Author

Topic: Provably Fair Tutorial [by PlayBitcoinGames] (Read 886 times)

newbie
Activity: 59
Merit: 0
Do you think it could be possible that by knowing the output, you could reverse it and get the input(string) of the MD5 hash?
sr. member
Activity: 973
Merit: 346
♥ ♠ PlayBitcoinGames ♦ ♣
Hello everybody!

This tutorial was made by the PlayBitcoinGames team, we are still pretty new here but we wanted to help the community in some way, so we had this idea to help anybody who needs to understand how to correctly verify if a casino has provably fair games Smiley

In brief, Provably Fair means that the results of the games are chosen before your wager and they won't be changed or affected by any factor (like the amount of your bet), and there is a way to verify it. This is done to ensure that the games are totally fair for the players and the casino is not manipulating the results based on the bets.

So, let's start with the tutorial already!

(I will use a red color to refer to the un-encrypted results, and a green color to refer to the encrypted results).

The first and most important part: the casino must give the result of the next bet before the wager, this way you can be sure that the result won't be affected by the amount of your bet or by any other factor.

But, obviously, the casinos won't directly tell you the result of the next bet, or it would harm them.

The solution for this problem: give the encrypted result of the next bet.

A provably fair casino must give you the encrypted result of the next wager, this encrypted result is a string (a combination of numbers and letters) of a certain length, then you can use this string in an external program to verify if the result was decided before your bet.

There are many encryption methods used by casinos, but most of them work in the same way. For this tutorial we will use the "MD5 Algorithm".

This is the step by step process to verify if a game is provably fair:

1) When you open the game, there should be a string (the encrypted result) somewhere before your wager, save this string.

2) Play!

3) After your wager, the casino must give you the un-encrypted result.

The un-encrypted result varies per game, for example, in a roulette game the un-encrypted result could be something like this "JW5pwHv1DoXPmGVyQdgx-20", this means that the result of the game was "20" as you can see at the end (the randomly generated string at the start is used to prevent abuse, otherwise if the un-encrypted result were just "20", the user could know it before the wager by just looking at the string of the encrypted result).

4) Compare the result you got in the game to the result shown in the un-encrypted result, they must match! If they are the same, there is one more thing to do to prove that the game is provably fair.

5) The most important part is to use an external program to verify the result. As we are using the MD5 Algorithm, we just have to look for a website where we can generate MD5 Hashes, like this one or this one.

Then we have to paste the un-encrypted result and generate its MD5 Hash, this will give us a string. Finally, if the string we got matches with the string the casino gave us before our wager, we can be totally sure it's provably fair.

I will show an example I made in this forum using a game from our casino, which should help you understand this easily:

Let's take the game "Coin Flip" for this example:



Below the game you can see:

"Next result MD5 hash: 0ae0190fe1f6830c5b480dcd26c2fbb4"

This string is the encrypted result of the next wager.

After you play, you will get this:



Now you can see this:

"Result decoded: R3U0nB8GcZKadHbeDq2f-0"

This is the un-encrypted result.

For this particular game, if you get a "0" at the end, it means that the result is "Heads", and if you get "1", the result is "Tails".

And, as you can see, I got a "0" at the end, and the result was indeed "Heads".

Now to prove this is provably fair, you just need to go to any MD5 Hash Generator, like this one, paste the "Result decoded" there (R3U0nB8GcZKadHbeDq2f-0) and you should get the "Result Hash" (0ae0190fe1f6830c5b480dcd26c2fbb4).

Let's see:



Then you just have to compare the string you got with the string we gave to you before your wager, and if they are exactly the same, then it means that we are provably fair!

As simple as that!

Now you may be wondering: Could the casino change the result and give us the same string at the end?

Here is the answer:

It's very unlikely to have a collision using MD5 Hash (two inputs with the same output), it's not impossible, but in this case it would be incredibly hard (pretty much impossible) to manipulate every single bet by changing the input to get the same output but with a different result for your bet.

Let's take the numbers from my example:

Input: R3U0nB8GcZKadHbeDq2f-0

Output: 0ae0190fe1f6830c5b480dcd26c2fbb4

Now let's take exactly the same input but changing the result:

Input: R3U0nB8GcZKadHbeDq2f-1

Output: 2d5e4d48786441a4fdbf929790da9445

As you can see, the outputs are totally different, hence the result can't be changed so easily to manipulate the bet. In this case, we would have to find an input with approximately the same length and ending in "1" that gives us exactly the same MD5 Hash result, for every single bet, which is practically impossible.

So, the answer is no, it's practically impossible to change the result if the string is given before your wager.

Well, I think that's it, if you follow the procedure as I explained you shouldn't have any problem to verify if a casino is provably fair.

I hope this tutorial was useful, if anybody has any doubt, just ask! Cheesy
Jump to: