Author

Topic: mutterings from mem: Provable Results vs Provably Fair (Read 4870 times)

newbie
Activity: 42
Merit: 0
The issue with online poker is the same as table top poker.

Online == server admin simply looks @ what cards you are holding.  
Table == Cameras, bystanders sending signals.

Both == Collusion.

As another user mentioned, you can definitely prove the deck was shuffled randomly but you cannot prove or disprove admin honesty in this situation. This is why I only play with small change, Im after a cheap thrill and due to my cheapness Im not an ideal target for a scammer. Its why this is such a classic scene in movies:

Pub + poker table = flip table + gun shoot out.

Wise move. Dooglus points out Mental poker, which looks promising. Setting up a properly shuffled deck looks incredibly convoluted from an engineering perspective, but the basic idea is sound ... best I can tell. There is definitely a market for it, so I think it's only a matter of time before somebody develops something along these lines.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
All other things being equal, your site would be much better the more fair it looks to the player.

As an example, a completely honest and trust worthy individual, new to bitcoins, decides to do a raffle and his method involves pulling physical balls out of a hat and recorded on video. Or that he claims he gets the numbers from random.org.

While the intent is to be honest, most people here have already pointed out the flaws.

The two problems mentioned here about online poker, specifically super users and collusion, are the same problems across all online poker rooms and the solution is to handle them with human intervention.

If people trust you, and also trust the system or the implementation, then it's so much better for you.

If people do not trust the implementation, no matter how provably fair it is (because some users are just lazy or too stupid to change their client seeds) then they will call you a scam, no matter how provably fair you actually are.
mem
hero member
Activity: 644
Merit: 501
Herp Derp PTY LTD
Some kinds of game are going to be a lot easier to make provably fair than others.
Best I can figure, the whole concept of 'provably fair' (as defined here) doesn't really apply to online poker. The closest approximation I can think of might be 'provably fair shuffling', but even that seems problematic because now you have multiple players per shuffle.  Just thinking about it now, wouldn't that require every player to know the client seed of every other player? Or maybe there is a simpler solution? I would definitely add this feature to my site (boot52.nl) if I could come up with a reasonable implementation.

But besides all that, there are much simpler ways for a crooked site operator to cheat. For example, the software might have a 'god mode' which would enable certain people to see all your hole cards. You see? So to me, it all boils down to trust. Either you trust the site operator or you don't.  And if you don't, then advanced cryptography probably isn't going to help -- at least in poker. At least that's my current thinking. Maybe you disagree? -boot

The issue with online poker is the same as table top poker.

Online == server admin simply looks @ what cards you are holding. 
Table == Cameras, bystanders sending signals.

Both == Collusion.

As another user mentioned, you can definitely prove the deck was shuffled randomly but you cannot prove or disprove admin honesty in this situation. This is why I only play with small change, Im after a cheap thrill and due to my cheapness Im not an ideal target for a scammer. Its why this is such a classic scene in movies:

Pub + poker table = flip table + gun shoot out.
legendary
Activity: 1890
Merit: 1000
Landscaping Bitcoin for India!
Quote
Once you click the Play button, we shuffle the transaction id that you sent your payment with and add that to the client seed provided by you. We then hash the strings with SHA256 to get the result. The first X numbers in that string set the winning spin. The client seed can be changed by the player and the shuffled transaction ID is printed after every play in order to verify.

Any thoughts on this?
Is this method considered provably fair with provable results?

The player can cheat using this method, since they can make the txid anything they want by repeating the signing process and then set their client seed so they can generate a specific hash and result.

How about shuffling the SHA 256 Hash of the client and server seed? That should make it unpredictable without adding a secret?
jr. member
Activity: 34
Merit: 1
Quote
Once you click the Play button, we shuffle the transaction id that you sent your payment with and add that to the client seed provided by you. We then hash the strings with SHA256 to get the result. The first X numbers in that string set the winning spin. The client seed can be changed by the player and the shuffled transaction ID is printed after every play in order to verify.

Any thoughts on this?
Is this method considered provably fair with provable results?

The player can cheat using this method, since they can make the txid anything they want by repeating the signing process and then set their client seed so they can generate a specific hash and result.
legendary
Activity: 1176
Merit: 1005
@darkmule, would you be so kind as to enumerate a typical 5 card draw poker game with 4 players, for example. I was thinking of just making a simple game where:

1. Players seed. Dealer shuffles.
2. Dealer gives 5 cards to each player, face down.
3. Players see their cards. Players can immediately verify they were dealt the cards they were meant to have.
4. Player 1 has to check, bet, or fold. This is the blind or opening. He'll fold if he doesn't like his hand.
5. Player 2 can check, raise, or fold.
6. errr.. betting goes around the table to Player 3, to 4, then back to 1.. or.. well, I wanted to keep it simple. This is getting complicated already.
7. Showdown to whoever is left.

My only suggestion is Jacks or Better.  That is, someone has to have at least a pair of jacks to open the action.  With this setup, it should be possible to verify.  Draw poker is also the best variant for this.  Without a draw, this is a game few people would play.

The simplest game where I can see this working is single draw no-limit lowball.  There's a chapter in Doyle Brunson's original Super/System about it, but it is basically an obsolete game.  It would have to be revived.

But absolutely nobody would want to play a five card poker game with just one round of betting.
legendary
Activity: 1890
Merit: 1000
Landscaping Bitcoin for India!
Quote
Once you click the Play button, we shuffle the transaction id that you sent your payment with and add that to the client seed provided by you. We then hash the strings with SHA256 to get the result. The first X numbers in that string set the winning spin. The client seed can be changed by the player and the shuffled transaction ID is printed after every play in order to verify.

Any thoughts on this?
Is this method considered provably fair with provable results?
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
I have never played online poker in any other website, and I have not downloaded any client. So I am coming in, attempting to do this, from a fresh perspective.

I'll take a look at the more popular online poker sites later.

Also, I want to implement this provably fair poker without needing a client. It will either be java or html5 or something that is browser based. I would like to appeal to anyone who can browse using current browsers regardless of OS. Downloadable clients mean I'd have to make one for MacOS, Windows, Linux, Android and iOS. Only the last two would deserve their own clients, the desktop computers should have "optional" clients.

Based on my initial research, browser based poker sites can be played by everyone, except they don't have the client features that some players would want. All those extra features are optional. I'm guessing I can make a browser based poker site with an API so everyone is free to make their own client, but without one, you can just go play.

Verifying the results, might be impractical, but with the game being "provably fair", someone out there will make a script to do this. They would not need to trust the website. All the website needs to do is spit out the hashes and cards which the players can verify, but only for cards they can see.

For disconnecting players, I think a default fold if you don't connect is best. The "all-in" on disconnect does not make sense to me. But I've not played any online poker, so what do I know...

As for cheating, the server can always cheat, that's a given. All casinos can cheat. All dice site owners / operators can cheat. There just isn't a practical way around that. And even if the site does not cheat, what if it does not pay out the pot? All new casinos are probably scams until they have stood the test of time, or the reputation of the operator is at stake. EV could have cheated SD, we would never know. dooglus has said, he could do the same for JD, but he claims he does not.

Collusion, well, not much we can do about that if I want my poker site automated. That would require staff to watch the games and do analysis. Which is what Poker Stars is known for.

Again, I have never played any online poker game. I just did a lot of reading on it two days ago.

I already have an idea on how to implement this provably fair poker shuffling and dealing and verifying only the cards the players may see, but I've got to test it some how. (either on my napkin drawings, my computer or through some ugly looking website.)

@darkmule, would you be so kind as to enumerate a typical 5 card draw poker game with 4 players, for example. I was thinking of just making a simple game where:

1. Players seed. Dealer shuffles.
2. Dealer gives 5 cards to each player, face down.
3. Players see their cards. Players can immediately verify they were dealt the cards they were meant to have.
4. Player 1 has to check, bet, or fold. This is the blind or opening. He'll fold if he doesn't like his hand.
5. Player 2 can check, raise, or fold.
6. errr.. betting goes around the table to Player 3, to 4, then back to 1.. or.. well, I wanted to keep it simple. This is getting complicated already.
7. Showdown to whoever is left.

So, the players see cards in the showdown and their own cards. Other players do not see mucked or folded cards, and do not see the rest of the deck.

I understand that even with one deck of 52 cards, you can have as many as 10 players in a table.

I can shuffle the deck randomly and fairly now, and I can show players only their cards while keeping the rest secret. What I'm having trouble trying to do is get players to contribute to the shuffle and proving they did so without revealing the entire deck.

I think a solution is that the dealer does the shuffling. The players are only allowed to "cut" the deck. Without knowing the cards, they can cut anywhere and it just changes the order the cards are dealt.

Whoa. Wait. While I was typing the above paragraph, it just dawned on me that the players can still shuffle the deck, without knowing the cards. Shuffling = cutting the deck multiple times, it can even be randomly ordered as many times as needed, and a script can be used to verify all of this.

In fact, the dealer does not have to do any shuffling at all. But I'll make it so that there is an initial shuffle, and then a final shuffle after the last player, and both shuffles are provably fair.

aha... I have to test this.

Now, I just need someone to program a website for me, charge 1% rake, and make some money hosting a trusted bitcoin based online poker site. (incidentally, what do non-bitcoin poker sites charge anyway? I only thought of 1% because all the bitcoin dice sites have 1% house edge.)

My implementation will use a 64 character alphanumeric string as the dealer seed, and each player supplies something equivalent (with a limited character set, to prevent players from using obscene words as their seed values), and SHA256 as the hash function.

I'll upgrade it to larger values or to SHA512 later once I get this working.

In fact, to test this for real (after testing it locally on my own computer), I will make a thread, (a forum based poker game) where players post their moves. This is going to be really slow, since I will wait for each player to make a move, and could take days. I'll be the dealer, and I need at least 2 players who aren't going to disconnect on me. Since this is a forum based game, I will consider you disconnected if you don't reply after 3 days.

Yes, that is going to suck because of the wait times.

But it will all be provably fair. How's that?

I better start another thread already or we'll derail this one. Sorry mem for hijacking your thread accidentally.

