Author

Topic: Concept of Provably Fair and if It's Possible (Read 3494 times)

full member
Activity: 294
Merit: 101
Streamity Decentralized cryptocurrency exchange
February 11, 2018, 09:45:27 PM
#18
I see a lot of dice games like primedice,bistler and bustadice here in forum actually i experience all of this because i try them myself and base on my real experience about their site are the big btc you have the more chance to win but you need to take the risk like 50 bets and double always your bet but that's really need a big btc,you can see a lot of players there that bet like that i say 50 bets because i play in primedice when i deposit like 0.0008 btc and i won 0.005 btc.
full member
Activity: 149
Merit: 101
But if the seed is set. You can't change it. The roll has already been determined. The house knows it. It is a number which has already been determined. This does not fit the definition of random.

It seems the only "aspect" of the randomness is you can set your own seed. But they still know. And you're limited to changing it once every 10 minutes or so.

So the rolls are not random.

Correct. All provably fair schemes aren't random. Dilbert explains why:


So we use the next best thing, provably predetermined.  The house **does** know all bets in advance, however it's not a problem as the house can't do anything about it. It just has to honor your bets and keep increasing the nonce by 1. If it deviates from that, they've detectably cheated.

If the casino feigns down-time, you should be able to continue playing from where you left off etc.

So the house knowing the games in advance isn't actually a problem.

Surprised this was recently Merit'ed thank you.

I never followed up on this point you made. So I agree with your points. You have to rely that the house will honor the fact that they know you are going to win; even if the win will wipe them out.

Given you are playing a flat strategy; a double on win going for 15 Wins, etc; and that win would yield a payout of 20 BTC, = $200,000. They could see this coming from a mile away. Hours, days in advance, if they saw you were playing a strategy that was always the same on the same seed.

Now seeing this information, well in advance (literally they could have software that analyzes betting patterns and the seed + nonce and simply Alert the site if a large win lies ahead, EVEN if it is 4 days away)...

The site could:  And this HAS happened on a number of occasions while I have played on PD, put up an announcement they will undergo routine maintenance at X time.

When you log back in, and AGAIN this HAS happened, you are prompted to set a new seed.

They have thus completely mitigated the loss at the expense of your guaranteed win (if you kept playing), by simply seeing a huge payout well in advance and taking a measure to prevent that Win from happening.

So the provably fair concept like you said is provably determined, and the house is the only side that knows the "winning information" in terms of when it would happen.

Even Casinos in real life do not know this/have this information. This would be the same as a Casino knowing the outcome of the next roll at roullette, seeing a player place a large wager on that single number, and the Casino knowing it will lose, being able to say; hold on, we need to check the wheel.

The only provably fair way would be if somehow the server seed was a new seed for every roll, and there was somehow a way that the user sent an input, that changed every roll (perhaps based on mouse movement); that affected the hash of the next server seed.

Otherwise, we have to trust the dice sites to be fair and honest, even when they know well in advance if a win is going to hit.

And PD used to go down, and still does, quite often, and sometimes, you have to reset your seed on logging back in.

I only question why was a server seed reset required (obviously not for all users but they make all users do so to make it look transparent); but was the resetting of all players server seeds and forcing a seed reset on the player - an action taken to stop a payout which lay ahead?

Do we have that much trust in these sites? Which operate where? And are owned by whom?

Just my thoughts.
 
legendary
Activity: 1463
Merit: 1886
But if the seed is set. You can't change it. The roll has already been determined. The house knows it. It is a number which has already been determined. This does not fit the definition of random.

It seems the only "aspect" of the randomness is you can set your own seed. But they still know. And you're limited to changing it once every 10 minutes or so.

So the rolls are not random.

Correct. All provably fair schemes aren't random. Dilbert explains why:


So we use the next best thing, provably predetermined.  The house **does** know all bets in advance, however it's not a problem as the house can't do anything about it. It just has to honor your bets and keep increasing the nonce by 1. If it deviates from that, they've detectably cheated.

If the casino feigns down-time, you should be able to continue playing from where you left off etc.

So the house knowing the games in advance isn't actually a problem.
legendary
Activity: 1540
Merit: 1016
A basic future cashflow predection with expected outcomes style report could be generated and if a huge landslide win is in the cards for the player, (if the player doesnt re-seed) then they could stop it. Simply put, they could see:  Player X is going to win bet 40,401 at 9900x and will win a huge amount, reset server, down for maintenance, re-set new seed required on reboot.

Yes?

EDIT:  To add, I'm not making any accusations, theres been no wrong doing. Im just curious about it, and want to better understand "how" it is "provably fair".

I still dont understand where the random number "is" or "comes from". That hasnt been mentioned. The nonce is known, yes it changes, but it's known thus not random. They know the client and server, thus not random. Where, is the random?

You seem to have forgotten that the house could never change your client seed even if they want to cheat or else they will be found out, they could only change the server seed and you need to know that you are not the only player on the site. The moment they change the server seed to deny your big win, someone else could be winning because they change the server seed. Also that a site like PD for example has hundreds of people playing , therefore it will take alot of works for them to check on everyone to see whoever will hit a big win

Its not about the house changing the client seed.

My question is regarding "random" which no one seems to address.

We have a client seed. Set on the website, by the client. This remains static for at least 15 minutes because once it is set, you cant change it again. After 1 roll, the house will know the client seed because it had to use it to hash the roll.

The server seed. They know this as well.

The nonce is nothing but bet # while using current client seed, incrementally increasing by 1 each roll.

Therefore, after 1 roll, the house can essentially see every outcome of every roll immediatly if I understand this correctly. (I am not sure I do though).

They have all 3 parts of the equation. Client Seed / Server Seed / Nonce...

Its not about a lot of work, its automation and computation. A computer could analyze 100s of players, 1000s of rolls, in a second, and triggers could be set for certain negative to house outcomes. Its not manual labor. Its computational processing, fast servers crunching lots of numbers very quickly.

Again, where is random?

If you read my post thoroughly instead of reading the first few sentences then you will know what Im talking about, I have addressed your question really well although it may seems like it hasnt addressed your main question about where is the "random" thing is.

Regarding setting up the unchangeable client seed for 10 minutes, moneypot and some other sites allows you to change your client seed every time you wish to roll therefore it is indeed "random" but not for some sites perhaps
full member
Activity: 149
Merit: 101
If you could change client seed every single roll it would be OK, but since you can't, house actually knows what the income of the roll will be.
But if house would change any of the seeds/nonces, players would eventually found out.

Thats the conclusion I came to. Not just the roll, but every roll which you will roll in order from the time you roll your first roll with a client seed. The outcomes/roll #s could be output into a spreadsheet and they would know (or their system) every roll forward.

So I guess back to what I've asked a few times... but no one touches the subject. The sites all claim, including PrimeDice that they have a sophisticated "random number generator" to determine the roll outcome. But random means just that. A roll could be "anything".

A random roll means this next roll could come up as "any outcome" because it is random.

But if the seed is set. You can't change it. The roll has already been determined. The house knows it. It is a number which has already been determined. This does not fit the definition of random.

It seems the only "aspect" of the randomness is you can set your own seed. But they still know. And you're limited to changing it once every 10 minutes or so.

So the rolls are not random.

I agree the house could not change the nonces/seeds. But they have certainly have the ability to "pull the plug" and claim "server outage", technical failure, upgrade, internet out, etc, and stay down/offline for a while, hoping that the dark time will get the player who say had a "big" win coming up based on his betting increases/roll behavior (rolling all low, all high, swapping back and forth), to reset his bet to base or start with a different pattern of bets.
sr. member
Activity: 322
Merit: 250
If you could change client seed every single roll it would be OK, but since you can't, house actually knows what the income of the roll will be.
But if house would change any of the seeds/nonces, players would eventually found out.
full member
Activity: 149
Merit: 101
A basic future cashflow predection with expected outcomes style report could be generated and if a huge landslide win is in the cards for the player, (if the player doesnt re-seed) then they could stop it. Simply put, they could see:  Player X is going to win bet 40,401 at 9900x and will win a huge amount, reset server, down for maintenance, re-set new seed required on reboot.

Yes?

EDIT:  To add, I'm not making any accusations, theres been no wrong doing. Im just curious about it, and want to better understand "how" it is "provably fair".

I still dont understand where the random number "is" or "comes from". That hasnt been mentioned. The nonce is known, yes it changes, but it's known thus not random. They know the client and server, thus not random. Where, is the random?

You seem to have forgotten that the house could never change your client seed even if they want to cheat or else they will be found out, they could only change the server seed and you need to know that you are not the only player on the site. The moment they change the server seed to deny your big win, someone else could be winning because they change the server seed. Also that a site like PD for example has hundreds of people playing , therefore it will take alot of works for them to check on everyone to see whoever will hit a big win

Its not about the house changing the client seed.

My question is regarding "random" which no one seems to address.

We have a client seed. Set on the website, by the client. This remains static for at least 15 minutes because once it is set, you cant change it again. After 1 roll, the house will know the client seed because it had to use it to hash the roll.

The server seed. They know this as well.

The nonce is nothing but bet # while using current client seed, incrementally increasing by 1 each roll.

Therefore, after 1 roll, the house can essentially see every outcome of every roll immediatly if I understand this correctly. (I am not sure I do though).

They have all 3 parts of the equation. Client Seed / Server Seed / Nonce...

Its not about a lot of work, its automation and computation. A computer could analyze 100s of players, 1000s of rolls, in a second, and triggers could be set for certain negative to house outcomes. Its not manual labor. Its computational processing, fast servers crunching lots of numbers very quickly.

Again, where is random?
legendary
Activity: 1540
Merit: 1016
A basic future cashflow predection with expected outcomes style report could be generated and if a huge landslide win is in the cards for the player, (if the player doesnt re-seed) then they could stop it. Simply put, they could see:  Player X is going to win bet 40,401 at 9900x and will win a huge amount, reset server, down for maintenance, re-set new seed required on reboot.

Yes?

EDIT:  To add, I'm not making any accusations, theres been no wrong doing. Im just curious about it, and want to better understand "how" it is "provably fair".

I still dont understand where the random number "is" or "comes from". That hasnt been mentioned. The nonce is known, yes it changes, but it's known thus not random. They know the client and server, thus not random. Where, is the random?

You seem to have forgotten that the house could never change your client seed even if they want to cheat or else they will be found out, they could only change the server seed and you need to know that you are not the only player on the site. The moment they change the server seed to deny your big win, someone else could be winning because they change the server seed. Also that a site like PD for example has hundreds of people playing , therefore it will take alot of works for them to check on everyone to see whoever will hit a big win
full member
Activity: 149
Merit: 101
Knowing the 3 seeds in advance and analyzing the betting pattern of the player couldnt they easilly be able to tell the outcome of every roll forward? The only variable would be roll high or roll low, which the player could change.

If what I've said first makes sense, and second is correct, they could easilly see if a huge win is x bets down the line of betting (and where) and if they player has the bankroll/will have the bankroll to keep rolling to that nonce.

If they saw this (lets say a 9900x bet) and it was going to win 40,000 bets from now, and was within the limits of the bankroll of the player (and would result in a huge payout/win), they could easilly then throw a "reset/halt" into the session.

I've played before where it stops rolling and on refresh of the page, its down for a few seconds, then it makes you "with a pop up" set a new client seed" to bet again.

Possible?
The answer would be the one similar to what Lutpin said. The nonce increases by one every-time, and considering the user has the same option to change his client seed, it wouldn't make a difference.

As for a casino pre-determining a user's patterns and using it against them, two situations of it have emerged 999dice and the second one I can't remember, but it was something along the lines of what I said above.

Well the user (at least on PrimeDice) can only set the seed the every 10 or 15 minutes, there is a time limit, once you have changed it you have to wait. I read a post online (I think on reddit) and the primcedice management said basically (in regards to why they implemented the "you have to wait 15 minutes") is because there was a player or players that were re-seeding their client seed every bet and for some reason this was not good for prime dice. So once you set it, you have to use it for X time.

So then it would be true. If a player is betting for a 9900x low to win, and doing an incremental increase on bets (long format martingale), the house, knowing your seed, their seed, and the nonce (which they would know because its the bet number, or set for each bet, but regardless it's given to you by them so they would know well in advance...

A basic future cashflow predection with expected outcomes style report could be generated and if a huge landslide win is in the cards for the player, (if the player doesnt re-seed) then they could stop it. Simply put, they could see:  Player X is going to win bet 40,401 at 9900x and will win a huge amount, reset server, down for maintenance, re-set new seed required on reboot.

Yes?

EDIT:  To add, I'm not making any accusations, theres been no wrong doing. Im just curious about it, and want to better understand "how" it is "provably fair".

I still dont understand where the random number "is" or "comes from". That hasnt been mentioned. The nonce is known, yes it changes, but it's known thus not random. They know the client and server, thus not random. Where, is the random?
sr. member
Activity: 458
Merit: 250
From nothing to nothing
Knowing the 3 seeds in advance and analyzing the betting pattern of the player couldnt they easilly be able to tell the outcome of every roll forward? The only variable would be roll high or roll low, which the player could change.

If what I've said first makes sense, and second is correct, they could easilly see if a huge win is x bets down the line of betting (and where) and if they player has the bankroll/will have the bankroll to keep rolling to that nonce.

If they saw this (lets say a 9900x bet) and it was going to win 40,000 bets from now, and was within the limits of the bankroll of the player (and would result in a huge payout/win), they could easilly then throw a "reset/halt" into the session.

I've played before where it stops rolling and on refresh of the page, its down for a few seconds, then it makes you "with a pop up" set a new client seed" to bet again.

Possible?
The answer would be the one similar to what Lutpin said. The nonce increases by one every-time, and considering the user has the same option to change his client seed, it wouldn't make a difference.

As for a casino pre-determining a user's patterns and using it against them, two situations of it have emerged 999dice and the second one I can't remember, but it was something along the lines of what I said above.
full member
Activity: 149
Merit: 101
So if its not economically feasible to crack the hashes for a dice site, what about this scenario:

Assuming the following to be true:

Being the server seed is known. The client seed is known, or would be known after the first roll. And the nonces would or certainly could be known (because they are generated by the site for each roll):

And the nonce is based on the roll number using the current "client seed":

A site could very well do the following:

Being they know the above:   They could analyze a players behavior of betting patterns. If they are martingale betting, or doubling every 3rd bet. Or even a long run martingale (not on 2x, but lets a 9900x with a 0.00125 increase per roll (using a bot).

Knowing the 3 seeds in advance and analyzing the betting pattern of the player couldnt they easilly be able to tell the outcome of every roll forward? The only variable would be roll high or roll low, which the player could change.

If what I've said first makes sense, and second is correct, they could easilly see if a huge win is x bets down the line of betting (and where) and if they player has the bankroll/will have the bankroll to keep rolling to that nonce.

If they saw this (lets say a 9900x bet) and it was going to win 40,000 bets from now, and was within the limits of the bankroll of the player (and would result in a huge payout/win), they could easilly then throw a "reset/halt" into the session.

I've played before where it stops rolling and on refresh of the page, its down for a few seconds, then it makes you "with a pop up" set a new client seed" to bet again.

Possible?
full member
Activity: 149
Merit: 101
Is it possible to crack the hash site side/server side, perhaps not immediately but within time being they know all three parts up front? SHA512 is possible to brute force/crack, even long random passwords can be cracked rather quickly if you have a huge gpu setup to do it. Its been done. (Theres articles about the time it takes to bruteforce sha512 all over the net, and with a huge gpu farm, its possible to crack 1000s of passwords/outcomes in minutes).

Brute forcing a password doesn't exploit a weakness in sha256, it exploits a weakness in the password (simply there's not much entropy in the typical password, so you can try them all).

For a casino to (undetecably) cheat on the other hand, they would need to find two (valid) inputs that hash to the same thing. This is known as a collision attack, something that sha256 is believed to be secure at. If you for instance believe that PrimeDice might have cutting edge theoretical crypto to do this, you could protect yourself by "pre-rolling". A collision attack would be completely thwarted by making a couple of bets, to force them to use one of their two preimages.

Now for the casino to cheat, it's going to need to be able to pull off arbitrary preimage attacks, but at that point bitcoin is going to be broken anyway. And even so, you could still defeat it by prerolling a couple dozen or so rolls.


tldr; It would require breaking crypto believed by everyone to be secure for a casino to cheat. As a casino owner, I doubt it even makes financial sense to cheat even if you can  (after all, a casino is in the business of giving you variance for EV).

Thanks for the detailed reply.  They dont use sha256 however, they use sha512, not sure if that matters. I had read that 512 was less secure.
legendary
Activity: 1463
Merit: 1886
Is it possible to crack the hash site side/server side, perhaps not immediately but within time being they know all three parts up front? SHA512 is possible to brute force/crack, even long random passwords can be cracked rather quickly if you have a huge gpu setup to do it. Its been done. (Theres articles about the time it takes to bruteforce sha512 all over the net, and with a huge gpu farm, its possible to crack 1000s of passwords/outcomes in minutes).

Brute forcing a password doesn't exploit a weakness in sha256, it exploits a weakness in the password (simply there's not much entropy in the typical password, so you can try them all).

For a casino to (undetecably) cheat on the other hand, they would need to find two (valid) inputs that hash to the same thing. This is known as a collision attack, something that sha256 is believed to be secure at. If you for instance believe that PrimeDice might have cutting edge theoretical crypto to do this, you could protect yourself by "pre-rolling". A collision attack would be completely thwarted by making a couple of bets, to force them to use one of their two preimages.

Now for the casino to cheat, it's going to need to be able to pull off arbitrary preimage attacks, but at that point bitcoin is going to be broken anyway. And even so, you could still defeat it by prerolling a couple dozen or so rolls.


tldr; It would require breaking crypto believed by everyone to be secure for a casino to cheat. As a casino owner, I doubt it even makes financial sense to cheat even if you can  (after all, a casino is in the business of giving you variance for EV).
hero member
Activity: 1134
Merit: 502
Is it possible to crack the hash site side/server side, perhaps not immediately but within time being they know all three parts up front? SHA512 is possible to brute force/crack, even long random passwords can be cracked rather quickly if you have a huge gpu setup to do it. Its been done. (Theres articles about the time it takes to bruteforce sha512 all over the net, and with a huge gpu farm, its possible to crack 1000s of passwords/outcomes in minutes).
No, it is not possible. If you have the power to crack it, there are more profitable things than gambling sites.
copper member
Activity: 1904
Merit: 1874
Goodbye, Z.
User doesn't know server seed in advance. User only knows encrypted server seed - for future check if roll was fair. Website doesnt know client seed in advance.
So theres no way the website, server, who you enter that information into and click submit, could possibly get that seed?
Its a webform. You're submitting a variable and clicking send.
Are we just taking their word for it that they would never "peek" at our cards?
The server gives you the hash of the server seed. At that point, the server seed is fixed and they can't know what you will enter as client seed.
Now (after that) you enter your client seed, which can be anything you want, submit it and if the server seed (hash) doesn't change,
there's no way the server could make any adjustments based on your client seed.
full member
Activity: 149
Merit: 101
User doesn't know server seed in advance. User only knows encrypted server seed - for future check if roll was fair. Website doesnt know client seed in advance.

The server/site doesnt know the client seed in advance?

You make set your own seed/make it what you want it to be, and click submit.

So theres no way the website, server, who you enter that information into and click submit, could possibly get that seed?

Its a webform. You're submitting a variable and clicking send.

Are we just taking their word for it that they would never "peek" at our cards?

Also, wouldnt they in addition regardless if the above is correct, that they would have no way to see what we click to send to them, wouldnt they know our seed after one roll? They would have to hash roll 1 in order to get the outcome.
sr. member
Activity: 258
Merit: 250
User doesn't know server seed in advance. User only knows encrypted server seed - for future check if roll was fair. Website doesnt know client seed in advance.
full member
Activity: 149
Merit: 101
So I've been giving thought to the concept of provably fair, and having read up on it, I still question if it's possible to prove that the rolls on dice sites are in fact fair by absolute proof.

I'll use PrimeDice as the example, just because that's where I've been playing.

PrimeDice States:

Primedice offers state of the art verification which allows our users to check the integrity of every roll and confirm they are not manipulated. Our random numbers are generated through the use of two seeds, a server seed, and your client seed. The server seed is created before you specify your client seed, ensuring that a server seed purposely in our favor cannot be generated. Together, along with the nonce (# of bets made with seed pair), the seeds are used to create a provably fair roll number within the 0-99.99 range.

Now that said.

So a server seed is set first. PrimeDice knows this seed as does the user. Now the user can set a client seed. PrimeDice also knows this seed the moment it is set. Lastly, a nonce is created with each passing roll. Which PD would know as they generate it at the time of the roll.

So with the site, having all three seeds, the server seed, the client seed, and the nonce hash pattern that's generated based off roll number (the last of which the user does not know until after the roll but the site knows before the roll); the site would seem to have the advantage to controll the outcomes of rolls (whether altogether or to a certain degree).

The hash algorithm is posted on the site as well. Now is the nonce simply the roll number, or a more complex number generated off the roll number as an integer?

Because if the player knew the server seed hash, client seed hash and nonce, couldnt the rolls be pre-determined? 

Their FAQ says that after the player sets a "new seed", they are then revealed the hash of the last server seed so they can verify bets. The site would know this hash before the roll correct? It's given to the player only afterwards. The site would know their hash after the first wager is made correct? Because once the roll is committed and played, the hash has to exist and the server seed does not change every bet. It is constant. The constant server seed seems to be the biggest mystery of all. Shouldnt a new seed be set each time? Again, I just dont understand where the random comes in. And in theory randomness is questionable in and of itself.  How is this random number generated, where does it come from, using what process?

Sorry I'm not accusing I hope I don't sound that way, I'm just asking. Does the player have the same information as the site at the time the roll is made? 

Lastly, where does the random number come into play for each roll?  If the client seed, and server seed is pre-determined prior to the roll. And the nonce is known as well, what point would a random number do as there is no way to know if the number being issued as "random" is in fact random at all. 

They state regard "the roll"

To create a roll number, Primedice uses a multi-step process to create a roll number 0-99.99. Both client and server seeds and a nonce are combined with hmac-sha512(server_seed, client_seed-nonce) which will generate a hex string. The nonce is the # of bets you made with the current seed pair. First five characters are taken from the hex string to create a roll number that is 0-1,048,575. If the roll number is over 999,999, the proccess is repeated with the next five characters skipping the previous set. This is done until a number less than 1,000,000 is achieved. In the astronomically unlikely event that all possible 5 character combinations are greater, 99.99 is used as the roll number. The resulting number 0-999,999 is applied a modulus of 10^4, to obtain a roll number 0-9999, and divided by 10^2 to result a 0-99.99 number.

So if they the site know the server seed, the client seed, and the nonce well ahead of of the roll in computer time (ms), and a hex string is generated, and the client is not allowed to change the client seed (player) because they only allow it (not sure the interval but I've tried changing it and it says sorry wait):

Is it possible to crack the hash site side/server side, perhaps not immediately but within time being they know all three parts up front? SHA512 is possible to brute force/crack, even long random passwords can be cracked rather quickly if you have a huge gpu setup to do it. Its been done. (Theres articles about the time it takes to bruteforce sha512 all over the net, and with a huge gpu farm, its possible to crack 1000s of passwords/outcomes in minutes).

Just asking questions, trying to understand better. Thoughts, input, are welcome.
Jump to: