Topic: Just-Dice.com : Invest in 1% House Edge Dice Game - page 224. (Read 435362 times)

You actually need a LOT more than that.  Getting a provable source of entropy isn't actually the real difficult part.  The hard part is means by which dooglus can use that source to process rolls AND can prove that the details of the bet weren't changed after he obtained the random number.  What you seem to miss is that distinction - and it's massive.

Here's the rough flow of what should happen :

Player makes a bet
Dooglus obtains verifiable random number
Result of bet is calculated.

How do you ensure that the right random number is applied to an unchanged bet?  Without massively slowing down the system it's very hard to do.  But if you can't guarantee that the bet processed is the one intended before the result was calculated then suddenly NOTHING is secure any more.  Dooglus could cheat players by getting 10 random numbers then working out which combination of applying them to 10 pending bets gave the house the most.  Or he could cheat investors by betting himself, working out the result then changing the bet size (or even odds) dependent on what the result was.  We'd be worse off than we already are.

Conceptually the solution is easy - bets are logged in public first then some combination of a hash of the bet details + a timestamp used to generate the seed for a random number.  But putting that concept into practice is harder than it might sound - you have to deal with things like what if the external source becomes unavailable (do bets hang or are they cancelled?  can he selectly choose not to receive results if he doesn't like them?).  And you also then have to find a random source where it's verifiable which output is produced from which input - but where such results can't be obtained in advance (which means real-time sampling of entropy based on the time-stamp element).

It's using a sledgehammer to crack a walnut.  The solution already exists - if you don't believe he'll act in good faith then don't invest.  Every investment without a fixed rate of return has the potential for the issuer to act in bad faith and cheat investors subtly.  There's no reason why this one should be any different.

First of all: dooglus is the inventor of provably fair? That's damn cool.

So what would be needed to remove the possiblity for the site operator to defraud the investors, would be an verifiable external source of entropy over which the site operator has no control and that all participants can verify independently. If the bitcoin blockchain generated blocks more rapidly, I suppose that could be used. Or maybe not, because the operator could still discover a block then place a huge bet (knowing all the secrets) right before submitting the block to the network. Maybe using a block a certain number of steps ahead of the current block - the site operator would have to discover and withhold all blocks between now and then, and then place the bet and immediately broadcast all the blocks before any other node found a block. It would make it more difficult for the site operator to cheat, but bets would no longer be "instant", so I guess the whole game would lose appeal.

Anyway, it's a really interesting problem (but if the inventor of provably fair hasn't found a solution, what chance do I have?) - sorry for derailing the thread.

That too.  Even if I was dishonest it would make no sense to make a big fuss about "I can't lose" and whatever else he was saying.

I expect you're joking, but I didn't invent provably fair!

The first implementation of it I was was on bitjack21.com (or whatever it was called), and later bitZino.com implemented much the same system.

Before I gave up on a system that was provably fair against the operator cheating, I was thinking of a system where each investor runs a small server of their own which {does something} to each bet in real time, and passes it on to the next investor's server.  Each investor seeds their own server, and so there's no way of cheating unless all the investors cooperate.

But then if any one of them goes offline, the site stops working.

"OK, so any 7 of 10 investors can generate the roll"?

Well, in that case I'll just try various sets of 7 from 10 until I find one that makes me win...

Any way you roll it, I can't see a reliable way of stopping myself from being able to cheat while also having the site be able to process player rolls quickly.

Not really, but the log does contain records of each connection and disconnection.  So if it really mattered, I could go back and work out how many connections were open at any particular point in time.

Going forwards it might be interesting to report that number in real time.

Besides it's totaly stupid for dooglus to cheat this much at a time. If he wanted to he'd do it slowly over time, not like this.

Provably Fair works thus:

1. server seed = hashed and shown = can prove server seed did not change.
2. client seed = you, as the player, set this, AFTER you know the server seed is set.
3. secret revealed, you can now prove to yourself you had a fair game.




