Pages:
Author

Topic: How random the last digit of a block hash really is? - page 2. (Read 23686 times)

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Hashes are uniformly distributed over the entire number space, so to answer you question, they are as random as they get. Furthermore, such hashes are routinely used in provably fair algorithms in other sites, sort of like an industry best practice.
Is there any mathematical proof of that or it is just an assumption based on previous data?

As far as I am aware, there is no "proof", not in the mathematical sense. Try this, make a list of numbers from 1 to 1 billion. Get the SHA256 (or any other) hash of these numbers. You'll see, the hashes are uniformly or evenly distributed. It's not perfect.

You can check the last digit and see if you get close to the expected results.
member
Activity: 119
Merit: 100
As I understand randomness... it is not that anything in the computer world is really random. It is just too complicated to calculate and predict.
newbie
Activity: 44
Merit: 0
Hashes are uniformly distributed over the entire number space, so to answer you question, they are as random as they get. Furthermore, such hashes are routinely used in provably fair algorithms in other sites, sort of like an industry best practice.
Is there any mathematical proof of that or it is just an assumption based on previous data?
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
I think the "threshold" for risking losing 99.99% of earning 12.5 BTC is a gamble of how many percent of their hashpower is to the total network of about double or triple. Or 25 BTC. Or more.

No miner in his right mind will give up the current block reward for anything less than double or triple that. I think no miner would give up 12.5 BTC unless the gamble has a higher than 50% chance of earning 25 BTC, or a higher than 75% of earning 50 BTC (if the bet or prize gets that big).

Now if the last digit of a block hash is used in conjunction with a secret, then the website owner would have to collude with a large or strong miner or a pool.

Currently, there is no known single pool or sufficiently large solo miner that has the hashpower to even consider this kind of attack, plus it is a gamble, so why would they do it?

So, the winning amount, i.e. 16 BTC, is more than a block reward, i.e. 12.5 BTC. Do u think, miners may hold a block now if they place 1 BTC bet with a wrong choice? Appears impossible to me...

Nope. Too risky for a winning amount that small. I'd rather take the 12.5 BTC because I have that now. (not even guaranteed).
member
Activity: 141
Merit: 17
When there is no incentive to mess with the hash, it may be safe to rely on the last digit. But as was said here (and DH above previously) when there is incentive to do so, it is possible to do so.
Recently, www.bitcoinbetting.website made the following announcement...

Maximum bet amount allowed has been raised from 0.1 BTC to 1 BTC. Anything over this amount will be considered as donation.

So, the winning amount, i.e. 16 BTC, is more than a block reward, i.e. 12.5 BTC. Do u think, miners may hold a block now if they place 1 BTC bet with a wrong choice? Appears impossible to me...
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
I think what he's trying to say is not that nothing is probably fair, but nothing is 100% fair and random. A formula will always be restricted by parameters.
I know what he tried to say, I'm just being a jerk about it, grammar police, whatever. Smiley

But when you say "restricted by parameters", ... 128, 256, or 512 bit output... Not something to worry about from a practical point of view. You can argue about it academically all day, won't really matter as it's essentially unpredictable and random for all intents and purposes except analyzing it. They are deterministic.

To predict a block hash, or any digit of the hash, you would need ... to actually mine.
legendary
Activity: 1232
Merit: 1030
give me your cryptos
Lol there is no such thing has truly fair betting. You could use random.org, but their numbers are based on results of a physical anomaly, which is not totally fair.

The best thing atm is probably fair, which has been documented many times.

I don't know what you're trying to say. If both the site and the player have no way to determine the result before it is shown, then it is fair. Using random.org is fair, but no one wants to use that because people in this bitcoin world want provably fair.

Probably fair is not something anyone wants. The probabilities are there, but you want it proven beyond doubt.

I think what he's trying to say is not that nothing is probably fair, but nothing is 100% fair and random. A formula will always be restricted by parameters.
AOL
jr. member
Activity: 140
Merit: 4
The best thing atm is probably fair, which has been documented many times.
It is not probably fair. It is provably fair.
full member
Activity: 214
Merit: 278
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Lol there is no such thing has truly fair betting. You could use random.org, but their numbers are based on results of a physical anomaly, which is not totally fair.

The best thing atm is probably fair, which has been documented many times.

I don't know what you're trying to say. If both the site and the player have no way to determine the result before it is shown, then it is fair. Using random.org is fair, but no one wants to use that because people in this bitcoin world want provably fair.

Probably fair is not something anyone wants. The probabilities are there, but you want it proven beyond doubt.
sr. member
Activity: 378
Merit: 250
It is random as long miners/pools don't care about the site.

If the bets become bigger than subsidy (25BTC), it gets interesting.

Miners/pools can participate on site, rig future block digit to be zero, and sweep all unsuspecting user's funds who bet on 1.

OH and by the way, I know about system how truly fair betting can be constructed, but it's a secret Smiley

Lol there is no such thing has truly fair betting. You could use random.org, but their numbers are based on results of a physical anomaly, which is not totally fair.

The best thing atm is probably fair, which has been documented many times.
full member
Activity: 224
Merit: 100
beatcoin team leader
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
How about the last 2 digits of the block hash? 256 choices / chances.
How about the last 4 digits of the block hash? 65k.

Why not just use the whole block hash, and hash it again. Pair that with another value that is unknown until it is published (but with a SHA256/512 hash) and it's as "provably fair" as it gets. The only one who could cheat is the owner of the site AND if he is a big miner.

Someone else made another site (that has since been gone or sold or something) that computed more hashes for a good half hour (or about 3 blocks worth) on decently powerful hardware so that this eliminated the "miner withholding the block problem", but I think that's overkill and too much work.

My site uses 64 consecutive block hashes, but that's just for following the theme. I could have just use 1 block hash for the same result.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
To be fair:  

You shouldn't rely on the randomness of the hash if people are betting on it.  Especially not after the hashing.

If you have a miner who stands to make more on the bet than they would on the block subsidy, the economics can favor them getting a hash low enough to make a block, but then withholding it, looking for a hash low enough to make the block *AND* having a final digit that will win them the bet as well.  They risk losing the block subsidy if another miner finds a block first, but they can also instantly release the block they found the first instant they get a whiff of the other miner's block, and then they have a nearly-equal chance of getting the block subsidy anyhow.  Meanwhile, they go on looking to win the bet.  


So, according to you, if this game goes big, miners may not publish valid blocks and thereby disrupt bitcoin block generation altogether?
That is if they have sufficient resources to even generate a block. They would probably need a significant hash rate to be able to generate blocks at a reasonable frequency. The miner can always mine the block and start mining on it before publishing it. The miner have a chance to publish two blocks at once and no one else could've solved on it. This theoretically can give them a higher chance of getting the subsequent blocks.

The method mentioned above is quite effective for the attacker and would have a significant chance of succeeding if you have a good amount of hashpower. However, if you do not have a good portion of the network's hash power, your probability of succeeding will be close to insignificant. If someone mined the block when you are withholding it, unless you have a high amount of hash power, more often than not, the block you mined would be orphaned. That obviously depends on which block the miners decided to work on. There is a chance for them to lose both the block reward and the bet altogether.

Miners would have to continue to publish the blocks since the game uses it to determine the results. Bitcoin's block would at the very most be delayed.

full member
Activity: 128
Merit: 100
To be fair: 

You shouldn't rely on the randomness of the hash if people are betting on it.  Especially not after the hashing.

If you have a miner who stands to make more on the bet than they would on the block subsidy, the economics can favor them getting a hash low enough to make a block, but then withholding it, looking for a hash low enough to make the block *AND* having a final digit that will win them the bet as well.  They risk losing the block subsidy if another miner finds a block first, but they can also instantly release the block they found the first instant they get a whiff of the other miner's block, and then they have a nearly-equal chance of getting the block subsidy anyhow.  Meanwhile, they go on looking to win the bet. 


So, according to you, if this game goes big, miners may not publish valid blocks and thereby disrupt bitcoin block generation altogether?
legendary
Activity: 4130
Merit: 1307
To be fair: 

You shouldn't rely on the randomness of the hash if people are betting on it.  Especially not after the hashing.

If you have a miner who stands to make more on the bet than they would on the block subsidy, the economics can favor them getting a hash low enough to make a block, but then withholding it, looking for a hash low enough to make the block *AND* having a final digit that will win them the bet as well.  They risk losing the block subsidy if another miner finds a block first, but they can also instantly release the block they found the first instant they get a whiff of the other miner's block, and then they have a nearly-equal chance of getting the block subsidy anyhow.  Meanwhile, they go on looking to win the bet. 



This.

When there is no incentive to mess with the hash, it may be safe to rely on the last digit. But as was said here (and DH above previously) when there is incentive to do so, it is possible to do so.

Using the last digit of the hash of a single block as the sole random value for a sufficiently large prize is asking for problems.

Even looking at all the values showing it looks random is not sufficient if the lottery drawing (for example) happens every 1000 blocks because you only need to do it once to win a massive sum (eg in the US's Powerball drawing the subsidy is minimal in comparison).  In most of the blocks there is no incentive to select a particular hash so even if someone did it successfully 10% of the time (every 10000 blocks in this example)  it would be undetectable in the noise. 



legendary
Activity: 924
Merit: 1132
To be fair: 

You shouldn't rely on the randomness of the hash if people are betting on it.  Especially not after the hashing.

If you have a miner who stands to make more on the bet than they would on the block subsidy, the economics can favor them getting a hash low enough to make a block, but then withholding it, looking for a hash low enough to make the block *AND* having a final digit that will win them the bet as well.  They risk losing the block subsidy if another miner finds a block first, but they can also instantly release the block they found the first instant they get a whiff of the other miner's block, and then they have a nearly-equal chance of getting the block subsidy anyhow.  Meanwhile, they go on looking to win the bet. 

sr. member
Activity: 244
Merit: 250
Hashes are uniformly distributed over the entire number space, so to answer you question, they are as random as they get. Furthermore, such hashes are routinely used in provably fair algorithms in other sites, sort of like an industry best practice.
full member
Activity: 214
Merit: 278
Normally a standard opinion would say 1 out of 16 but i would rebut in my experience its 1 out 99. But nevermind the hash, and consider this; if you make a certain roll and certain amount to match your roll number to that of the last hash digit then dont do it, theres a less chance youll get it and more btc wasted. But if you have just to guess it without making somebets then go on it doesnt matter if you make a guess as long as you dont lose a significant amount of btc.
They give u the option to bet on multiple options under a certain roll. So, the u have the choice to decide upon your winning probability.
legendary
Activity: 1708
Merit: 1049
cat /tmp/hashlist | sed -e 's/\(^.*\)\(.$\)/\2/' | sort | uniq -c  | sort

Here it is in chart form - definitely random!

Seems to have a small sine-like wave pattern... Look how it "waves".

Obviously that would be smaller with a bigger sample.
Pages:
Jump to: