Pages:
Author

Topic: Dice64 - Off Blockchain. Provably fair. Instantly verifiable. 0.9% Edge - page 2. (Read 2898 times)

jr. member
Activity: 34
Merit: 1
There's only 65536 different nonces a user can apply. You give the users secrets which when all those different nonces are applied, has a higher average, or more losses depending on the game they're playing. This will inherently change the odds advertised.

The secret is given out before the player chooses a number to play on, so is your concern that we could only chose secrets which were more likely end up with a high number when being nonced with every number in the range 1-65536? This is certainly possible, but computationally impractical.

In our tests performing dsha256(secret + nonce), where nonce is in the range 1-65536 gave quite an evenly random distribution. If necessary we can increase the size of the nonce field, maybe 32-bits would provide a more even distribution.

Edit: Valid point. I'll increase the size of the nonce.
Edit again: Nonce fields are now 32 bits, this is working in the api, but the html and javascript are cached and will clear in the browser after an hour.
hero member
Activity: 504
Merit: 500
Hey, I've noticed you assign the server seed (Well, hash), and you only let the user choose a nonce.

The nonce can only be number 1 - 99999, what's stopping you assigning server seeds which when applied to a nonce, have a lot higher average roll. You can quickly test all 99,999 instantly, and then only assign ones which have an average roll of lets say 36? That's definitely possible.

To fix this, you should allow the user to choose whether they want to roll high or low.

Just my 2 cents

The output is calculated as follows, the nonce is a 16-bit integer 1-65536 and is generated in Javascript in the browser, the user can also set the nonce themselves, rolling high or low wouldn't make any difference to how fair it is. We can't assign secrets which have an average result, as any input is nonced by the user. The server seed can also be refreshed to a 256 bit number generated from random. Even if we did generate fixed secrets, the user would always nonce it in a way which completely changed the result through using dsha256(secret + nonce).

Here is a json list of the result frequency. bet_frequency_post_nonce is the actual results calculated with the nonce added. bet_frequency_pre_nonce is what the result would have been if the user was allowed to place a bet with a nonce of 0, this is the same as performing mod 64 on the secret_hash.

https://dice64.com/api/bets?pretty

Code:
secret = random integer 0 - 2256
secret_hash = dsha256(secret)

combined_number = secret + nonce
combined_hash = dsha256(combined_number)
result = combined_hash mod 64



There's only 65536 different nonces a user can apply. You give the users secrets which when all those different nonces are applied, has a higher average, or more losses depending on the game they're playing. This will inherently change the odds advertised.
jr. member
Activity: 34
Merit: 1
Hey, I've noticed you assign the server seed (Well, hash), and you only let the user choose a nonce.

The nonce can only be number 1 - 99999, what's stopping you assigning server seeds which when applied to a nonce, have a lot higher average roll. You can quickly test all 99,999 instantly, and then only assign ones which have an average roll of lets say 36? That's definitely possible.

To fix this, you should allow the user to choose whether they want to roll high or low.

Just my 2 cents

The output is calculated as follows, the nonce is a 16-bit integer 1-65536 and is generated in Javascript in the browser, the user can also set the nonce themselves, rolling high or low wouldn't make any difference to how fair it is. We can't assign secrets which have an average result, as any input is nonced by the user. The server seed can also be refreshed to a 256 bit number generated from random. Even if we did generate fixed secrets, the user would always nonce it in a way which completely changed the result through using dsha256(secret + nonce).

Here is a json list of the result frequency. bet_frequency_post_nonce is the actual results calculated with the nonce added. bet_frequency_pre_nonce is what the result would have been if the user was allowed to place a bet with a nonce of 0, this is the same as performing mod 64 on the secret_hash.

https://dice64.com/api/bets?pretty

Code:
secret = random integer 0 - 2256
secret_hash = dsha256(secret)

combined_number = secret + nonce
combined_hash = dsha256(combined_number)
result = combined_hash mod 64

full member
Activity: 196
Merit: 100
I think you forgot to mention that insanity dice is the only other provably fair option.  We use camtasia to record all bets to make sure none are rigged.

Wow, good thinking! I totally forgot that videos can't be edited. Will play at Insanity Dice Extreme soon.
sr. member
Activity: 744
Merit: 250
Vave.com - Crypto Casino
I think you forgot to mention that insanity dice is the only other provably fair option.  We use camtasia to record all bets to make sure none are rigged.
hero member
Activity: 504
Merit: 500
Hey, I've noticed you assign the server seed (Well, hash), and you only let the user choose a nonce.

The nonce can only be number 1 - 99999, what's stopping you assigning server seeds which when applied to a nonce, have a lot higher average roll. You can quickly test all 99,999 instantly, and then only assign ones which have an average roll of lets say 36? That's definitely possible.

To fix this, you should allow the user to choose whether they want to roll high or low.

Just my 2 cents
jr. member
Activity: 34
Merit: 1
The service does not publish your return or deposit addresses, to protect your identity.

what kind of identity are you trying to protect not publishing it?

Peoples unspent tx outputs, which may link to their real name and identity and the coins could certainly be traced further, showing many transactions they have made with other people.

jr. member
Activity: 34
Merit: 1
Assuming it uses PHP, there are only so many ways to write a site like this..

Regardless, the CSS is a part of any source...  So yes, they do have VERY similar source codes.

It's fine, I'm just wanting to see something unique.


I've used twitter bootstrap for my frontend, as do many bitcoin sites, due to its ease of use and quick development time. I hadn't actually seen coinroll.it untill one month ago, after I had been developing this for quite some time. The actual bootstrap template I was working with reference to was this http://getbootstrap.com/2.3.2/examples/marketing-narrow.html, so you can see how both coinroll.it and I use the same layout.

This however doesn't mean that our source codes are even remotely similar. Please read through the HTML and JavaScript, I'll be publishing it on GitHub soon, also our backend is written in Python, our uniqueness doesn't come from our frontend however. We have implemented Bitcoin message signing which makes our game both provably fair and off-blockchain, something no other service currently offers.



Site will be going down for maintenance, while I fix a couple of bugs which weren't present in staging.

member
Activity: 114
Merit: 10
So what if it looks like Coinroll.it , if the system is fair and managed well. Why does it matter?

They both look professional, so you can tell that they was not done half-assed. It is a good thing.
newbie
Activity: 31
Merit: 0

Before you go around throwing accusations everywhere, do some research. This is the same CSS used by thousands of other sites, Bootstrap.(http://getbootstrap.com)

EDIT: Such as:
Blockchain.info http://gyazo.com/a2fcc43eb3b97e7a0729f3cbaa7fccbb
Coinchat.org http://gyazo.com/4cf525ac9ad48aaa65cb7a2cfa5919f2

And a whole hell of a lot of others.

Didn't throw an accusation.

It's a fact.  They look similar, like a duplicate.  Because they use the same, generic, bootstrap CSS file(s)...

Coinbase also used 'em, as do many other sites.  I'm well-aware.

Many sites that look similar and have almost identical functionality would be saturating the market.

Calm down, big guy.

The same source and the same CSS are two different things.

Assuming it uses PHP, there are only so many ways to write a site like this..

Regardless, the CSS is a part of any source...  So yes, they do have VERY similar source codes.

It's fine, I'm just wanting to see something unique.
sr. member
Activity: 322
Merit: 250

Before you go around throwing accusations everywhere, do some research. This is the same CSS used by thousands of other sites, Bootstrap.(http://getbootstrap.com)

EDIT: Such as:
Blockchain.info http://gyazo.com/a2fcc43eb3b97e7a0729f3cbaa7fccbb
Coinchat.org http://gyazo.com/4cf525ac9ad48aaa65cb7a2cfa5919f2

And a whole hell of a lot of others.

Didn't throw an accusation.

It's a fact.  They look similar, like a duplicate.  Because they use the same, generic, bootstrap CSS file(s)...

Coinbase also used 'em, as do many other sites.  I'm well-aware.

Many sites that look similar and have almost identical functionality would be saturating the market.

Calm down, big guy.

The same source and the same CSS are two different things.
newbie
Activity: 31
Merit: 0

Before you go around throwing accusations everywhere, do some research. This is the same CSS used by thousands of other sites, Bootstrap.(http://getbootstrap.com)

EDIT: Such as:
Blockchain.info http://gyazo.com/a2fcc43eb3b97e7a0729f3cbaa7fccbb
Coinchat.org http://gyazo.com/4cf525ac9ad48aaa65cb7a2cfa5919f2

And a whole hell of a lot of others.

Didn't throw an accusation.

It's a fact.  They look similar, like a duplicate.  Because they use the same, generic, bootstrap CSS file(s)...

Coinbase also used 'em, as do many other sites.  I'm well-aware.

Many sites that look similar and have almost identical functionality would be saturating the market.

Calm down, big guy.
sr. member
Activity: 322
Merit: 250

Before you go around throwing accusations everywhere, do some research. This is the same CSS used by thousands of other sites, Bootstrap.(http://getbootstrap.com)

EDIT: Such as:
Blockchain.info http://gyazo.com/a2fcc43eb3b97e7a0729f3cbaa7fccbb
Coinchat.org http://gyazo.com/4cf525ac9ad48aaa65cb7a2cfa5919f2

And a whole hell of a lot of others.
hero member
Activity: 504
Merit: 500
Funny.  Duplicate source of http://coinroll.it

Trying to saturate the market are we? Wink

Very different as far as I can tell..

Good luck, I think you should avoid the choosing payout address. It's a silly method IMO. Should just use cookies like JD
sr. member
Activity: 293
Merit: 250
The service does not publish your return or deposit addresses, to protect your identity.

what kind of identity are you trying to protect not publishing it?
hero member
Activity: 672
Merit: 500
I love this layout! It's so easy to gamble. Deposit 0.01, used some of my magic fairy dust to sprinkle some luck, did 50%, went up to 30, down to 25, cashed out, all went well. Seems legit!
sr. member
Activity: 322
Merit: 250
Funny.  Duplicate source of http://coinroll.it

Trying to saturate the market are we? Wink

They don't have duplicate source....
full member
Activity: 224
Merit: 100
Good luck with the site, really like the layout. I'd strongly suggest increasing the max bet in the near future.
newbie
Activity: 31
Merit: 0
Funny.  Duplicate source of http://coinroll.it

Trying to saturate the market are we? Wink
Pages:
Jump to: