How random the last digit of a block hash really is? - page 2.

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

Quote from: Rupert Murdoch on November 05, 2016, 09:59:27 AM

Quote from: rambeazle on July 11, 2016, 01:47:14 PM

Hashes are uniformly distributed over the entire number space, so to answer you question, they are as random as they get. Furthermore, such hashes are routinely used in provably fair algorithms in other sites, sort of like an industry best practice.

Is there any mathematical proof of that or it is just an assumption based on previous data?

As far as I am aware, there is no "proof", not in the mathematical sense. Try this, make a list of numbers from 1 to 1 billion. Get the SHA256 (or any other) hash of these numbers. You'll see, the hashes are uniformly or evenly distributed. It's not perfect.

You can check the last digit and see if you get close to the expected results.

Ya-ing

member

Activity: 119

Merit: 100

As I understand randomness... it is not that anything in the computer world is really random. It is just too complicated to calculate and predict.

Rupert Murdoch

newbie

Activity: 44

Merit: 0

Quote from: rambeazle on July 11, 2016, 01:47:14 PM

Hashes are uniformly distributed over the entire number space, so to answer you question, they are as random as they get. Furthermore, such hashes are routinely used in provably fair algorithms in other sites, sort of like an industry best practice.

Is there any mathematical proof of that or it is just an assumption based on previous data?

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

I think the "threshold" for risking losing 99.99% of earning 12.5 BTC is a gamble of how many percent of their hashpower is to the total network of about double or triple. Or 25 BTC. Or more.

No miner in his right mind will give up the current block reward for anything less than double or triple that. I think no miner would give up 12.5 BTC unless the gamble has a higher than 50% chance of earning 25 BTC, or a higher than 75% of earning 50 BTC (if the bet or prize gets that big).

Now if the last digit of a block hash is used in conjunction with a secret, then the website owner would have to collude with a large or strong miner or a pool.

Currently, there is no known single pool or sufficiently large solo miner that has the hashpower to even consider this kind of attack, plus it is a gamble, so why would they do it?

Quote from: Jimmy Wales on October 04, 2016, 01:53:21 PM

So, the winning amount, i.e. 16 BTC, is more than a block reward, i.e. 12.5 BTC. Do u think, miners may hold a block now if they place 1 BTC bet with a wrong choice? Appears impossible to me...

Nope. Too risky for a winning amount that small. I'd rather take the 12.5 BTC because I have that now. (not even guaranteed).

Jimmy Wales

member

Activity: 144

Merit: 17

Quote from: cr1776 on July 12, 2016, 06:30:23 AM

When there is no incentive to mess with the hash, it may be safe to rely on the last digit. But as was said here (and DH above previously) when there is incentive to do so, it is possible to do so.

Recently, www.bitcoinbetting.website made the following announcement...

Quote from: Bitcoin Gambling on September 19, 2016, 06:14:18 PM

Maximum bet amount allowed has been raised from 0.1 BTC to 1 BTC. Anything over this amount will be considered as donation.

So, the winning amount, i.e. 16 BTC, is more than a block reward, i.e. 12.5 BTC. Do u think, miners may hold a block now if they place 1 BTC bet with a wrong choice? Appears impossible to me...

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

Quote from: Decoded on September 30, 2016, 07:09:27 AM

I think what he's trying to say is not that nothing is probably fair, but nothing is 100% fair and random. A formula will always be restricted by parameters.

I know what he tried to say, I'm just being a jerk about it, grammar police, whatever.

But when you say "restricted by parameters", ... 128, 256, or 512 bit output... Not something to worry about from a practical point of view. You can argue about it academically all day, won't really matter as it's essentially unpredictable and random for all intents and purposes except analyzing it. They are deterministic.

To predict a block hash, or any digit of the hash, you would need ... to actually mine.

Decoded

legendary

Activity: 1232

Merit: 1030

give me your cryptos

Quote from: Dabs on September 09, 2016, 08:36:20 AM

Quote from: MyBTT on September 09, 2016, 12:31:46 AM

Lol there is no such thing has truly fair betting. You could use random.org, but their numbers are based on results of a physical anomaly, which is not totally fair.

The best thing atm is probably fair, which has been documented many times.

I don't know what you're trying to say. If both the site and the player have no way to determine the result before it is shown, then it is fair. Using random.org is fair, but no one wants to use that because people in this bitcoin world want provably fair.

Probably fair is not something anyone wants. The probabilities are there, but you want it proven beyond doubt.

I think what he's trying to say is not that nothing is probably fair, but nothing is 100% fair and random. A formula will always be restricted by parameters.

AOL

jr. member

Activity: 142

Merit: 4

Quote from: MyBTT on September 09, 2016, 12:31:46 AM

The best thing atm is probably fair, which has been documented many times.

It is not probably fair. It is provably fair.

CounterEntropy

full member

Activity: 214

Merit: 278

Quote from: Shockaftermoon on September 05, 2016, 07:11:20 PM

never seen this b4 http://www.bitcoinbetting.website/

Everything has a first time. No?

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

Quote from: MyBTT on September 09, 2016, 12:31:46 AM

Lol there is no such thing has truly fair betting. You could use random.org, but their numbers are based on results of a physical anomaly, which is not totally fair.

The best thing atm is probably fair, which has been documented many times.

I don't know what you're trying to say. If both the site and the player have no way to determine the result before it is shown, then it is fair. Using random.org is fair, but no one wants to use that because people in this bitcoin world want provably fair.

Probably fair is not something anyone wants. The probabilities are there, but you want it proven beyond doubt.

MyBTT

sr. member

Activity: 378

Merit: 250

Quote from: 2c0de on May 31, 2016, 07:06:35 AM

It is random as long miners/pools don't care about the site.

If the bets become bigger than subsidy (25BTC), it gets interesting.

Miners/pools can participate on site, rig future block digit to be zero, and sweep all unsuspecting user's funds who bet on 1.

OH and by the way, I know about system how truly fair betting can be constructed, but it's a secret

Lol there is no such thing has truly fair betting. You could use random.org, but their numbers are based on results of a physical anomaly, which is not totally fair.

The best thing atm is probably fair, which has been documented many times.

Shockaftermoon

full member

Activity: 224

Merit: 100

beatcoin team leader

never seen this b4 http://www.bitcoinbetting.website/

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

How about the last 2 digits of the block hash? 256 choices / chances.
How about the last 4 digits of the block hash? 65k.

Why not just use the whole block hash, and hash it again. Pair that with another value that is unknown until it is published (but with a SHA256/512 hash) and it's as "provably fair" as it gets. The only one who could cheat is the owner of the site AND if he is a big miner.

Someone else made another site (that has since been gone or sold or something) that computed more hashes for a good half hour (or about 3 blocks worth) on decently powerful hardware so that this eliminated the "miner withholding the block problem", but I think that's overkill and too much work.

My site uses 64 consecutive block hashes, but that's just for following the theme. I could have just use 1 block hash for the same result.

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

Quote from: Albert Hamilton on August 20, 2016, 06:08:49 AM

Quote from: Cryddit on July 11, 2016, 10:56:28 PM

To be fair:

You shouldn't rely on the randomness of the hash if people are betting on it. Especially not after the hashing.

If you have a miner who stands to make more on the bet than they would on the block subsidy, the economics can favor them getting a hash low enough to make a block, but then withholding it, looking for a hash low enough to make the block *AND* having a final digit that will win them the bet as well. They risk losing the block subsidy if another miner finds a block first, but they can also instantly release the block they found the first instant they get a whiff of the other miner's block, and then they have a nearly-equal chance of getting the block subsidy anyhow. Meanwhile, they go on looking to win the bet.

So, according to you, if this game goes big, miners may not publish valid blocks and thereby disrupt bitcoin block generation altogether?

That is if they have sufficient resources to even generate a block. They would probably need a significant hash rate to be able to generate blocks at a reasonable frequency. The miner can always mine the block and start mining on it before publishing it. The miner have a chance to publish two blocks at once and no one else could've solved on it. This theoretically can give them a higher chance of getting the subsequent blocks.

The method mentioned above is quite effective for the attacker and would have a significant chance of succeeding if you have a good amount of hashpower. However, if you do not have a good portion of the network's hash power, your probability of succeeding will be close to insignificant. If someone mined the block when you are withholding it, unless you have a high amount of hash power, more often than not, the block you mined would be orphaned. That obviously depends on which block the miners decided to work on. There is a chance for them to lose both the block reward and the bet altogether.

Miners would have to continue to publish the blocks since the game uses it to determine the results. Bitcoin's block would at the very most be delayed.

Albert Hamilton

full member

Activity: 128

Merit: 100

Quote from: Cryddit on July 11, 2016, 10:56:28 PM

To be fair:

You shouldn't rely on the randomness of the hash if people are betting on it. Especially not after the hashing.

If you have a miner who stands to make more on the bet than they would on the block subsidy, the economics can favor them getting a hash low enough to make a block, but then withholding it, looking for a hash low enough to make the block *AND* having a final digit that will win them the bet as well. They risk losing the block subsidy if another miner finds a block first, but they can also instantly release the block they found the first instant they get a whiff of the other miner's block, and then they have a nearly-equal chance of getting the block subsidy anyhow. Meanwhile, they go on looking to win the bet.

So, according to you, if this game goes big, miners may not publish valid blocks and thereby disrupt bitcoin block generation altogether?

cr1776

legendary

Activity: 4228

Merit: 1313

Quote from: Cryddit on July 11, 2016, 10:56:28 PM

To be fair:

You shouldn't rely on the randomness of the hash if people are betting on it. Especially not after the hashing.

If you have a miner who stands to make more on the bet than they would on the block subsidy, the economics can favor them getting a hash low enough to make a block, but then withholding it, looking for a hash low enough to make the block *AND* having a final digit that will win them the bet as well. They risk losing the block subsidy if another miner finds a block first, but they can also instantly release the block they found the first instant they get a whiff of the other miner's block, and then they have a nearly-equal chance of getting the block subsidy anyhow. Meanwhile, they go on looking to win the bet.

This.

When there is no incentive to mess with the hash, it may be safe to rely on the last digit. But as was said here (and DH above previously) when there is incentive to do so, it is possible to do so.

Using the last digit of the hash of a single block as the sole random value for a sufficiently large prize is asking for problems.

Even looking at all the values showing it looks random is not sufficient if the lottery drawing (for example) happens every 1000 blocks because you only need to do it once to win a massive sum (eg in the US's Powerball drawing the subsidy is minimal in comparison). In most of the blocks there is no incentive to select a particular hash so even if someone did it successfully 10% of the time (every 10000 blocks in this example) it would be undetectable in the noise.

Cryddit

legendary

Activity: 924

Merit: 1132

To be fair:

You shouldn't rely on the randomness of the hash if people are betting on it. Especially not after the hashing.

If you have a miner who stands to make more on the bet than they would on the block subsidy, the economics can favor them getting a hash low enough to make a block, but then withholding it, looking for a hash low enough to make the block *AND* having a final digit that will win them the bet as well. They risk losing the block subsidy if another miner finds a block first, but they can also instantly release the block they found the first instant they get a whiff of the other miner's block, and then they have a nearly-equal chance of getting the block subsidy anyhow. Meanwhile, they go on looking to win the bet.

rambeazle

sr. member

Activity: 244

Merit: 250

Hashes are uniformly distributed over the entire number space, so to answer you question, they are as random as they get. Furthermore, such hashes are routinely used in provably fair algorithms in other sites, sort of like an industry best practice.

CounterEntropy

full member

Activity: 214

Merit: 278

Quote from: Mandoy on June 08, 2016, 08:54:35 PM

Normally a standard opinion would say 1 out of 16 but i would rebut in my experience its 1 out 99. But nevermind the hash, and consider this; if you make a certain roll and certain amount to match your roll number to that of the last hash digit then dont do it, theres a less chance youll get it and more btc wasted. But if you have just to guess it without making somebets then go on it doesnt matter if you make a guess as long as you dont lose a significant amount of btc.

They give u the option to bet on multiple options under a certain roll. So, the u have the choice to decide upon your winning probability.

AlexGR

legendary

Activity: 1708

Merit: 1049

Quote from: Taras on June 04, 2016, 02:04:20 PM

Quote from: fronti on June 02, 2016, 09:30:02 AM

cat /tmp/hashlist | sed -e 's/$^.*$$.$$/\2/' | sort | uniq -c | sort

Here it is in chart form - definitely random!

Seems to have a small sine-like wave pattern... Look how it "waves".

Obviously that would be smaller with a bigger sample.

Topic: How random the last digit of a block hash really is? - page 2. (Read 23692 times)