Topic: What prevents casino "pre-rolling"? (Read 2365 times)

There was lottocoin (dead?), casinocoin (still around?), and chancecoin (got noticed recently and went up).

I don't fully understand them, but doesn't look much fun to me.

I mean, you're not watching paint dry, you're just waiting for the next block, but still. (and ideally, you will wait for maturity as well, which is several confirmations later.)

I vaguely recall an effort to make a bitcoin-based gambling network/"coin"/client a year or two ago. Anyone know of any related efforts?

I'd guess the owner/op operates a platform in conjunction which acts as an exchange for BTC/LTC/DOGE/whatever for these GambleCoins. Transactions would be bets. Nonce comes from PoW mining and confirmations work "normally" to determine validity or previous blocks' bets.

disagree! just take a look at some members of bitcointalk and you will see that they are highly trusted.

I just don't think this will work in any capacity in bitcoin gambling.  The very act of certification requires trust in this 3rd party.  How can we trust a third party to not be bribed by the operators?

Who's going to pay us, when anyone can be the police for free? When a significant portion of players act like police while playing. Dicebitcoin got caught several times cheating, and the players did that on their own.

I mean, sure, I could put up a service, but no one is going to pay me. Donate maybe, but as a "professional service"? The market is not yet big enough.

I really hope that we can start a serious discussion with some more ideas if it makes sense to have a Provably Fair Police. I cant be of help, but as soon I will have my own btc casino online I will be a customer and will be willing to pay for it (Provably Fair Police service).
maybe a monthly or yearly fee as an operator and a fee for players who want to have a casino be checked if they were cheated by any operator.

I am a big fan of the Provably Fair option.

Do I look like I'm joking? (Ok, sorry, maybe I might look like.) But jokes are half meant. You have enough volunteer Provably Fair Police operators all over.

I had thought about making my own mini group like you mentioned, last year, some time in 2013. We'll have to either think this through a bit, or there's a whole bunch of us all making independent audits of all concerned sites.

That's the beauty of this Provably Fair gaming movement. Sites have to show, using the same basic formula or a variant of it, how their games are fair for the players, and anyone and everyone can do verification.

So we could organize a group of people, but there will be others out there who will do this independently, and of course, all the media outlets will do their own research on new and successful game sites, just like what Forbes did for bitzino a long time ago.

I notice that there are several review sites already.

Hi Dabs 

I am not joking. IMO it would be nice to have someone or a group who will check all btc gambling sites regarding their Provably Fair offering. also if a player is complaining against an operator that he is cheating.
with a Provably Fair Police a cheating operator will think twice before trying to cheat.

Hi elm. Shall I start recruiting? I will be Provably Fair Police Director General Dabs.

we need a Provably Fair Police

The client seed is supposed to be set by the client (gambler), so that the bet results cannot be controlled by the gambling site.
If your notice your client seed getting changed automatically by the site, it is possibly a sign of cheating.

Can a site do that automatically? I mean change the client seed.

Yup basically!


then the question i ask is why.  if their server seed doenst change, changing your client seed does nothing other than to provide a psychological assurance that you are getting the "Most" random of random events.  it certainly doesn't have any effect otherwise.

You should always change your client seed. except for that, verify your rolls.

Are you talking about Baccarat?

I'm conducting an experiment. It is my version of a purposely rigged game, but it is honest and fair (because the rules state how the winner(s) will be determined.

https://bitcointalksearch.org/topic/provably-rigged-lottery-game-winner-gets-40-times-his-bet-806190

It is actually happening in real life where I am, except its a whole bunch of communities and they don't know all the bets (because there is no blockchain or leaderboard or anything). So I'm curious if anyone in this forum will participate.

how about a game like Casino war or something, but instead of playing the cards dealt (which could involve some sort of preshuffled trickery), the bettors bet on which one of the two sides will win.  Could a game like this be done with server seed only?  I'm guessing no, because just like dice, the house could pick a server seed based on users betting behavior, even if the better/user makes the decision on when to reset server seed.  (altho the casino would be dumb to implement as this could be easy to exploit for the user, making it a vulnerable game for the casino)

I think this dynamic changes slightly tho once you introduce multiplayer to this.  If you allow multiple players to bet on the outcome, some will wager one side whereas some will wager on the other side.  The house has less of an incentive to use player betting behavior as something to try to exploit.  Althought, I guess, it could just take in the total wagered over all players, and treat that as "one player" and base any exploity decisions on that as a whole.  Again, not optimal for the house because it is vulnerable to being exploited, and random outcomes is probably a nash eq for this game as well.

In both cases, the risk is still there for the operator to play the game with an advantage, something that still plagues all the provably fair games today anyways.

How do you guys feel about this type of game (where users get to bet on the outcome, instead of betting on what they are initially dealt).  Does that change the necessary inputs for provably fair (types of seeds needed, etc)

Yeah, there is quite a simple proof that random rolls, or playing a random hand in rock-paper-scissors is in fact the nash. That is to say, it's the only non-vulnerable strategy to a player knowing how the site picks its moves.

So far, we have the following types:
1. rock paper scissors (lizard spock?)
2. raffle / lotto that has its own bankroll (not like mine, which was a player supplied pot.)
3. hi lo / left - right / pick something, same idea as #1 I guess.

The move could actually be derived from the "secret" or "junk" so it computes to a particular move using a different hash. (the secret is hashed with SHA256, but the move is calculated using HMAC-SHA512.)



That is probably the best thing for any site. You use less AI (it doesn't need to think), less CPU resources, just let it pick randomly.

But he gave the 5-figure sum back to its owners. That is not how HYIP works.

What I find interesting is that the dicebitco.in people gave back a high 4-figure sum (6 or 7k I think?), but still seem to be widely regarded as scammers. How many coins do you have to hold and return before you're considered trustworthy I wonder...

Imagine a game of rock/paper/scissors where you play against the site.

The site needs to prove that it has picked its move before you play, by giving you the hash of its move (plus some junk so you can't reverse the hash), but doesn't need to use a client seed, since there's no "bad deal" the site can give you.

If the site can figure out your betting pattern, it can beat you, but that's not cheating - that's what you would expect any decent opponent to do.

You only need to use a client seed when the site isn't allowed to pick its move/roll/outcome.

It's conceivable that someone would make a hi/lo style dice game where the site deliberately tried to beat the player by analysing his playing style. So long as everyone knows that that's the game they're playing that's fair enough, and no client seed is needed; the site would publish a hash of its next roll before each bet, but not allow the user to affect the roll with a client seed.

It might be fun to play such a game - bet low stakes H, H, H, H then increase the stake and bet L, hoping to catch the site out.

I suspect that picking rolls randomly would be near optimal for the site, but am not sure.

He could be waiting for it to become 6-figure. That is how HYIP works.

Turn based, or time based raffle or lotteries fall into this category. Pick a number from 1 to 100 (or balls, or combinations). Playing odds against the house, instead of a shared pot. If you pick the same number as the game (already predetermined with matching SHA256 hash), then you win. If not, you lose.

Games which run in a rapid fashion, such as dice, have this problem, since players roll several times a minute, or even every second; the only thing changing is the nonce. The site still does not know if you are rolling high or low though.

the fear is that the operator can choose a server seed that provides unfavorable outcomes to the player, either through using the player betting behavior and playing against that, or by giving the player unfavorable initial situations (bad cards, etc).  There must be games where these vulnerabilities are not relevant at all because the game rules, or the game mechanics/play, inhibit these from being exploited.

edit: part of this fear/risk could be mitigated by the operator allowing the player to change the server seed (changing it to another random seed set by server), this might be used for a single player game.  multiplayer games might not be able to do this as easily.

Actually, there is one type of game that can be provably fair without requiring any client seeds. It's a raffle or lotto type game. In effect, the bet is the client seed. I plan to make one soon, should be simple to code even for a non-coder like me.


That's precisely what will happen, a predetermined outcome, but one where the players do not know, so they can bet against the outcome.

Client seeds will always be required. Either in the form of a transaction id from a deposit, or some user input. There might be a way, and that is to use a third party random number, like from random.org.

It's a lot easier to just ask it from the player and use that.

On a downloaded client, if it is open source, your client can generate the seed unpredictably and fairly. I think the same can be said of client-side javascript.

The only thing you are doing by not using a client seed is proving the outcome was predetermined.

i'm trying to think of games which don't require a Client seed and still be provably fair.  does anyone have any examples of those types of games?

Either single or multi player/realtime types?

I dont invest my money in gamble but use there free and i must say that sometimes i take some of them.
Also know some people that live from this dont know how but they do.

Have some strange system on roulette and they always win.

I dont gamble at all but i read that some of them fake that users like some1 up mentioned dicebit.

I dont like this cuz it turn bad on cryptos.
Maybe i am wrong about it but that is what i think.

True, but when someone had the chance to scam a 5-figure (in unit of btc) and didn't take it, it should be pretty safe to consider that person trustworthy.

I dont trust any site, just because they got backed by fans long ago, they will spread positive outlook on the casino and later take advantage of them when they dont expect or dont proove to do so, those are the true con artists.

Yeah, I was thinking that there might be some other ways to undetectably deceive the user even when the system is provably fair. If the provably fair system is properly designed, it should be possible to detect any cheating though. You only really need to worry about the sites that claim to be provably fair but in reality are not.

Provably fair doesn't mean the casino can't cheat you. It just means that if they do, you can detect it if you put in the required effort (checking hashes, etc.)


You need to trust that they will pay you in the event that you catch them cheating, sure. But you don't have to trust that they will deceive you about whether they are cheating or not. You can determine that for yourself with certainty.


It's fine for the server seed to change so long as each time it does, all three of the following are true:

1) the user is aware that it has changed (preferably because the user requested the change; PRC dice used to change it each time they rebooted, so I wouldn't even notice sometimes, other sites change all the seeds on a daily basis which is inconvenient, but acceptabe; PD used to change it every roll which was a pain in the ass)
2) the user is presented with a hash of the new server seed, so he can make a note of it and check the hash when the seed is eventually revealed
3) the user is prompted to provide a new client seed after seeing the new server seed hash

You seem a little confused about the word "nonce". It is simply a number (n) whose value is used once each time it changes (n-once). So we have three things: server-seed, client-seed, nonce. The server makes up a random server-seed, publishes its hash, shows the hash to the user, the user makes up a client-seed and tells it to the server. The nonce is set to 0. Each time a roll is needed, the server hashes the two seeds and the nonce all together and does some math to come up with a number in the required range, then increments the nonce (adds one to it). That's all.

The user can look at the rolled numbers and verify that the nonce goes up by exactly one between each roll. That's all the verification he can do before he knows the server seed (since knowing the server seed would allow him to calculate his next roll before he made the roll).

Once the server seed is changed, and the old server seed is revealed, the player can hash the two seeds together with each nonce in turn to recreate all his old rolls and verify that they were accurate.

When you understand this, you can see that the casino can't "pre-roll" anything without being detected. They can't pre-generate a load of different server seeds, because they don't know what client seed you will use (you pick client seed AFTER they commit to a single server seed by publishing its hash) and they can't skip a bunch of nonces because you'll notice.

Yeah, I agree it would be much preferred to ask you for a client seed rather than then automatically generating one for you.

Yes, if you think you have figured out a pattern, or it's rolling HIGH, then you can "invert" and roll LOW. Or the other way around.

In other variants, you might have more than one betting option, such as in Roulette, or Sic Bo.

There is one simple change that site operators / owners can do to assure provable fairness: most sites create an account for you, and suggest that you set up a user name and password, and optionally 2FA. In that same process, if it is the first time, they should also ask you to create the player or client seed (after showing the server seed hash) before you even make your first roll. The client seed shouldn't even be "suggested".

That's what I would do anyway, if I had my own site.

Thanks! So the server's seed must not ever change, right? It has one seed which generates each future nonce, where each pre-generated nonce is sequentially numbered? Each bet must then be made public, and hopefully the casino isn't betting to get past unfavorable rolls... But if the casino bets, they can still pre-roll so long as it's within a short-enough span of time that the user who would've won would've noticed, yeah?

Even if the client generates a new seed, I'd guess it's possible that the casino already pre-generated a boatload of casino-favorable seeds, so that must be why sites allow users to "invert" their number selection (less than instead of greater than) - to prove they aren't doing that.

Yeah, there is always the risk that the casino is cheating you. Even in provably fair systems, there is often many ways of cheating the user.

You really need to find a reputable site and trust that they are playing fairly. A well though out provably fair system also helps, but is not full proof.

In provably fair casino's like PrimeDice the number is also determined by the client seed. So even a slightly different client seed would produce a total different outcome.

The scary part is when the casino pre-decides the client seed and the user doesn't change it.

Also, like with DiceBitco.in, they could skip winning rolls by ignoring some nonces (that's basically with you are saying in your first post?), but like with DiceBitco.in, thanks to provably fair users quickly discovered they were cheated.

The nonce is an sequentially number of the server seed - client seed combination.

Let's say you win on >90 out of 100.

What prevents the server from quietly pre-rolling with the client's self-generated seed and then re-rolling if the number's ever >90? -So it just dumps "bad rolls" and regenerates until the results favor the casino.

Would users ever notice they're generating and sending multiple hashes even though the casino site's only showing the hashes for the roll which generated a <=90?