Author

Topic: Provably fair - Not provable at all? (Read 1227 times)

legendary
Activity: 966
Merit: 1001
December 03, 2015, 10:52:25 AM
#15
Mhmm I see. So there's no way a casino owner could cheat this way?
The only way a casino can cheat is by predetermining the rolls and "editing" the future server seeds manually, but this as I said before doesn't work if the bettor is betting randomly/changing his seed at will(which most players do).

Not exactly. A casino can cheat easily by simply giving the player a bet result that does not match with the provably fair algorithm. This has happened on dicebitcoin, and it was discovered soon by the players.
To sum up, with provably fairness, casinos cannot cheat their players without them knowing. But they can still cheat their players and do a runner.
Well that can be easily avoided if the player makes a script(as someone in 999dice did) to auto-check if the hashes etc are correct or not. But yeah normal users can get scammed pretty easily

I guess you misunderstood my point. It is true that you can check your bets (automatically or manually), then notice the hash mismatch and scream "scam!" everywhere on forums and reddit, but unfortunately you cannot force the site to recoup your loss. The malicious site can ignore it, shut the site down and run away with every players' bitcoin.

legendary
Activity: 1876
Merit: 1303
DiceSites.com owner
December 03, 2015, 10:51:12 AM
#14
Provably fair only works when you actively verify your bets. For the basics I recommend to read my article: https://dicesites.com/provably-fair


Some provably fair implementations are better/worse than others too. I plan to write an article about this (which is a bit more advanced) some time in teh future :>
hero member
Activity: 924
Merit: 1005
4 Mana 7/7
December 03, 2015, 10:37:19 AM
#13
Mhmm I see. So there's no way a casino owner could cheat this way?
The only way a casino can cheat is by predetermining the rolls and "editing" the future server seeds manually, but this as I said before doesn't work if the bettor is betting randomly/changing his seed at will(which most players do).

Not exactly. A casino can cheat easily by simply giving the player a bet result that does not match with the provably fair algorithm. This has happened on dicebitcoin, and it was discovered soon by the players.
To sum up, with provably fairness, casinos cannot cheat their players without them knowing. But they can still cheat their players and do a runner.
Well that can be easily avoided if the player makes a script(as someone in 999dice did) to auto-check if the hashes etc are correct or not. But yeah normal users can get scammed pretty easily
legendary
Activity: 966
Merit: 1001
December 03, 2015, 10:35:26 AM
#12
Mhmm I see. So there's no way a casino owner could cheat this way?
The only way a casino can cheat is by predetermining the rolls and "editing" the future server seeds manually, but this as I said before doesn't work if the bettor is betting randomly/changing his seed at will(which most players do).

Not exactly. A casino can cheat easily by simply giving the player a bet result that does not match with the provably fair algorithm. This has happened on dicebitcoin, and it was discovered soon by the players.
To sum up, with provably fairness, casinos cannot cheat their players without them knowing. But they can still cheat their players and do a runner.
hero member
Activity: 1218
Merit: 534
December 03, 2015, 09:32:45 AM
#11
Thanks for explaining guys. I guess I misunderstood.

I found another topic (thanks to Google) for those who want it.
https://bitcointalksearch.org/topic/edu-provably-fair-and-how-it-can-be-exploited-by-casino-owners-against-you-283547
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
December 03, 2015, 09:30:38 AM
#10
A casino have 3 things. Server seed, client seed, server hash. Primedice used to only reveal the server seed at the end of the day which they later changed to allow for faster verification. Most sites increase the nonce after every bet so that the result will be different and still be fair. The user needs to note all the variable to verify that nothing is changed. 999dice is known to cheat it's user if they don't verify. If a single character is changed in the server seed, the server hash would be different.
hero member
Activity: 924
Merit: 1005
4 Mana 7/7
December 03, 2015, 09:28:00 AM
#9
Mhmm I see. So there's no way a casino owner could cheat this way?
The only way a casino can cheat is by predetermining the rolls and "editing" the future server seeds manually, but this as I said before doesn't work if the bettor is betting randomly/changing his seed at will(which most players do).


999dice is known to cheat it's user if they don't verify.
More about it here: https://bitcointalksearch.org/topic/beware-of-999dice-potential-scam-523178

And a player has actually cheated a casino using provably fair: https://bitcointalksearch.org/topic/hufflepuff-making-2k-btc-on-primedice-nov-2014-march-2015-update-he-cheated-843892
hero member
Activity: 924
Merit: 1005
4 Mana 7/7
December 03, 2015, 09:26:16 AM
#8
Okay lets start from scratch, lets say the owner wants to cheat here:
The player before making a bet sees the server hash of the next bet, he also takes note of the client seed he entered. He makes a bet, now the owner tries to change the Server seed, it doesn't work in his favor as the player has proof that the server seed hash that he captured is completely different from the the resulting server seed hash(which is revealed after the bet, and which the owner attempted to change) , which can be checked via third party site.

Quote
So the gambler will only know it when the dice are rolled. I still don't see why a casino owner couldn't try a number of random seeds before he finds one that would "roll" in his favor.
The player has choice not to bet the way he had previously been betting, and betting completely randomly.
hero member
Activity: 1218
Merit: 534
December 03, 2015, 09:22:57 AM
#7
If both the server seed key and the client seed key are known to the user _before_ the gamble, would it be possible for the user to select (refresh) his/her client seed key, do the control algorithm and predict the outcome?

If not, what is the variable that determines the outcome?
Nay nay, only the hash is known to the user. Not the server key
Edit: Just for clarification server seed hash is != server seed

Mhmm I see. So there's no way a casino owner could cheat this way?
hero member
Activity: 924
Merit: 1005
4 Mana 7/7
December 03, 2015, 09:17:20 AM
#6
If both the server seed key and the client seed key are known to the user _before_ the gamble, would it be possible for the user to select (refresh) his/her client seed key, do the control algorithm and predict the outcome?

If not, what is the variable that determines the outcome?
Nay nay, only the hash is known to the user. Not the server key
Edit: Just for clarification server seed hash is != server seed
hero member
Activity: 1218
Merit: 534
December 03, 2015, 09:14:56 AM
#5
The server key is not.
The hash of server key is, thats the whole point of Provably fair that later by yourself you can check if the server seed was the same as the hash and calculate if you can get the same output as the casino

So you are saying the hash server key is known before you "roll" the dice?
(btw, thanks for the reply)
Yup it is so in every provably fair game

If both the server seed key and the client seed key are known to the user _before_ the gamble, would it be possible for the user to select (refresh) his/her client seed key, do the control algorithm and predict the outcome?

If not, what is the variable that determines the outcome?
hero member
Activity: 924
Merit: 1005
4 Mana 7/7
December 03, 2015, 09:12:24 AM
#4
The server key is not.
The hash of server key is, thats the whole point of Provably fair that later by yourself you can check if the server seed was the same as the hash and calculate if you can get the same output as the casino

So you are saying the hash server key is known before you "roll" the dice?
(btw, thanks for the reply)
Yup it is so in every provably fair game
hero member
Activity: 1218
Merit: 534
December 03, 2015, 09:10:25 AM
#3
The server key is not.
The hash of server key is, thats the whole point of Provably fair that later by yourself you can check if the server seed was the same as the hash and calculate if you can get the same output as the casino

So you are saying the hash server key is known before you "roll" the dice?
(btw, thanks for the reply)
hero member
Activity: 924
Merit: 1005
4 Mana 7/7
December 03, 2015, 09:09:00 AM
#2
The server key is not.
The hash of server key is, thats the whole point of Provably fair that later by yourself you can check if the server seed was the same as the hash and calculate if you can get the same output as the casino
hero member
Activity: 1218
Merit: 534
December 03, 2015, 09:04:59 AM
#1
Hi guys,


I'm relatively new to this forum and I'm not really sure if this topic has been discussed before (couldn't find it). I'm also not sure if this is the place to discuss it. If a moderator moves it to another category, I apologize and say thank you at thesame time.


I wanted to discuss these "provability fair" systems from various casino's, dice game sites, etc..

---

I know a thing or 2 about programming. I might be totally wrong about this, but I hope this topic might explain these systems.


Let's discuss a simple dice game. The dice script should output a "1" or a "0". The "1" means the casino wins, the "0" means the player wins.


If I understand correctly the outcome of the script (the 0 or 1) is determined by an algorithm that is applied to a combination of the client seed key and the server seed key.


The client seed key is always visible to the player. The server key is not. Let's say the algorithm rolls in favor of the player. What is preventing the casino (the script) to try another server seed key, and if necessary again and again, untill eventually the casino wins? If I understand correctly, the server key is random and not shown to the player until the outcome is known.

Let's say the casino script does this -let's call it cheating- and only writes the server seed key that they wanted and the client seed key to a database for later checking or control. Who could verify that the casino is cheating?

Sure, one might say that script is being regulated, controlled and or inspected by a third party (like a "gaming commision"). What is preventing the owner of the casino or website to change this script after the control?


Thanks for your input guys. Have a nice day.
Jump to: