Provable fairness good practices | Bitcointalksearch.org

a1choi

sr. member

Activity: 323

Merit: 254

Quote from: yogg on April 15, 2015, 10:35:30 AM

I might be totally wrong, but from what I understand, the player secret was generated based on time.

I believe this was just speculation from Dooglus on how something like this could have happened. I don't think Stunna has said if this is correct or not. Just a guess from doog.

duckydonald

sr. member

Activity: 378

Merit: 250

Pre-sale - March 18

Quote from: yogg on April 15, 2015, 11:08:34 AM

Quote from: duckydonald on April 15, 2015, 10:37:51 AM

Feel Bad? did he feel bad for all the players that lost there money to not truly fair game? "What goes around comes around"

This is not the topic of that thread. There are already countless accusation against Stunna for that reason.
I think their algorithm is fair. I don't recall that Stunna forced any player to deposit BTC on PD. However having someone to take advantage of a design flaw is always unpleasant...

well maybe he should pay higher bounties

yogg

legendary

Activity: 2464

Merit: 3158

Quote from: duckydonald on April 15, 2015, 10:37:51 AM

Feel Bad? did he feel bad for all the players that lost there money to not truly fair game? "What goes around comes around"

This is not the topic of that thread. There are already countless accusation against Stunna for that reason.
I think their algorithm is fair. I don't recall that Stunna forced any player to deposit BTC on PD. However having someone to take advantage of a design flaw is always unpleasant...

duckydonald

sr. member

Activity: 378

Merit: 250

Pre-sale - March 18

Quote from: yogg on April 15, 2015, 10:35:30 AM

Quote from: elm on April 15, 2015, 10:19:18 AM

Quote from: NLNico on April 15, 2015, 09:41:46 AM

@boopy265420: thanks

@elm: Not yet. Stunna promised to write a blog post about it but didn't yet, you can keep a lookout at http://blog.primedice.com/ Personally I am definitely looking forward for the details about it as a hobby security researcher, although I definitely feel bad for Stunna (and rest of PD team) for the loss.

@NLNico
thanks for explanation. do you have any explanation in mind? I was sure that PD's provably fair option is 100% secure.
is there a 100% secure provably option for the player and op?

I might be totally wrong, but from what I understand, the player secret was generated based on time.

That cheating player could have created 2 accounts at the same moment, and used one with small bets to see what was scheduled for this player secret.
When he found the right player secret he just went high stakes with it. Since he knew the outcome of the bets, he could roll max bet every time and be guaranteed to win.

It reminds me of the almanac in Back to the future.
I feel bad for Stunna tho.

To get back to the topic, I am more intrigued by provable fairness but using the different bitcoin block hashes to make the calculations.

What do you think of doing this ? => sha256("block_hash"+"server_secret") with server_secret being changed and revealed every 24hr to allow verification of previous bets ?
As long as the server_secret doesn't leak, no miner can calculate the outcome of a bet before broadcasting some block.

Also, does someone remember BitMillions ? (http://bitcoincasinopro.com/wp-content/uploads/2013/10/bit-millions-main-page.jpg)
I'm curious about what happened to them. I'm not sure their provable fairness algorithm used some kind of server secret so it could be exploited easily.

Feel Bad? did he feel bad for all the players that lost there money to not truly fair game? "What goes around comes around"

yogg

legendary

Activity: 2464

Merit: 3158

Quote from: elm on April 15, 2015, 10:19:18 AM

Quote from: NLNico on April 15, 2015, 09:41:46 AM

@boopy265420: thanks

@elm: Not yet. Stunna promised to write a blog post about it but didn't yet, you can keep a lookout at http://blog.primedice.com/ Personally I am definitely looking forward for the details about it as a hobby security researcher, although I definitely feel bad for Stunna (and rest of PD team) for the loss.

@NLNico
thanks for explanation. do you have any explanation in mind? I was sure that PD's provably fair option is 100% secure.
is there a 100% secure provably option for the player and op?

I might be totally wrong, but from what I understand, the player secret was generated based on time.

That cheating player could have created 2 accounts at the same moment, and used one with small bets to see what was scheduled for this player secret.
When he found the right player secret he just went high stakes with it. Since he knew the outcome of the bets, he could roll max bet every time and be guaranteed to win.

It reminds me of the almanac in Back to the future.
I feel bad for Stunna tho.

To get back to the topic, I am more intrigued by provable fairness but using the different bitcoin block hashes to make the calculations.

What do you think of doing this ? => sha256("block_hash"+"server_secret") with server_secret being changed and revealed every 24hr to allow verification of previous bets ?
As long as the server_secret doesn't leak, no miner can calculate the outcome of a bet before broadcasting some block.

Also, does someone remember BitMillions ? (http://bitcoincasinopro.com/wp-content/uploads/2013/10/bit-millions-main-page.jpg)
I'm curious about what happened to them. I'm not sure their provable fairness algorithm used some kind of server secret so it could be exploited easily.

elm

legendary

Activity: 1050

Merit: 1000

Quote from: NLNico on April 15, 2015, 09:41:46 AM

@boopy265420: thanks

@elm: Not yet. Stunna promised to write a blog post about it but didn't yet, you can keep a lookout at http://blog.primedice.com/ Personally I am definitely looking forward for the details about it as a hobby security researcher, although I definitely feel bad for Stunna (and rest of PD team) for the loss.

@NLNico
thanks for explanation. do you have any explanation in mind? I was sure that PD's provably fair option is 100% secure.
is there a 100% secure provably option for the player and op?

duckydonald

sr. member

Activity: 378

Merit: 250

Pre-sale - March 18

atually I been studying randomness with randomseed and Im starting to think there is a way to manipulate the rolls without harming the client seed or server seed, but I havent got to that point of testing yet.

If I can proove this then I can get all the dice sites shut down.

NLNico

legendary

Activity: 1876

Merit: 1295

DiceSites.com owner

@boopy265420: thanks

@elm: Not yet. Stunna promised to write a blog post about it but didn't yet, you can keep a lookout at http://blog.primedice.com/ Personally I am definitely looking forward for the details about it as a hobby security researcher, although I definitely feel bad for Stunna (and rest of PD team) for the loss.

elm

legendary

Activity: 1050

Merit: 1000

is it known how PrimeDice was cheated? thanks

boopy265420

legendary

Activity: 1876

Merit: 1005

Quote from: NLNico on April 15, 2015, 02:06:53 AM

Quote from: yogg on April 15, 2015, 01:31:38 AM

In yes, what would be the best way to prevent this ? Could we simply add some secret that changes every 24h and use it with the block hash in the calculations ?
What would be the best way to implement provable fairness in a game based on the block hashes ?

Yes, if you are doing blockchain bets and use the blockchain hashes you must have some server secret for extra safety vs miners.

If you use "instant bets" so not on blockchain (also called "off-chain") you can just use a server seed and client seed + nonce only.

For a better understand of provably fair mechanism I recommend everyone to read my article about it: http://dicesites.com/provably-fair If you really understand the concept it is not too hard to see the weaknesses, which is mostly things like having an exploit that leeks the server seed (even a regular SQL injection can probably read the seed from the DB etc.) I am planning on writing some articles about these weaknesses.

This article really explain all the aspects of provable fair systems. There are little hidden secrets in servers and seeds which are vulnerable or exploitable as happened few weeks ago. I would like to see what is about your next article and how these weaknesses can be covered.

NLNico

legendary

Activity: 1876

Merit: 1295

DiceSites.com owner

Quote from: yogg on April 15, 2015, 01:31:38 AM

In yes, what would be the best way to prevent this ? Could we simply add some secret that changes every 24h and use it with the block hash in the calculations ?
What would be the best way to implement provable fairness in a game based on the block hashes ?

Yes, if you are doing blockchain bets and use the blockchain hashes you must have some server secret for extra safety vs miners.

If you use "instant bets" so not on blockchain (also called "off-chain") you can just use a server seed and client seed + nonce only.

For a better understand of provably fair mechanism I recommend everyone to read my article about it: http://dicesites.com/provably-fair If you really understand the concept it is not too hard to see the weaknesses, which is mostly things like having an exploit that leeks the server seed (even a regular SQL injection can probably read the seed from the DB etc.) I am planning on writing some articles about these weaknesses.

Alex194

newbie

Activity: 27

Merit: 0

Yes the first option seems to be the most used and probably efficient even tho ''smart players'' can still find exploits in other things like the case on primedice where the guy won tons of btc with an exploit he found

yogg

legendary

Activity: 2464

Merit: 3158

Hello.

I was wondering about the different ways we can implement provable fairness to different games.
This is truly a great concept, but we have to make sure it can't be exploited by some smart player.

What would be the best way to do so ?

I mean, most of the dice sites use a combination of :
- Some variable.
- a hidden and later revealed variable. This variable should be changed regularly.
- Maybe a nonce like "Bet ID".

This solution seems pretty safe since no once can predict the result of some bet. The server secret in use is theoretically unknown from players so no one can calculate a bet outcome before it takes place.

What about blocks hashes ?

I remember http://www.bitmillions.com .. It was a lottery game. There was a draw every time there was a new block.
In this case, the block hash only was used to calculate and pick up the winning numbers.
Now, this site is down for about a year, I'm not sure why and when it went down.

I liked that website. It went down without notice and I never saw any more news about it.
What could possibly have happened ?

As far as I understand the provable fairness concept, they could have been exploited :
Some miner calculates a block but doesn't broadcast it right away. He first plays on bitmillions.com with the winning numbers (since he knows the block hash because he found one).
Then, when his participation is confirmed, he broadcasts the block and boom he gets the 1st prize.

The jackpots were progressive, and the top prize was about 1,400 BTC before it went down.

Maybe this is what happened ? I mean, if a game outcome is based only on the block hash, any miner can do the calculations to determine the outcome and bet accordingly.
Would that be doable ? Is it what happened ?

If yes, what would be the best way to prevent this ? Could we simply add some secret that changes every 24h and use it with the block hash in the calculations ?
What would be the best way to implement provable fairness in a game based on the block hashes ?

I really understand how difficult it is to come up with a provably fair algorithm that won't be exploited.

Thanks for your answers.

Topic: Provable fairness good practices (Read 547 times)