I was betting 50,000 coins at a time during that testnet phase. But then, we didn't have a bot capable of doing 20 bets per second, that would have been fun to watch.

I can double, or triple or quadruple the money, but you can't bankrupt the site because of the 1% max profit. Even if you make 100 wins in a row with max profit on each, the amount keeps getting smaller.

To really play and attract whales (and dolphins, and tilapia) the max profit must be high, the invested amount must be high. Even if 98% win, the 2% that lose big will make the site profitable. Usually, it's the other way around, 98% lose, 2% win, those winners just either keep quiet or make a lot of noise.

Of course, as everyone knows, I have the worst case of gambler's fallacy ... Gimme 0.4 I will turn it to 2.0. Therefore, gimme 400, I will turn it to 2000. Then there is that guy who did a 15x from 2 to 30. So one could think they can turn 200 to 3000.

The benefit of the client seed is to keep the server from cheating. Imagine if you were betting on 10%, and the server gave you a secret which had been pre-tested, and the first 1000 rolls were between 10 and 90.

I read the provable fair page, and don't get why it has to be so many steps.

What's wrong with just,

server calls a random function to generate a number and a secret string, combines them and returns the hash of it,

the number is released along with the secret string.

what's the benefit of the client seed other than "to further randomize the rolls." ? the randomness from server is not enough ?

It wouldn't change anything.  Dooglus could just request a random number from random.org then change his bet size once he calculated what the result was.  And that's IF there was some way of proving which random number was used for which bet.  It adds complexity but no solution.

EDIT: If your concern is trusting dooglus then you can't trust ANY server logs or similar he has access to.  That's what makes the problem (if it is one) very hard to solve.

The most recent big win is another reason we need graphs!

Deprived,
   They would not know the server seed, so that would not be a vulnerability.  There would be the client seed, server seed and then the server seed would be hashed using a random number generated by random.org.  This would make the game provably fair to investors.  There are many proven true random # generator sites out there besides random.org also
Mechs

Before dooglus invented provably fair, we just played Dice Games and hoped for the best. Now that JD came out we understand how useful that was. In this thread we tried to find a RNG that the owner can't manipulate, but if it's not possible then that's fine. It's not like investors will go to a competitor who has it.

Dooglush do you have numbers of people that were watching todays madness ? Even though we lost a lot I was having a lot of fun and there was a lot of fuzz in the chat

It wouldn't change anything unless random.org were told the bet in advance, recorded it and disclosed it - as otherwise you could change what you bet once you knew the result from them.  And if they recorded the bet BEFORE revealing the random number then suddenly we have to start trusting that THEY aren't betting and exploiting it.

Beyond a certain point investors just have to trust - not just in this but in many investments.  How do investors know mining companies who have a machine break down didn't swap a good one for a bust one of their own?  How do investors know an investment/trading funs isn't creaming off cash by buying/selling from alt accounts?  etc.

At a certain stage people have to stop worrying about things that are only detectable from statistical analysis after the fact.  Short of having a 24/7 live video feed it's hard to stop or detect a lot of types of fraud.  You have to either be willing to assume some degree of good faith or just not invest.

Doog: I think so - I believe they keep a log and it is generated in fractions of a second. I suppose you could still try and front run it but with fractions of a second that would be difficult. Not saying it is bulletproof but it may raise investor confidence

Do I ask these 10 investors for a number for every bet?  10 investors times 20 times per second = a lot of asking!

If not, I can still see what number I'm about to roll, and bet accordingly.

Same effect - and the effect is all I was concerned about.

I'm not familiar with everything random.org has to offer.

But is it probably fair?  Is there any way I can prove to the player that the seed that made them lose was fairly chosen by random.org, and not carefully calculated by JD to make them lose?

To be clear, I don't block or return deposits over the 500 BTC.  I just don't credit them to user accounts until I've withdrawn the funds from inputs.io into my real wallet.