Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Gambling
Re: Breaking: Shuffle-based Provably Fair Implementations Can Cheat Players (proof)
by
DarkStar_
on 07/06/2016, 16:54:51 UTC
Quote from: ndnhc on June 07, 2016, 02:43:17 PM
Quote from: NLNico on June 01, 2016, 10:27:29 AM
Quote from: ndnhc on June 01, 2016, 09:07:16 AM
Quote from: NLNico on June 01, 2016, 05:16:01 AM
Ps, there is actually one dice site "pocketdice" that uses "initial random numbers" which was proven to have a bad provably fair implementation (for more simple reasons than OP Tongue) Unfortunately they still didn't improve this.

How the system works exactly is still beyond me but I can't see the logic on the relatively complex way it is implemented or the mystery behind the 30.
But how is this?
Quote from: NLNico on June 02, 2015, 04:50:22 AM
The client's seed is not really used to generate the random result.
Pocketdice's problem is more simple. They could simply generate all 1's as "initial deck", and obviously it would be impossible for you to win if you don't bet on number 1 - no matter how random you shuffle all those 1's with your client seed Tongue

Pocketdice is provably fair alright. Tongue

I just found out. Grin (was thinking the hash was just that of server seed)

Quote
We generate 30 initial random numbers ranging from 1 to 6.
We generate random server seed.
The initial numbers are hashed using hash("sha256", json_encode($initial_numbers) . $server_seed). The resulting hash is made public.
When you start a game, we use javascript in your browser to create a client seed.
The initial numbers are shuffled calling Fisher-Yates shuffle with client seed.
Isn't it a bad implementation though? They generate the 30 initial numbers, without your client seed, and they can generate what ever they want, and you can't verify that they cheated with the inital generation. So while it is technically provably fair, because of how the initial shuffle is generated, they could create a higher house edge by predicting what the gambler likes to do (ie over 7) and generate the inital deck so it is more likely to get under 7? They should just get rid of the initial generation and play with a fair deck (5 ones, 5 twos, 5 threes, e.t.c)