Topic: Please review my provably fair idea for my future casino game (Read 824 times)

thank You very much for jumping in with Your explanation. the user JoelKatz wrote

For single player:

1) Casino commits. (To everything it will use to shuffle the deck but the user's seed.)
2) User reveals his seed.
3) Game is played.
4) Casino reveals.
5) User checks that casino revealed what it committed to, that deck was shuffled correctly, and that cards correspond to shuffled deck.

as we all know now that I am not the expert of "provably fair" implementation I have to ask You if the different point You added here to the list from JoelKatz with a "nonce" is it a must or only a possible and good point to add?

Provable fairness means that the precise algorithm to determine the outcome of a bet/shuffle/roll/whatever is available to the player and that all parameters/seeds are revealed after the game. For these seeds, a hash is revealed to the player before he plays and before he chooses his client seed, to prevent the server seed from being tampered with after the player chooses his client seed. With this information, the player has to be able to recreate the bet/shuffle/roll after it has been played and obtain the exact same outcome.

So, a basic workflow:
1. Generate server seed(s).
2. Hash server seed, show hash to user.
3. Get client seed from user.
4. If needed, add some nonce (which is a publicly available value!) to make this bet different from the previous one if seeds haven't changed.
5. Generate the game using server seed, client seed, nonce.
6. Repeat steps 5 and 6 until the player or server decides to change seeds.
7. Reveal previous server seed(s) to player.

Using something like random.org can be fair, but it's not provably fair. There is no way for the player to verify that you indeed used the value random.org provided and not computed something yourself that gives you better results.

yes I can or yes I cant?

how old are You? do Your parents know what You are doing during Your school hours

Yes (copying your reply style)

what is Your problem so what? we all need to learn, that You are the wise guy here? You told us now 

lets say I dont know how to code a casino game and dont know how to implement the "provably fair" option. does this mean I cant have/offer a casino with provably fair option? IMO I think I can and I will have one if You like it or not. and the players will have a "provably fair" option because I like the idea of "provably fair"

Please don't make an alt when announcing this new casino of yours, so players will be aware they will be using a site where the owner has no clue about provably fair.

so now I understand that random.org is a no go, and any RNG will be fine

You can use your own RNG. It only protects you, not the user. You can't prove what you got from random.org, so it can't make something provably fair. You have to make it provably fair by committing to everything before the player reveals.

in case the casino would leave out random.org what would or should the casino take instead? or how can the casino proof what they got from random.org?

It doesn't help you because you can't prove you got anything from random.org nor can you prove you didn't discard things you got until you got what you wanted. If you do choose to use it, make sure the casino commits to whatever it got from random.org -- otherwise you violate the "everything it will use to shuffle the deck but the user's seed" clause.

Thank You very much. do You have any opinion regarding the random.org issue some users think it is not acceptable or needed?

For single player:

1) Casino commits. (To everything it will use to shuffle the deck but the user's seed.)
2) User reveals his seed.
3) Game is played.
4) Casino reveals.
5) User checks that casino revealed what it committed to, that deck was shuffled correctly, and that cards correspond to shuffled deck.

thank You very much for the detailed explanation. very much appreciated.

after I read Your procedure I see that I forgot to mention ( I will correct it in original question) that the Roulette, Black Jack and Poker games are one player against Dealer and not Multiplayer tables.
would You please so kind to redo the steps for this case? just to be sure that I did understand You.

Your algorithm is not provably fair. The user has to reveal before the casino has committed.

The system is not provably fair unless you follow this kind of process:

1) Casino commits.
2) Users commit.
3) Users reveal, each doing so only after it has confirmed that it has received all commitments.
4) Casino confirms each user has revealed what it committed to.
5) Game is played.
6) Casino reveals.
7) Users check that casino revealed what it committed to, that deck was shuffled correctly, and that cards correspond to shuffled deck.

If there is only one player, then steps 2, 3, and 4 can be collapsed into the user revealing. The user does not need to commit.

This ensures no user reveals anything until the deck has been locked in. Otherwise, entities with special knowledge can change things after the user has given up his opportunity to influence the outcome.

You probably should have each user pick a random 128-bit seed. The deck can be shuffled with the XOR of all revealed seeds or with a hash of them (in a pre-arranged order, of course!). Commitment can occur by revealing a hash of the seed.

thanks for the input, but which one would be provably fair? and is this all that must be changed?

Random.org is not provably fair.

1. You need to realize that using, or claiming to use, random.org adds nothing.
2. You need to specify the order these seeds are picked.

what order would be the right order then?

thanks

Yes

1. You need to realize that using, or claiming to use, random.org adds nothing.
2. You need to specify the order these seeds are picked.

Do you have any reason to release yet another black jack and others ?

hi guys


could You please review my provably fair idea for my future casino games (Roulette, Black Jack, Poker) and please tell me if it is fine or what I missed and need to be changed? thanks in advance

edit: I forgot to mention that the Roulette, Black Jack and Poker games are one player against Dealer and not Multiplayer tables.

>>>The  gameplay data of each game that the user played can be tested from the lobby. He can see there the whole deck that was used when he played his hand at poker games, but only after the gameplay finished.
Another important thing is that the deck is shuffled as many times as the player has requested and he can see all the shuffled decks that he requested to be re-shuffled and he did not use. This way nobody can say that the casino shuffled the deck until it was favorable to the casino.
Also, when shuffling the deck, the seed used for shuffling the deck is generated from a combination of client-side code and server-side code. This way, the seed used for shuffling the numbers from the deck cannot be manipulated by anybody, neither by the casino or the player.
The client seed and the number of shuffles can be changed from the player account. The server seed changes with every gameplay.
A fair deck is considered after first we generate it, then we use the Fisher-Yates algorithm to shuffle it, and then we are using the API of Random[dot]org to generate another random seed for shuffling the deck one more time.
The involvement of a neutral 3rd party in this, meaning random[dot]org, to help with shuffling the deck one last time, increases the chances of fairness.

We want to achieve a “provably fair” solution by offering the player the following options:
1.He would be allowed to influence the way the deck is shuffled, by setting the custom seed from his lobby.
2.He will know how many times the deck was shuffled and he can decide how many times it is shuffled and will see all the shuffled decks that he did not use.<<<