Pages:
Author

Topic: Introducing PevPot.com The Bitcoin Lottery (Read 12325 times)

legendary
Activity: 1463
Merit: 1886
January 14, 2016, 02:39:38 PM
Do you have any interest in me taking over the operation of the site from you? Or would you rather it just go away?

I'd rather keep the domain myself, to avoid any confusion.

But if you want the code, it's all yours:

https://github.com/RHavar/pevpot     (released under a do-what-you-want license).

Just update all the config (and grep the source to see what it means).

Also, you probably want to password-protect the end points:
https://github.com/RHavar/pevpot/blob/master/src/routes/index.js#L424-L442

I was super lazy Tongue
hero member
Activity: 640
Merit: 500
February 02, 2016, 11:11:57 AM
PevPot Break for ATM  Huh Huh Huh
I looking for #12 And #13 Without result  Roll Eyes

As you can see on the top of pevpot.com or in https://bitcointalksearch.org/topic/m.13552611, draw #11 is the last draw. Ryan also told us in https://bitcointalksearch.org/topic/m.13601232 that the site has been bought and would be transfered to the new owners, but there is not much update on that.
hero member
Activity: 928
Merit: 531
February 02, 2016, 11:07:38 AM
PevPot Break for ATM  Huh Huh Huh
I looking for #12 And #13 Without result  Roll Eyes
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Can you find a method that gives all three of (a), (b), and (c)? It shouldn't rely on any "server secret", since we have no way of knowing for sure that the server owner isn't also playing the game.

Gimme a couple of years, I'll think of something. I'm kinda busy right now, I just got my CompTIA A+ certification. woot!

There's no proof that it isn't, and so the game is "trustably" fair, not provably fair.

Eh... yah, that's something new. "Trustably" fair. I'm going to use that on my new game. You can trust there will always be a winner, just usually not you. hahahahahhaah!
legendary
Activity: 2940
Merit: 1333
Ok. Makes more sense. I was trying to get around the computation part for more than 30 minutes. That's "hard". Not a problem for a once a week game, or even a daily game, but it does mean you have to set aside processing this. This is slow to compute AND slow to verify (please correct me if I'm wrong.)

You're not wrong, but you are kind of missing the point. It is slow *on purpose* so that the miner can't tell whether the block he just mined makes him win or lose, and so he can't cheat by withholding a block that makes him lose. By the time he figures out that his block makes him win it has already been orphaned, so he may as well just publish the block immediately and not try cheating the lottery.

It would be better if it was slow to figure out who won but very quick to verify the result, but nobody was able to come up with a way to do that, and so pevpot uses a calculation that is just as slow to verify as it is to run the first time.

The ideal algorithm would be:

a) slow to determine who won given a list of tickets and the mined block hash
b) quick to verify the winner given a list of tickets, the mined block hash, and the winner
c) deterministic, so that step a) always gives the same winner for the same inputs

It's not hard to find systems which give us any two of these three:

A+C: The current system has (a) and (c), but there's no quick verification step.

B+C: Just using the block hash gives us (b) and (c) - it's instant to verify, and deterministic, but step (a) is also instant and so the miner can cheat.

A+B: We can get (a) and (b) using some kind of proof-of-work algorithm. We search for a nonce such that sha256(blockhash+nonce) starts with 10 zeroes (or whatever difficulty is suitable), then use that new hash to determine the winner. It's slow to find such a nonce, and quick to verify that the nonce works, but it isn't deterministic. Lots of different nonces would work, and give different winners. We could insist that the nonce search starts at zero and works upwards, such that only the lowest such nonce is accepted, but then verification is no longer instant, since we have to replicate the whole proof of work to check that the given nonce is the lowest one that works.

Can you find a method that gives all three of (a), (b), and (c)? It shouldn't rely on any "server secret", since we have no way of knowing for sure that the server owner isn't also playing the game.

I'd also like to avoid external secrets, meaning "real life" secrets. These include actual lottery results from maybe Mega Millions or Powerball. (Although that certainly makes it provably fair, as no way would anyone know the Powerball results before the draw, unless all the balls were rigged.)

Re-read what you just said: that's provably fair unless it isn't... Using powerball numbers isn't provably fair - it is relying on the trust that whatever process they use to select balls isn't rigged. There's no proof that it isn't, and so the game is "trustably" fair, not provably fair.
legendary
Activity: 2940
Merit: 1333
I am pretty bad at explaining things, but I'll try before Dooglus replies and makes me look like a babbling toddler.

That is funny. I read your previous post, and was just about to reply to clarify *why* using N and N+1 is equivalent to only using N+1 but I thought I should read to the end of the thread in case anyone else had already done so. Then I saw this, and it made me laugh out loud.

Now I'll read to the end of the thread...
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
-snip-

Make sense?

Ok. Makes more sense. I was trying to get around the computation part for more than 30 minutes. That's "hard". Not a problem for a once a week game, or even a daily game, but it does mean you have to set aside processing this. This is slow to compute AND slow to verify (please correct me if I'm wrong.)

My 64 blocks was just a theme thing; I don't even have to do it more than once, but I guess people can just look back a couple of days ago to verify. It's understandably more complicated, but I'm not sure that has any impact on the game itself. (People regularly play on non-provably fair casinos.)

The hash chain as a service is an idea, but it relies on the service being available. I had a lotto 3 years ago (which didn't even have its own website, not really anyway), it used secrets from other sites, and at least the little-bit-at-a-time has a secret revealed every hour, and random.org is a completely unrelated site with no connection to crypto. A poor man's version is a secret from another popular site that can be revealed on demand.

I'd like to avoid that. The problem was I was using SatoshiDice secrets, and they were always delayed by an hour or two. The others were published on time a minute after midnight UTC.

The only other way is a server secret, such as the hash chain, combined with a block hash. But that leaves the remote possibility of the owner colluding with a miner, or the owner is a large miner. I argue if the issue is trust, people would not deposit coins, but as has been pointed out, this remote possibility is, well, possible.

I'd also like to avoid external secrets, meaning "real life" secrets. These include actual lottery results from maybe Mega Millions or Powerball. (Although that certainly makes it provably fair, as no way would anyone know the Powerball results before the draw, unless all the balls were rigged.)
legendary
Activity: 1463
Merit: 1886
Question: What if you use 2 or 3 consecutive blocks as the basis for the winning hash?

Advantage: No need to do 1 million bcrypt or pbkdf calculations quick to verify; unlikely for a single miner to mine 2 blocks in a row.


I am pretty bad at explaining things, but I'll try before Dooglus replies and makes me look like a babbling toddler.


What is the attack if you just use a single bitcoin block hash?

A miner can construct a function, f  which tells it whether or not it should broadcast the block that it just mined. It might look something like this:
Code:
function f(justMinedHash)  {
  var winningTicket = justMinedHash % totalTickets;
  return isMyTicket(winningTicket);
}


So now, lets say we use 2 hashes, instead of just one. Well, now a miner just needs to make a miner-code adjustment (this generalizes to any amount of previous hashes)
Code:
function f(justMinedHash)  {
  var winningTicket = cat(previousBlock, justMinedHash) % totalTickets;
  return isMyTicket(winningTicket);
}

and it has absolutely zero impact on their ability to pull off the same attack.


Ok, so now let's use the block-stretching scheme, that pevpot uses. Well a miner can construct the same function:
Code:
function f(justMinedHash)  {
  var winningTicket = stretch(justMinedHash) % totalTickets;
  return isMyTicket(winningTicket);
}

but the difference is the function takes an hour to run! This means they can't broadcast the just mined block for an hour. And when you have the new unbroadcasted blockchain tip, time is money. Because loosing the block-race (which you probably will) will cost you a fair bit (and during the time the block is stretching, you'll have to mine on the probably-orphaned chain, adding to the cost of failure)


Make sense?

legendary
Activity: 1463
Merit: 1886
(Also the winner of draw #11 has been paid out, I just never updated the webpage)

Question: What if you use 2 or 3 consecutive blocks as the basis for the winning hash?

If you use block N and N+1 to generate the result, that has the exact security equivalence of just using block N+1. iirc I think I brought this up with you before about your site, which combines 64 bitcoin block hashes; it's functionally equivalent to using a single bitcoin block hash, except now you're just dragging around a lot of complexity for nothing.


One of the key goals of provably fair, is to make it as simple as possible to verify.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Question: What if you use 2 or 3 consecutive blocks as the basis for the winning hash?

Advantage: No need to do 1 million bcrypt or pbkdf calculations quick to verify; unlikely for a single miner to mine 2 blocks in a row. You only wait an average of 20 minutes to find out if your block could have lost, but then it's too late for the miner.
Disadvantage: Waiting time. You pick 2 blocks AFTER the end of the round, and you also probably wait 6 blocks after that, for a total of 8 blocks. (The 6 confirms is needed so the 2 blocks are probably not orphaned and part of the blockchain.)

You could also keep a server seed secret, and it could be generated like moneypot's canonical hash chain or that 64 hash thing in another thread.

I believe we have the recipe for another raffle or lottery style game (and it's all here in this post), I just don't have the budget to do it (not unless someone buys my site.)
legendary
Activity: 1540
Merit: 1016
It reads "Draw #11 will be the last draw. Please do not deposit money after the draw ends, or sponsor further draws. =) See: bitcointalk for more details."

and Draw #12 is running Huh

Someone purchased the site from ryan and will continue the site as if nothing changes but ryan doesnt know who the new owner is either. Well if you are comfortable with it just keep on playing on the site though every risk is on your own. Kinda weird the new owner doesnt even make a new pevpot thread

Just a heads up. Someone has purchased pevpot.com from me, so after the current draw (#11) -- I will be transitioning it to them, where the addresses will change. =)
legendary
Activity: 1302
Merit: 1005
New Decentralized Nuclear Hobbit
It reads "Draw #11 will be the last draw. Please do not deposit money after the draw ends, or sponsor further draws. =) See: bitcointalk for more details."

and Draw #12 is running Huh
sr. member
Activity: 392
Merit: 251
That is because most of the wins were from one people.

If I am not wrong last game is winning by people who deposit 0.1 and someone deposit 0.99 losing. It is possible that low deposit people will have this luck and high deposit people sometimes will lose too because it can really assure your winning though only boost your winning chance but still you can lose it sometimes

This can always happen. This is almost exactly the same as CSGOjackpot, sweetstakes.tf, and all the other variants. I'm a regular player on these sites, and ive seen firsthand people winning thousand dollar items with their twelve cent item Smiley
sr. member
Activity: 392
Merit: 251
Guess I did something wrong in my calculations

*whew* apparently I was disgusted for nothing

Hehe I guess you must be feeling very disappointed now. I mean, losing a lottery is one thing, losing a lottery when you thought you have won is another thing. Smiley

Cowbay's won before though, so lucky, lucky him. I've played in pots before, but not necessarially bitcoin pots, but CSGO and TF2 pots. I always seem to lose those.
legendary
Activity: 910
Merit: 1000
Guess I did something wrong in my calculations

*whew* apparently I was disgusted for nothing

Hehe I guess you must be feeling very disappointed now. I mean, losing a lottery is one thing, losing a lottery when you thought you have won is another thing. Smiley
member
Activity: 77
Merit: 10
Guess I did something wrong in my calculations

*whew* apparently I was disgusted for nothing
legendary
Activity: 1736
Merit: 1023
Guess I did something wrong in my calculations
legendary
Activity: 1876
Merit: 1303
DiceSites.com owner
Yeh, I calculated the same winner yesterday.
legendary
Activity: 1463
Merit: 1886
Also this is the winner I got:

https://www.pevpot.com/draws/11

(which doens't seem to be cowbay)

Anyone want to verify? Cheesy
legendary
Activity: 1463
Merit: 1886
Sorry, was out all day and forgot about the lotto. I'm running the verification now.

Do you vouch for this guy to continue to run the business ? Could you tell us who the new owner is? I would not like someone unknown to steal my deposits when im playing this game becaue this is not like dustdice where you have insurance that your money is safe with moneypot

To be honest, I don't know the guy. I had already released the code, and someone approached me for what basically amounts to the domain. I was originally going to keep the domain, just to avoid confusion. But it's hard to say no to free hundreds of dollars, so sold it is (I've already been paid).


Is that someone dooglus? I saw in the previous page that he was interested in taking over. It would be a great news if so, as the biggest difficulty of running and promoting the site is that the owner has to be widely recognized as trustworthy.

No, it's not. But he (and everyone else) has access to the code, so who knows what will happen

P.S. @ryan Do you currently have any projects you're working on? Your ideas are quite creative and unique, but it seems like you have a habit of selling them Grin (except for the case of BaB)

lol thanks =) But what can I say, I've got a short attention span. I think pevpot was my 5th bitcoin project, but my last bitcoin project for a while. I have some ideas for bitcoin projects I'd like to do, but feeling a bit burnout and disillusioned with  the general bitcoin community at the moment Tongue Right now I'm taking a break with running bustabit and working on something totally unrelated to bitcoin or gambling  Tongue
Pages:
Jump to: