Topic: CryptoBetfair.com | 100% Provably Fair | More than a casino, a community. - page 6. (Read 35188 times)

I think it's supported in all current browsers, except Opera Mini. If it's not available, you can fallback to Math.random or even random.org or something.

Here's what DustDice.com does:

https://github.com/moneypot/dustdice/blob/master/public/scripts/game-logic/clib.js#L85-L94

and supports all browsers, and uses window.crypto in 99% of them. And furthermore, that's just the default seed, people are welcome to change it if they care.


Also picking a bad client seed would be really stupid and risky anyway, if people ever find out they do that, they could trick you and clean the house.

One of the reasons we did not use  window.crypto is that it is not compatible with all browsers. We went through a lot of pains (and still are) to make sure that our site is fully responsive and usable for as many people as possible.

Again the "complexity" or our system is currently being addressed, and we will have several solutions available very soon.

We still believe that using all zeros to start with the client seed, is more direct and obvious proof that we would not use a bad seed.
Do you require users to set their own client seed before placing a bet?

As I understand it, the post is describing the case when a user set's the client seed to "lucky" and then places a bet. If the server sees the client seed was indeed lucky, it might change it to "1ucky". If they use a font that makes no visual difference between "1ucky" and "lucky" the person won't notice, and if they use the permuted client seed for verification, the game will appear provably fair.

It's a cute thought experiment, but it would be one of the stupidest ways imaginable for a casino to cheat. If anyone noticed (and they almost certainly would if they verified any bets), it would prove malicious intent. If a casino was going to cheat, it'd be better off doing it in a way that has plausible deniability ("Whoops, the change to your client seed didn't update in the db! Maybe you didn't submit it?")

We are working on a combination of solutions, all bets will be verified instantly and every bet made will be verifiable in bulk after one hour. 
I think we have come up with a clever solution, that will be very easy for everyone.

I am also very excited about the positive conversation regarding provably fair and advancements happening here.  I will update you asap.

No problem.


Will the user still need to wait up to 24 hours before being able to "batch verify" their rolls? Or are you planning to have the verifier log the server seed hashes as the player plays, effectively doing the work for the player? Neither solution seems as neat as Just-Dice's system, where so long the player (1) makes a note of their server seed hash before playing and then (2) sets their client seed before playing, he can, at any later point verify all the rolls he makes after that, at any time he likes, without having to make a note of any additional information (other than the actual numbers he rolled, of course - or what is there to verify).


Then force them to set a client seed before play, as Ryan suggests. Job done. Then there's no need for daily secrets, no need for constantly changing server seeds, players can easily and immediately verify all their rolls.

Well done addressing the other points I raised.

I don't understand your question. Which two seeds are you talking about (client seed or server seed)? And who are the two "you"s in your question?

I'll try to rewrite your question unambiguously and then answer it:

"how does player the verify that the server seed that the site sends them when they ask to reveal their server seed after play is the same as the seed that was hashed before they started play and not a different seed with the same sha256 hash and which generated all the same rolls when combined with the client seed?"

Is that what you're asking?

If so, that's the same as asking "how can we be sure you're not cheating by finding not only an sha256 collision (which has never been done by anyone before) but all N different partial hmac_sha512 collisions, where N is the number of rolls that were made". And I guess the answer is "you can't - either the game is fair, or we are using a weakness in sha256 and sha512 which nobody else even knows exists". If you don't trust the strength of sha256 then all bets are off (as it were).

But maybe I've misunderstood your question; please let me know what you're really asking.

We don't have a faucet, but if you or anyone else wants to test out the games, stop by the chat.

We would be happy to make you a voucher.

Hey, I would like to test your site,do you have any faucet in it or is it planned to include it?

Well, there has been an excellent post on reddit:
http://www.reddit.com/r/Bitcoin/comments/1frm4x/provably_fair_by_bitzino_not_provable_with/

With the Just-Dice script, how do you verify that the seed you send, is the same seed and not a ambiguous variation? Cryptobetfair deals with most provablyfair issues. (frontrunning, seedmanipulation on the client,serverseeds are chained excluding serverseed manipulation.)

I had a look over the scheme too, and if my understanding is correct the primary advantage is that it's provably fair even if the person doesn't set their own client seed. The real problem is that complexity is the enemy, and for someone to independently verify your games is a lot of work, something that I'd be surprised to see anyone do for a while =)

If you really care about that particular use case, why don't you use the Just-Dice scheme and *require* people to set their own client seed before placing any bets? Now you have an industry standard scheme, that well understood, tested and has lots of independent implementations while trying to protect people who don't set the client seed.

(Or what I'd do, is set the default client-seed client-side using window.crypto, and promising that I will always do that, so if there ever is an instance of me setting it server-side that can be used as proof of cheating)

go and ask for some Bumba

Why not test with your own satoshis?

Design is not the best ever,but it is good,don't you have a faucet in your site?

I would like to test it

This sounds awesome, it really looks like a bit more than a casino. I'm going to have to check this out some time.

I saw your post asking for me to look at your provably fair system, so I did.

I'm not sure how exactly you think it is better than Just-Dice's provably fair system, which is pretty much the standard for dice site provable fairness, and so it's hard to dispute your claim.


I think that was his point. You need to click every individual bet. That's inconvenient. You also need to make a note of the server seed hash before each roll so you can check afterwards that it didn't change. It's too much overhead.

The added complexity of having a daily seed makes matters worse. If I make 100 bets I have to choose between two inconvenient methods of verifying them:

1) wait until the next day, get the dseed for the day I made the bets on, and generate the 100 rolls

2) note the server seed hash before each roll, and click each betid to verify that the roll was fair

So either 1) wait 24 hours or 2) click 100 times. Neither is very satisfactory, especially when most sites have already solved the problem. Just use a server seed, a client seed, and a nonce. Let the player reveal the server seed whenever they like and otherwise don't change it; rely on the changing nonce (bet_ctr) to change the rolls.

That's the system pioneered by Just-Dice and nowadays used by pretty much every reputable dice site.

I don't think all the extra complexity you have added is worth the relatively minor gains, especially given the extra inconvenience that goes along with it. The only tangible advantage I can see is that you can prove that you're not cheating even to people who don't care whether you're cheating enough to set their own client seed. But by definition, those people don't care.


What's this title meant to mean?


Is that placeholder text that you forgot to fill in?

I'm not sure you'll have a lot of success offering a dice game with less features, higher house edge, and lower max bets than almost all the competition, and you have no investment feature either. Those seem to be strange decisions you've made, and I guess you have your reasons for them.

Good luck with it.

I vote optional.

I just want to be clear, that is NOT our UI

But.... But...When can we haz:




-edit- Maxalt now you did it. I need to buy a hololens...
https://www.youtube.com/watch?v=cBJePrpXzvU

@serversides. This is so sweet . What an interface.