Here is my thread now:

Provably Fair Online Poker by Dabs
https://bitcointalksearch.org/topic/provably-fair-online-poker-by-dabs-beta-test-1-274068
legendary
Activity: 1176
Merit: 1005
What is a good poker variant to use for this? I am sure once I get the system running, I can probably incorporate any other poker variant, but I think I want to stick to one example first. Maybe a 5 card draw or something like that.

Five card draw with a jacks-or-better starting requirement might be a useful model.  Unlike some poker variants, anyone who actually plays a hand can be compelled to "show their starters" (i.e. prove they had a hand that they were allowed to play).

It still has the issue of people who didn't play not showing.

Any solution to the provably fair poker problem has to deal with the fact that you can't see everyone's cards, even after the fact, but much more importantly, has to be implemented in a client that uses open source software and can be compiled by the end user.  Verifying the results (at least the ones that you can see) doesn't seem to be something that can be done in a single step, and would be very impractical for the end user to do manually.

Also, while provable fairness is a nice gold standard for online gambling, most cheating is going to be done (and has in the past been done) by insiders with access to other people's hole cards and by collusion.  Even if every player provides a seed for the PRNG, so that the deal is provably fair, once the server actually does the deal, an insider may have access while the hand plays out.  Collusion is similarly impervious to provable fairness.

Insiders and collusion constitute the two most serious threats of being cheated in online poker, and as for defective PRNGs, I can only think of one that had any real effect (Planet Poker back in 1999 iirc).  That particular PRNG crack would have been absolutely fatal, but luckily the discoverers documented it rather than using it.  So far as I know, most poker sites now use robust PRNGs seeded with truly random data from some physical entropy source.

So as much as provable fairness is a gold standard, it really seems to me to be a solution in search of a problem.  I am unaware of any case in which an online poker site has been caught rigging the PRNG.  There are just better ways of cheating.

Don't get me wrong, I'd love to see someone do it.  I'm just not sure that except as an academic exercise (and one that is worth doing lest you think I am just being a jerk), it actually will make much difference for poker players.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Okay, I'm going to think of something to solve the first problem, or solution 1. Provably Fair poker but still needs a server (or website).

The goal is to allow players (clients) to supply client seeds in order to shuffle the deck of cards, and for players to verify that they are receiving cards they should receive, but without being able to see cards of other players or cards that no one else would ever see.

This solution provides that the dealer (website) has to know all the cards.

This means, players can verify that they are getting the right cards at the time it is dealt to them, but only those cards. They can't see any other cards, therefore they can't verify those other cards.

Besides, the dealer is needed to act as escrow for the bets.

What is a good poker variant to use for this? I am sure once I get the system running, I can probably incorporate any other poker variant, but I think I want to stick to one example first. Maybe a 5 card draw or something like that.

I'd prefer to stick to one deck of 52 cards, and maybe a maximum of 4 or 5 players. I'll expand the concept later once I get this one game working.

The solution for the second problem, is the P2P client that can't be cheated because it offers a decentralized dealer. This is going to be complicated, so I'll not go into this for now. That or one client always acts as the dealer.
hero member
Activity: 546
Merit: 500
bitzino uses "provable results" in roulette, correct?
jr. member
Activity: 34
Merit: 1
I think we want two solutions to this:

1. With a central server that does not need to be trusted (but can generate the shuffling.)
2. P2P version of poker. No need for servers (except maybe to find other players.)

I like option 1, too. Total decentralization is like the holy grail of online poker, but it seems to me that a central server would still be needed to organize the games, keep them moving along at a reasonable pace, and to act as a trusted escrow service to transfer funds back and forth. Maybe you could build a p2p client to handle all that, but then you'd get cheaters building their own clients to get around any constraints.

It's an interesting problem anyway and I'm pretty sure there is a big market for it. My own informal survey of bitcoin gaming sites tells me that the most profitable sites are also the 'provably fair' sites (bitZino, Just-Dice, etc). People aren't fools (for the most part). A provably fair HU poker site would almost certainly get a lot of action from high-rollers ... is my guess. I can see the $$ in their eyeballs now.

Physical Poker is popular because it is decentralised, you don't need to go to a casino to play, however, you are still depended on the dealer in your group being legit and that no one will run off with all the funds while you play.

A lot of these problems can be solved if using bitcoin as a payment method, using m-of-n transactions helps, but you'll still need a trusted dealer. Otherwise it'd just be like going to an unknown backstreet poker room and trusting that no one will rob you.
newbie
Activity: 42
Merit: 0
I think we want two solutions to this:

1. With a central server that does not need to be trusted (but can generate the shuffling.)
2. P2P version of poker. No need for servers (except maybe to find other players.)

I like option 1, too. Total decentralization is like the holy grail of online poker, but it seems to me that a central server would still be needed to organize the games, keep them moving along at a reasonable pace, and to act as a trusted escrow service to transfer funds back and forth. Maybe you could build a p2p client to handle all that, but then you'd get cheaters building their own clients to get around any constraints.

It's an interesting problem anyway and I'm pretty sure there is a big market for it. My own informal survey of bitcoin gaming sites tells me that the most profitable sites are also the 'provably fair' sites (bitZino, Just-Dice, etc). People aren't fools (for the most part). A provably fair HU poker site would almost certainly get a lot of action from high-rollers ... is my guess. I can see the $$ in their eyeballs now.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Cards that you never get to see in a real life game of poker should not be able to be seen in an online version of poker. That includes other people's cards if they don't show, the deck, the burns ... if you wouldn't see it, you shouldn't be able to see it.

Yes, and that's exactly the problem that "mental poker" solves.  My client knows which cards your client should be allowed to see, and sends just the keys required to decode those cards.  So when I show-down to you, I do so by sending the relevant encryption keys.  And when I muck, I don't.

I read the wikipedia article.

I think we want two solutions to this:

1. With a central server that does not need to be trusted (but can generate the shuffling.)
2. P2P version of poker. No need for servers (except maybe to find other players.)

Wouldn't that be something? You'd have decentralized poker, and with bitcoin implemented you could make it like normal gambling in a normal poker table. No house edge too since there is no house.

The one who provides the table and the beer ... uh... well ... that's why I want the first solution, and I think lots of players won't mind paying a fee for a semi-trusted provably fair poker website that allows deposits and withdrawals in bitcoin.

dooglus, go think about it, I will expect a poker site one year from now.. just-poker. hehehe.
legendary
Activity: 1176
Merit: 1005
And if you had read the thread you would've known this has already been pointed out.
Thanks for your completely useful addition!

And if you had read the thread, you'd have known I was one of the people who previously pointed it out, idiot.

Sorry for repeating myself, but when people ignore what has already been posted and post the same impractical solutions the flaws of which have already been pointed out, and utterly fail to address it, I am forced to repeat myself.
legendary
Activity: 2940
Merit: 1333
Cards that you never get to see in a real life game of poker should not be able to be seen in an online version of poker. That includes other people's cards if they don't show, the deck, the burns ... if you wouldn't see it, you shouldn't be able to see it.

Yes, and that's exactly the problem that "mental poker" solves.  My client knows which cards your client should be allowed to see, and sends just the keys required to decode those cards.  So when I show-down to you, I do so by sending the relevant encryption keys.  And when I muck, I don't.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
However, you at least want to know that the cards you got were fairly given, and provably so.

Any card that isn't specifically mucked by another player could be audited... I think. So that would be: the players own cards, the burn card, the flop, turn, and rivier cards (maybe), any card that makes it to a showdown, plus any remaining undealt cards in the deck. That's quite a few cards that could be audited. The audit wouldn't be airtight, but I see it as a step in the right direction.


Cards that you never get to see in a real life game of poker should not be able to be seen in an online version of poker. That includes other people's cards if they don't show, the deck, the burns ... if you wouldn't see it, you shouldn't be able to see it.
hero member
Activity: 640
Merit: 771
BTC⇆⚡⇄BTC
I vote for a sticky thread (article/tutorial/guide) about that topic: Provable Results VS Provably Fair.

That would be a great guide for new gambling entrepreneurs, casino operators, gamblers, recreational players, etc. in order to adopt it and demand it.

Provably fair massive adoption would be good for everyone: entrepreneurs and also for gamblers. That's a natural evolution on gambling business. That's pretty clear nowadays IMHO.

Thank you mem for starting a good discussion about that topic.

Cheers!
newbie
Activity: 42
Merit: 0
... if collusion is the biggest problem, this "mental poker" thing doesn't help at all.  I can still share hole cards with my buddies over IM.
Here's where I think the technique would work beautifully: high-stakes heads-up poker. Collusion isn't an issue in HU because it's just you versus exactly one other opponent. Your main concern would be a crooked site operator peeking at your hole cards and then sharing that information with your opponent. Mental poker solves that problem nicely.

Disconnects wouldnt' be an issue either becuase you could just forfeit the disconnecting player without being unfair to anyone else.
Woohoo! I think we just invented 'provably fair' heads-up poker! Now back to coding...
legendary
Activity: 2940
Merit: 1333
[* Something must be done. Rampant cheating in the online poker world is killing the game, which is a shame. Let's put our heads together and see what we can do.

I think you're understand the technique properly, and also its shortcomings.  It requires all players to stay connected until the end of the hand.

What cheating are you referring to?  I don't know much about online poker, but if collusion is the biggest problem, this "mental poker" thing doesn't help at all.  I can still share hole cards with my buddies over IM.
full member
Activity: 196
Merit: 100
For card shuffling you could let every user enter a client seed. Concatenate all client seeds alphabetically (to make it reproducible), add an own string and use this total as input for a (P)RNG; mersenne-twister for example

Then take a 52 card deck. Apply a shuffling algorithm to it with the chosen (P)RNG and for example the Fisher-Yates shuffle. Concatenate the deck (as in 2s8d9cJs....) and use some cryptographic hash on that string.

And how many people would be willing to do all this every time you got dealt a hand?

Remember, it's not just the hand you get dealt.  Then there's the flop, the burn card (generally not visible to the player), the turn, another burn card, and the river.

On each street, players are going to be dropping out.

You also have the fact that you don't get to see other people's hands unless they show down.  And nobody is going to want to play on a site where everyone knows every previous hand they have played and can basically completely profile them as a player.

And if you had read the thread you would've known this has already been pointed out.
Thanks for your completely useful addition!
legendary
Activity: 1176
Merit: 1005
For card shuffling you could let every user enter a client seed. Concatenate all client seeds alphabetically (to make it reproducible), add an own string and use this total as input for a (P)RNG; mersenne-twister for example

Then take a 52 card deck. Apply a shuffling algorithm to it with the chosen (P)RNG and for example the Fisher-Yates shuffle. Concatenate the deck (as in 2s8d9cJs....) and use some cryptographic hash on that string.

And how many people would be willing to do all this every time you got dealt a hand?

Remember, it's not just the hand you get dealt.  Then there's the flop, the burn card (generally not visible to the player), the turn, another burn card, and the river.

On each street, players are going to be dropping out.

You also have the fact that you don't get to see other people's hands unless they show down.  And nobody is going to want to play on a site where everyone knows every previous hand they have played and can basically completely profile them as a player.
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
newbie
Activity: 42
Merit: 0
Look further down on Wikipedia, it describes an option with 2 or more servers (then one is yours, the others are servers by random people willing to make your game more trustworthy).
Okay, something along those lines might work. This is starting to look like a lot of work, though. I'm not sure my programming chops are up to the task.
full member
Activity: 196
Merit: 100
* Brilliant
* Lag and disconnects could be a problem. Suppose Alice, Bob, and Carol are playing a game and Bob suddenly decides to disconnect because he would rather pick lint out of his belly button. How are Alice and Carol supposed to finish the game without Bob's keys?
* There could be workarounds, but right now I don't know what they are.
* Something must be done. Rampant cheating in the online poker world is killing the game, which is a shame. Let's put our heads together and see what we can do.

Look further down on Wikipedia, it describes an option with 2 or more servers (then one is yours, the others are servers by random people willing to make your game more trustworthy). Or share the keys with the server. Or put a warning on screen: LEAVING WILL RESULT IN LOSS OF ALL CHIPS PUT IN BY YOU + A FINE. On leave: everyone gets their chips back. Losing persons chips get distributed to other players, when someone just made a huge raise and the person left, calculate a fine based on that (assuming the person left because of the raise). I do not suggest the last option.
newbie
Activity: 42
Merit: 0
It looks like you are trying to invent mental poker.  Would you like some assistance with that?
Sure, I'm in. I've never heard of mental poker before, but it certainly looks like a fun problem... much trickier than I first thought. So let me see if I understand: in a properly shuffled deck, each player would hold a commutative encryption key for each and every card in the deck.  So to 'unlock' a particular card, a player would need to request keys from all of the other players in the game. Do I understand correctly? My first thoughts are:

* Brilliant
* Lag and disconnects could be a problem. Suppose Alice, Bob, and Carol are playing a game and Bob suddenly decides to disconnect because he would rather pick lint out of his belly button. How are Alice and Carol supposed to finish the game without Bob's keys?
* There could be workarounds, but right now I don't know what they are.
* Something must be done. Rampant cheating in the online poker world is killing the game, which is a shame. Let's put our heads together and see what we can do.

 
full member
Activity: 196
Merit: 100

Never heard of this. Sounds like quite a challenge to implement properly. Putting this on my todo list to try to create a pokerroom that does this.
legendary
Activity: 2940
Merit: 1333
Yes, and that is a problem when the money of the 'house' is not involved. I couldn't care less if Stunna plays his own game, but dooglus playing JD and I will refrain from visiting that site.

I have played a little Just-Dice in the past.  I make a point of never playing from an account that isn't called "dooglus", so people can see it's me playing.  Using a different name would feel wrong.  And of course I never look at the server seed, since that would allow me to cheat.

I figure if I was dishonest I could use random other accounts and slowly bleed the site dry, so investors have to trust that I won't do that, or not invest.

My stats:

bets:1,614
wins:652
losses:962
luck:101.25%
wagered:36.32049978
(profit):0.89308763
legendary
Activity: 2940
Merit: 1333
Any card that isn't specifically mucked by another player could be audited... I think. So that would be: the players own cards, the burn card, the flop, turn, and rivier cards (maybe), any card that makes it to a showdown, plus any remaining undealt cards in the deck. That's quite a few cards that could be audited. The audit wouldn't be airtight, but I see it as a step in the right direction.

It looks like you are trying to invent mental poker.  Would you like some assistance with that?
newbie
Activity: 42
Merit: 0
Any card that isn't specifically mucked by another player could be audited... I think. So that would be: the players own cards, the burn card, the flop, turn, and rivier cards (maybe), any card that makes it to a showdown, plus any remaining undealt cards in the deck. That's quite a few cards that could be audited. The audit wouldn't be airtight, but I see it as a step in the right direction.
Something else to think about: In a head's up situation, a comprehensive audit of all un-mucked cards would allow a sharp player to figure out the hole cards of their opponent (from the previous round) by process of elimination. Maybe that's OK if both players are privy to the same information, but it certainly changes the character of the game.
legendary
Activity: 1137
Merit: 1001

Let me use my favourite game roulette as an example.
I as an operator silently observe the bettors and pick their patterns (red/ martingale/ singles/ whatever).
I pre-generate a huge sample of site seeds and client seeds (remember the client cannot set their own) and then cherry pick the results I want.

Say we had a player martingaling their bets on red, to fucking easy throw out 10 blacks and then insist they were randomly selected where in actual fact there is no proof of randomness only proof of result.


This is exploitable by a sharp player. I don't think a crooked casino wouldn't do this.
newbie
Activity: 42
Merit: 0
However, you at least want to know that the cards you got were fairly given, and provably so.

Any card that isn't specifically mucked by another player could be audited... I think. So that would be: the players own cards, the burn card, the flop, turn, and rivier cards (maybe), any card that makes it to a showdown, plus any remaining undealt cards in the deck. That's quite a few cards that could be audited. The audit wouldn't be airtight, but I see it as a step in the right direction.
hero member
Activity: 756
Merit: 522
I think people need to revisit the concept of provably fair.

First, lets give some examples of my gold standard for provably fair:

1: blockchain games that user the players txid (or another input they have no control over) and a daily site secret.
This imho is still as good as it gets, the entire betting history is public and anyone could choose perform an audit to verify outcomes.

2: Any site that shows you a hash of the site seed used for the next round and allows for users to provide their own seed or randomly generates one for them.
This is as good as it gets without a publically auditable db. Bonus points for no blockchain spam as well.

Now lets look @ 'Provable Results'.

2: Any site that shows you a hash of the site seed used for the next round and does not allow users to provide their own seed.

This is not provably fair, this is only provable results.

What is the difference you ask and why are you such a prick about these things site operators ask ?

Let me use my favourite game roulette as an example.
I as an operator silently observe the bettors and pick their patterns (red/ martingale/ singles/ whatever).
I pre-generate a huge sample of site seeds and client seeds (remember the client cannot set their own) and then cherry pick the results I want.

Say we had a player martingaling their bets on red, to fucking easy throw out 10 blacks and then insist they were randomly selected where in actual fact there is no proof of randomness only proof of result.

I have previously been to lenient on this and will be revisiting and speaking with casino operators who have (conveniently ?) overlooked this.

Flu meds wearing off, back to the tv and my heater.

This is an excellent point actually.

I think this discussion has been here a few times already and I completely agree with you.

http://v20.nl/primedice/

Very nice.
full member
Activity: 196
Merit: 100
That still leaves the house being able to cheat by knowing all the cards and telling the players which cards they have. I'm not sure we can do anything about that. It's the same problem with dice sites. The owners (who know the server seeds) can play as a player and win or lose the game on purpose.

Yes, and that is a problem when the money of the 'house' is not involved. I couldn't care less if Stunna plays his own game, but dooglus playing JD and I will refrain from visiting that site.

Also I forgot about the part where you have to be able to muck your cards... I will think about this today and hopefully come up with a way (just woke up so had problems understanding your text)
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Ok, how do you fairly shuffle a deck, and provably show a player's own cards are fairly drawn, without showing other player's cards or hands? Poker specifically has this problem.

As I explained in my post: Fisher-Yates shuffle, create a string out of the deck, hash it. Show the hash beforehand, the entire deck afterwards.
Did you read my post?

But if you show the entire deck afterwards, and everyone knows the order the cards are handed out, everyone can know everyone else's hands. That's a problem in poker, if you do not want other players to know your cards even if you lost.

You only show your hand if you win. In fact, you don't need or you don't want to show your hand if you win because everyone else folded. However, you at least want to know that the cards you got were fairly given, and provably so.

The solution, I think is to hash each card and a nonce that indicates the position of that particular card in the deck. The player that holds the cards can see his own cards, but not the others, and can verify that his cards come from the deck in the order it was supposed to.

This is possible, but it might become unwieldy to verify. You have to create a hash for the shuffling seed, and a hash for each card. If you only use one deck, that is still 52 cards or 53 hashes. If you use multiple decks, that's a lot more hashes.

Also, it doesn't have to be Fisher-Yates, but any shuffling where everyone knows the procedure, that uses maybe SHA256 (as always) with random seeds that can be revealed after the game. (After reading about it, everything that can shuffle can fit into a Fisher-Yates variant or something similar.)

As far as players are concerned, it will be Provably Fair as well as Provable Results.

That still leaves the house being able to cheat by knowing all the cards and telling the players which cards they have. I'm not sure we can do anything about that. It's the same problem with dice sites. The owners (who know the server seeds) can play as a player and win or lose the game on purpose.
full member
Activity: 196
Merit: 100
Even though 'provably fair shuffling' != provably fair,

That is true, but as I said: if you implement this it is impossible for you to deal yourself a Royal Flush and get away with it. People would quickly look up the hashes and see that they don't match and know that you tampered with the shuffling. Of course at that moment everyone lost their money already but at least it is proven that it was rigged.

Right now you can deal anyone whatever you like and nobody will know.
newbie
Activity: 42
Merit: 0
... Fisher-Yates shuffle, create a string out of the deck, hash it. Show the hash beforehand, the entire deck afterwards.

It's certainly an interesting problem ... much trickier than I first imagined. Even though 'provably fair shuffling' != provably fair, I agree that the feature is still worth implementing. Rumors are running rampant that the shuffling algorithm on Pokerstars is rigged to favor the weaker players. See http://www.pokerscout.com/AllReviews.aspx?id=1 , and the general mood seems to be that most of these poker sites are crooked as a barrel of snakes. This would at least help to build back some trust.

I like your idea though, and I recall that libertaad wrote some excellent aricles on 'provably fair' not so long ago which I need to go back and re-read. I'll give the subject some more thought and see what I can come up with.   

full member
Activity: 196
Merit: 100
Ok, how do you fairly shuffle a deck, and provably show a player's own cards are fairly drawn, without showing other player's cards or hands? Poker specifically has this problem.

As I explained in my post: Fisher-Yates shuffle, create a string out of the deck, hash it. Show the hash beforehand, the entire deck afterwards.
Did you read my post?
sr. member
Activity: 476
Merit: 250
SatoshiDice, SatoshiCircle & SatoshiSlot Support
I think people need to revisit the concept of provably fair.

First, lets give some examples of my gold standard for provably fair:

1: blockchain games that user the players txid (or another input they have no control over) and a daily site secret.
This imho is still as good as it gets, the entire betting history is public and anyone could choose perform an audit to verify outcomes.

2: Any site that shows you a hash of the site seed used for the next round and allows for users to provide their own seed or randomly generates one for them.
This is as good as it gets without a publically auditable db. Bonus points for no blockchain spam as well.

Now lets look @ 'Provable Results'.

2: Any site that shows you a hash of the site seed used for the next round and does not allow users to provide their own seed.

This is not provably fair, this is only provable results.

What is the difference you ask and why are you such a prick about these things site operators ask ?

Let me use my favourite game roulette as an example.
I as an operator silently observe the bettors and pick their patterns (red/ martingale/ singles/ whatever).
I pre-generate a huge sample of site seeds and client seeds (remember the client cannot set their own) and then cherry pick the results I want.

Say we had a player martingaling their bets on red, to fucking easy throw out 10 blacks and then insist they were randomly selected where in actual fact there is no proof of randomness only proof of result.

I have previously been to lenient on this and will be revisiting and speaking with casino operators who have (conveniently ?) overlooked this.

Flu meds wearing off, back to the tv and my heater.

Bang on MEM!
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Ok, how do you fairly shuffle a deck, and provably show a player's own cards are fairly drawn, without showing other player's cards or hands? Poker specifically has this problem.
full member
Activity: 196
Merit: 100
For card shuffling you could let every user enter a client seed. Concatenate all client seeds alphabetically (to make it reproducible), add an own string and use this total as input for a (P)RNG; mersenne-twister for example

Then take a 52 card deck. Apply a shuffling algorithm to it with the chosen (P)RNG and for example the Fisher-Yates shuffle. Concatenate the deck (as in 2s8d9cJs....) and use some cryptographic hash on that string.

Before the game, publish the hash of the original seed and the hash of the shuffled deck.
Correctly specify in which order the game takes cards from the deck and if it burns cards (which makes no sense IMO, but some do it) and then after the game make all client seeds, the server seed and the final result permanently visible on the site (this is something I really want on your site, to at least see all previous games I had).

Ask all players for a new seed and start at the top.

Of course this won't help anyone in knowing if you cheat by seeing all cards of other players but it at least makes it impossible to deal yourself a royal flush and getting away with it.
newbie
Activity: 42
Merit: 0
Some kinds of game are going to be a lot easier to make provably fair than others.
Best I can figure, the whole concept of 'provably fair' (as defined here) doesn't really apply to online poker. The closest approximation I can think of might be 'provably fair shuffling', but even that seems problematic because now you have multiple players per shuffle.  Just thinking about it now, wouldn't that require every player to know the client seed of every other player? Or maybe there is a simpler solution? I would definitely add this feature to my site (boot52.nl) if I could come up with a reasonable implementation.

But besides all that, there are much simpler ways for a crooked site operator to cheat. For example, the software might have a 'god mode' which would enable certain people to see all your hole cards. You see? So to me, it all boils down to trust. Either you trust the site operator or you don't.  And if you don't, then advanced cryptography probably isn't going to help -- at least in poker. At least that's my current thinking. Maybe you disagree? -boot
full member
Activity: 196
Merit: 100
Another suggestion is to have the site operator video the bets with camtasia, this would be a lot more verifiable than any server or client seed generator nonsense that can easily just be edited. 

I agree. If you have any concerns with this method, please contact me at [email protected]
sr. member
Activity: 792
Merit: 250
20BET - Premium Casino & Sportsbook
Another suggestion is to have the site operator video the bets with camtasia, this would be a lot more verifiable than any server or client seed generator nonsense that can easily just be edited. 
full member
Activity: 224
Merit: 100
You're totally right Mem, a site that doesn't allow for users to provide a seed prior to the roll or isn't Blockchain based shouldn't be considered provably fair. There is far too many provably fair games out right now.
jr. member
Activity: 34
Merit: 1
I too have the same concerns about you, many operators have a few hours delay before releasing a secret, giving them plenty of time to change the secret hash, invalidate bets, or even just outride delete them and pretend the deposit address they gave out doesn't belong to them.

I have just posted this link and scrolled down to see your post. I think I have closed some of the gaps in the off-blockchain provably fair by using the ecdsa cryptographic signing functions of Bitcoin. Take a look.

https://bitcointalk.org/index.php?topic=267659.new#new
legendary
Activity: 1176
Merit: 1005
Flu meds wearing off, back to the tv and my heater.

Some kinds of game are going to be a lot easier to make provably fair than others.  One necessity for being able to prove fairness (without some kind of independent audit) is that you actually know all the results.  In a dice game, you can basically know everyone's results over the history of the game.  In a lottery game, you can have some independently verifiable source of the seed, like for instance an actual real world lottery.  Basically, you need very little entropy for a probable result.

In games like poker, you need a tremendous amount of pseudorandom numbers generated in real time.  You also don't get to see the final results, just whatever hands make it to the river.  People are also generally going to be unwilling to have the cards they had known to the other players without seeing a showdown.  

Now, by collecting large numbers of hand histories, you can analyze whether the action is funky, like flush draws are coming in more often than they should, but you can't really prove it's honest.  You can just show the results are consistent (or inconsistent) with the PRNG being fair.  I'm sure there are other games where it would be difficult to be provably fair, but poker is definitely a big one where it would be tricky to do.
hero member
Activity: 504
Merit: 500
Quote
2: Any site that shows you a hash of the site seed used for the next round and allows for users to provide their own seed or randomly generates one for them.

If the site also generates the client seed, it's just like two server/site seeds. The user HAS to choose it themselves, AFTER showing the server seed. A nonce should be used to make this more user friendly & so lazy people can't be potentially abused (Looking at you Stunna..)
hero member
Activity: 804
Merit: 500
Hello! Bitcoin Video Casino chiming in here...

We just want to say hello and talk about how we do our provably fair system. 

Our system works by picking a server seed before you spin or deal.  With every spin or deal request the javascript code, running in your browser, selects a random number and includes that number in the HTTP AJAX request.  We incorporate that client seed into the number generator seed like so:

Code:
game_seed = server_seed + client_seed;
shuffle_seed = sha256(game_seed);

where shuffle_seed is then used to seed a Mersenne Twister random number generator.  This guarantees that we haven't manipulated the server seed as we send you the result of sha256(server_seed) *before* you choose to deal the cards/throw dice/spin the wheel.  Every time you refresh the browser, you'll get a new server seed.  After the deal we reveal the server seed and you can verify that the hash of the server seed was correct, that the client seed you provided was indeed incorporated into the final game seed and that the game seed produces the correct set of random numbers.

In fact, since our client-side code is publicly available you can see (for each of our games) the check_game function (see http://bitcoinvideocasino.com/static/slots.js around line 330 function check_game) where we check every single game that's played in your browser.

Quote
I as an operator silently observe the bettors and pick their patterns (red/ martingale/ singles/ whatever).
I pre-generate a huge sample of site seeds and client seeds (remember the client cannot set their own) and then cherry pick the results I want.

We definitely can't do this as our system requires the incorporation of a client seed into the dice/deck shuffles.  The client seed is chosen via crypto.getRandomValues() or if that isn't available, Math.random().

Quote
2: Any site that shows you a hash of the site seed used for the next round and does not allow users to provide their own seed.

This is not provably fair, this is only provable results.

We will definitely look into providing some way for the user to specify a lucky client seed if this is something our players want to see!
mem
hero member
Activity: 644
Merit: 501
Herp Derp PTY LTD
I think this discussion has been here a few times already and I completely agree with you.

http://v20.nl/primedice/

excellent demonstration
full member
Activity: 196
Merit: 100
I think this discussion has been here a few times already and I completely agree with you.

http://v20.nl/primedice/
mem
hero member
Activity: 644
Merit: 501
Herp Derp PTY LTD
I think people need to revisit the concept of provably fair.

First, lets give some examples of my gold standard for provably fair:

1: blockchain games that user the players txid (or another input they have no control over) and a daily site secret.
This imho is still as good as it gets, the entire betting history is public and anyone could choose perform an audit to verify outcomes.

2: Any site that shows you a hash of the site seed used for the next round and allows for users to provide their own seed or randomly generates one for them.
This is as good as it gets without a publically auditable db. Bonus points for no blockchain spam as well.

Now lets look @ 'Provable Results'.

2: Any site that shows you a hash of the site seed used for the next round and does not allow users to provide their own seed.

This is not provably fair, this is only provable results.

What is the difference you ask and why are you such a prick about these things site operators ask ?

Let me use my favourite game roulette as an example.
I as an operator silently observe the bettors and pick their patterns (red/ martingale/ singles/ whatever).
I pre-generate a huge sample of site seeds and client seeds (remember the client cannot set their own) and then cherry pick the results I want.

Say we had a player martingaling their bets on red, to fucking easy throw out 10 blacks and then insist they were randomly selected where in actual fact there is no proof of randomness only proof of result.

I have previously been to lenient on this and will be revisiting and speaking with casino operators who have (conveniently ?) overlooked this.

Flu meds wearing off, back to the tv and my heater.
Jump to: