" the randomized set to determine the starting place.

Might be a bit of a UI nightmare, but fair none the less.

don't think a cut will help but a reshuffle could help as in real life

bad_ip

newbie

Activity: 15

Merit: 0

Potential solution is to let the user "cut" the randomized set to determine the starting place.

Might be a bit of a UI nightmare though.

NLNico

legendary

Activity: 1876

Merit: 1295

DiceSites.com owner

Quote from: RGR991 on June 01, 2016, 07:13:28 PM

Another thing that I have always been curious about is how can you tell for sure that the "randomly generated" client seed is really randomly generated..is there any way to really tell..such a pain to change it manually every time

You will have to be a programmer to be able to see if the clientseed was really generated in a cryptographically secure way in your browser (after getting the serverseed hash already.)

That's why changing clientseed manually is still better.

That's also why the "nonce implementation" is preferred since you only need to change it once and u can make as many bets as you like. Not like the "per roll implementation" where you indeed have to change the clientseed every bet.

There is some more specific advantages/disadvantages to that, for example a script/bot should be able to work more easily with the "per roll implementation". Also in reality with the "nonce method" you make like 1000 bets but only verify that last 10 losing streak.. so still not perfect. But I really believe on average "nonce method" is better.

NLNico

legendary

Activity: 1876

Merit: 1295

DiceSites.com owner

I guess the fix seems easy.

Now they use Fisher–Yates shuffle with Mersenne Twister RNG.

They should use Fisher–Yates shuffle with "modulo of sha256 RNG".

But TrevorXavier said he will still give his implementation, so we can wait for that too Tongue

JackpotRacer

legendary

Activity: 1974

Merit: 1014

All Games incl Racer and Lottery game are Closed

Quote from: RGR991 on June 01, 2016, 07:13:28 PM

No doubt that some(not all) of these "provably fair" casinos have utilized a technique like this to "increase" the house edge....

Its funny to me since most bitcoin casinos offering BJ offer terrible rules anyway + human error, is that not enough for some of them...

There needs to be a fix to eliminate this "deck stacking" and users need to avoid any casino that does not utilize the fix.

Otherwise provably fair is just a fancy word while the casino robs you blind. Roll Eyes

Another thing that I have always been curious about is how can you tell for sure that the "randomly generated" client seed is really randomly generated..is there any way to really tell..such a pain to change it manually every time and if this post from the OP is all true it makes no difference.

yes this what we would like to see!

There needs to be a fix to eliminate this "deck stacking" and users need to avoid any casino that does not utilize the fix.

RGR991

member

Activity: 99

Merit: 10

No doubt that some(not all) of these "provably fair" casinos have utilized a technique like this to "increase" the house edge....

Its funny to me since most bitcoin casinos offering BJ offer terrible rules anyway + human error, is that not enough for some of them...

There needs to be a fix to eliminate this "deck stacking" and users need to avoid any casino that does not utilize the fix.

Otherwise provably fair is just a fancy word while the casino robs you blind. Roll Eyes

Another thing that I have always been curious about is how can you tell for sure that the "randomly generated" client seed is really randomly generated..is there any way to really tell..such a pain to change it manually every time and if this post from the OP is all true it makes no difference.

RHavar

legendary

Activity: 1463

Merit: 1886

Quote from: dothebeats on June 01, 2016, 03:07:47 PM

I'm still a bit confused on how would that work exactly, given that I don't have a deep knowledge on how does shuffle-based games work technically.

It's really just a problem with *bad* shuffles. After you shuffle an "initial deck" of cards, a good shuffle will give you a possible 52! arrangements (or as close to it as possible). 52! is a mind boggling big number ( 80658175170943878571660636856403766975289505440883277824000000000000 ) but if you're using a shitty shuffle, there will only be 4294967296 possible results, which small enough you can feasibly try them all and see if the initial shuffle is good, bad, great or terrible.

RHavar

legendary

Activity: 1463

Merit: 1886

Quote from: casinobitco on June 01, 2016, 03:03:12 PM

OK, I follow that. Let's talk practical --- are there really 2^31 outcomes that are good for the house (only) in Blackjack, Roulette, Video Poker?

Yes. For every initial shuffle you try, there will be a ~50% chance, that it is more biased to the house than expected. So it's an extremely practical attack, in that sense. And you could also precompute a bunch of "bad shuffles" which you potentially serve to high-rollers. It's 100% transparent, so that's what makes it insidious. The thing is that it's a weakness of provably fair systems that use this method, so they should simply be fixed.

But the impact however, is pretty minor I suspect. I'm guessing that BJ is going to be the most vulnerable game (because it draws so few cards), and I'd honestly be shocked if you can find an initial shuffle that gives the house more than an extra ~0.1% edge. (Although I might be wrong, I'm just pulling a number from my ass)

dothebeats

legendary

Activity: 3542

Merit: 1352

Cashback 15%

Quote from: TrevorXavier on June 01, 2016, 01:07:27 PM

Quote from: dothebeats on June 01, 2016, 12:52:44 PM

The last line of your (trevor) post hit me big. From the start, I don't really like playing shuffle-based games (like baccarat, card games or the likes), as I thought that they can be somewhat rigged. Well, turns out that I'm right on my thoughts after all, but with that I'd like to see a video demo of the exploit as "provably fair" casinos seemed to not be fair at all.

Thanks for the feedback!

I thought about doing a video, but didn't really know if it would cultivate interest. I'll rethink the idea. Might be nice seeing the exploit visually.

It would probably gain interest from the peers and casino owners, seeing that there is a possibility that shuffle-based games could be exploited after all. I'm still a bit confused on how would that work exactly, given that I don't have a deep knowledge on how does shuffle-based games work technically.

casinobitco

legendary

Activity: 1833

Merit: 1030

Quote from: RHavar on June 01, 2016, 02:57:10 PM

Quote from: casinobitco on June 01, 2016, 02:45:59 PM

I'm still not following: With the user providing a random client seed (which is used for the final shuffle); how can your shufflepuff algorithm predict with precision that it will serve up the rigged deck?

I'm not discounting a site like Bitzino (or even ours) couldn't rig shuffles, as both sites produce the first shuffle and client seed - but if the user changes the client seed (which they are absolutely always encouraged to do, otherwise what's the point of even playing a provably fair game?), how can you predict the final shuffle (with the new, random, client seed) would in fact still be 'rigged'?

I think the original post is very well articulated, far better than I could, so I feel a bit bad trying to repeat it. But the point that some provably fair systems are kind of stupid and only allow 2^32 combinations -- which is small enough you can literally just try them all. If > 2^31 of the final outcomes are good for the house, then the house knows that it'll have an increased house edge by using that initial shuffle.

So really it's not a problem with provably fair, just bad ones. Provably fair systems like bustabit already prevent against precomputing a favorable initial seed. For a shuffling one, you just need to use logic that gives a shit load more possible final shuffles. (I recommend the pseudo code in my previous post, which shouldn't reduce the space at all)

OK, I follow that. Let's talk practical --- are there really 2^31 outcomes that are good for the house (only) in Blackjack, Roulette, Video Poker?

Still would love seeing some real proof where I can change the client seed to anything I want, and still get one of those 'rigged' shuffles; otherwise this is just a thread with a ton of people (not you, or the OP) chiming in who have no understanding of how math or provably fair works.

RHavar

legendary

Activity: 1463

Merit: 1886

Quote from: casinobitco on June 01, 2016, 02:45:59 PM

I'm still not following: With the user providing a random client seed (which is used for the final shuffle); how can your shufflepuff algorithm predict with precision that it will serve up the rigged deck?

I'm not discounting a site like Bitzino (or even ours) couldn't rig shuffles, as both sites produce the first shuffle and client seed - but if the user changes the client seed (which they are absolutely always encouraged to do, otherwise what's the point of even playing a provably fair game?), how can you predict the final shuffle (with the new, random, client seed) would in fact still be 'rigged'?

I think the original post is very well articulated, far better than I could, so I feel a bit bad trying to repeat it. But the point that some provably fair systems are kind of stupid and only allow 2^32 combinations -- which is small enough you can literally just try them all. If > 2^31 of the final outcomes are good for the house, then the house knows that it'll have an increased house edge by using that initial shuffle.

So really it's not a problem with provably fair, just bad ones. Provably fair systems like bustabit already prevent against precomputing a favorable initial seed. For a shuffling one, you just need to use logic that gives a shit load more possible final shuffles. (I recommend the pseudo code in my previous post, which shouldn't reduce the space at all)

JasonXG

hero member

Activity: 770

Merit: 500

I agree with you, because who sets the order and picks which "provably fair" roll goes in which order. We don't know when they are generated or even how. I mean sure they random but they can tip towards choosing a certain hash.

RHavar

legendary

Activity: 1463

Merit: 1886

Quote from: TrevorXavier on June 01, 2016, 10:45:39 AM

I actually did hit the modulo bias quite often, since I'm searching the entire space. I think it's silly that bitZino even had a modulo bias. It's a casino.

Quick and easy fix:

I was just referring to my version, moduloing a random 2^256 number by is going to be for all intents and purposes perfectly distributed.

Also, I think you're grossly overestimate the risk in releasing your code -- it's not a huge task to write, and I really doubt it's worth the effort to even implement (assuming you were a psychotic casino owner), unless you were running a 0 edge game. (If you assume that user play is loss-constrained, it's **better** for a casino to have a lower edge). That's not an excuse, and casinos should definitely fix it. But it's not like casinos are going to be scrambling to rip off players

casinobitco

legendary

Activity: 1833

Merit: 1030

I'm still not following: With the user providing a random client seed (which is used for the final shuffle); how can your shufflepuff algorithm predict with precision that it will serve up the rigged deck?

I'm not discounting a site like Bitzino (or even ours) couldn't rig shuffles, as both sites produce the first shuffle and client seed - but if the user changes the client seed (which they are absolutely always encouraged to do, otherwise what's the point of even playing a provably fair game?), how can you predict the final shuffle (with the new, random, client seed) would in fact still be 'rigged'?

Quote from: TrevorXavier on June 01, 2016, 02:15:11 PM

Quote from: casinobitco on June 01, 2016, 02:00:45 PM

Yea, makes total sense...

And sorry I'm skeptical, I guess I'm just being dense here, but would love to see a video show that you can produce such kind of rigged decks with a truly random client seed with 100% success.

Example - Blackjack
You want to show the dealer always gets a "20" with first 2 cards. Using provably fair shuffle, and ANY client seed you can achieve that repeatedly?

So, maybe I'm not reading it correctly, but the idea is not to produce a deck that wins every single time, if that's what you meant by "100% success." Rather, to produce a deck that causes the player to lose more than the expected average. In other words, you're not looking to have a dealer 20 every time, just perhaps more often.

Imagine we're playing 6-deck blackjack described at the Wizard of Odds. For each hand, the net summarized win is as follows: player wins 42.42% of the time, pushes 8.48% of the time, and loses 49.09% of the time. What shufflepuff can do is create decks that incrementally perform like this:

Average: win 42.42%; push 8.48%; loss 49.09%
Iteration n: win 41.20%; push 8.50%; loss 50.3%
Iteration n + p: win 40.85%; push 8.62%; loss 50.53%
Iteration n + p + q: win 39.10%; push 8.75%; loss 52.15%

When you use iteration n + p + q, there will be seeds where the dealer loses (player wins), but the player will lose more often than before (on average). So, using this arrangement, the casino can permanently alter the house edge.

JackpotRacer

legendary

Activity: 1974

Merit: 1014

All Games incl Racer and Lottery game are Closed

TrevorXavier

newbie

Activity: 27

Merit: 10

Quote from: casinobitco on June 01, 2016, 02:00:45 PM

Yea, makes total sense...

And sorry I'm skeptical, I guess I'm just being dense here, but would love to see a video show that you can produce such kind of rigged decks with a truly random client seed with 100% success.

Example - Blackjack
You want to show the dealer always gets a "20" with first 2 cards. Using provably fair shuffle, and ANY client seed you can achieve that repeatedly?

So, maybe I'm not reading it correctly, but the idea is not to produce a deck that wins every single time, if that's what you meant by "100% success." Rather, to produce a deck that causes the player to lose more than the expected average. In other words, you're not looking to have a dealer 20 every time, just perhaps more often.

Imagine we're playing 6-deck blackjack described at the Wizard of Odds. For each hand, the net summarized win is as follows: player wins 42.42% of the time, pushes 8.48% of the time, and loses 49.09% of the time. What shufflepuff can do is create decks that incrementally perform like this:

Average: win 42.42%; push 8.48%; loss 49.09%
Iteration n: win 41.20%; push 8.50%; loss 50.3%
Iteration n + p: win 40.85%; push 8.62%; loss 50.53%
Iteration n + p + q: win 39.10%; push 8.75%; loss 52.15%

When you use iteration n + p + q, there will be seeds where the dealer loses (player wins), but the player will lose more often than before (on average). So, using this arrangement, the casino can permanently alter the house edge.

casinobitco

legendary

Activity: 1833

Merit: 1030

Topic: Breaking: Shuffle-based Provably Fair Implementations Can Cheat Players (proof) - page 3. (Read 4720 times)