So what would be needed to remove the possiblity for the site operator to defraud the investors, would be an verifiable external source of entropy over which the site operator has no control and that all participants can verify independently.
You actually need a LOT more than that. Getting a provable source of entropy isn't actually the real difficult part. The hard part is means by which dooglus can use that source to process rolls AND can prove that the details of the bet weren't changed after he obtained the random number. What you seem to miss is that distinction - and it's massive.
Here's the rough flow of what should happen :
Player makes a bet
Dooglus obtains verifiable random number
Result of bet is calculated.
How do you ensure that the right random number is applied to an unchanged bet? Without massively slowing down the system it's very hard to do. But if you can't guarantee that the bet processed is the one intended before the result was calculated then suddenly NOTHING is secure any more. Dooglus could cheat players by getting 10 random numbers then working out which combination of applying them to 10 pending bets gave the house the most. Or he could cheat investors by betting himself, working out the result then changing the bet size (or even odds) dependent on what the result was. We'd be worse off than we already are.
Conceptually the solution is easy - bets are logged in public first then some combination of a hash of the bet details + a timestamp used to generate the seed for a random number. But putting that concept into practice is harder than it might sound - you have to deal with things like what if the external source becomes unavailable (do bets hang or are they cancelled? can he selectly choose not to receive results if he doesn't like them?). And you also then have to find a random source where it's verifiable which output is produced from which input - but where such results can't be obtained in advance (which means real-time sampling of entropy based on the time-stamp element).
It's using a sledgehammer to crack a walnut. The solution already exists - if you don't believe he'll act in good faith then don't invest. Every investment without a fixed rate of return has the potential for the issuer to act in bad faith and cheat investors subtly. There's no reason why this one should be any different.
I read your post a several times, and it seems you are talking about being provably fair for the bettors. And I have a certain understanding of that concept: apply a hash function on the server-side secret and send to the client, combine the server-side secret with some client-side input then process the bet according to commonly agreed rules. When the server-side secret is revealed, the client can verify that the rules were followed. I find that quite straight-forward.
My problem is a slightly different one, since JD has three parties: player, investor and operator. The operator is in this case the site/dooglus and acts as a mediator between the bank (investors) and the player. The player gets to have "provably fair" gaming. But what would it take to give the investors the same "provably fair" investing? The operator, who knows the server-side secret, can pretend he is a player and make bets against the investors -- and win every time! How can that, theoretically, be prevented?
And the most sensible answer so far is to link the outcome of the bet to the outcome of an unpredictable future event which is not known or knowable by any of the three parties involved. The more I think about it, linking the outcomes to future blocks in the bitcoin blockchain actually solves the problem -- but would simply be way too slow for the players!
Edit: By the way, I'm not saying that I don't trust dooglus (because I believe dooglus is one of the most honorable members of the forum). I'm saying that *proof* is better than *trust*.
I obviously didn't make myself clear as I WAS talking mainly about proving fairness to investors.
It's all fine and well having a provable random string of numbers but you STILL have to somehow ensure dooglus applies them correctly. Otherwise he can just get the stream of numbers, see whether bets using them win and, if those bets win, make a big bet on an alt account. Just getting random numbers doesn't help unless how they're used is fully auditted - which puts us back to square one of trusting activity carried out on dooglus' server.
One solution for this sort of problem is fully auditted code running on a server hosted by a third-party in a controlled and monitored environment (where server-side seeds would be generated from entropy and not revealed to ANYONE until after they'd expired). But there's a very significant cost to that sort of setup - and with it being a gambling site there's reasons why a formal, public, legally contracted system such as that may not be too attractive (as every aspect of the hosting has to be publicised to ensure the third-party really is a third-party).
There's also a seperate very good reason why this sort of thing is unlikely to happen. Any solution is going to add cost and non-zero CP risk for dooglus - so there's no reason for him to even consider it unless he can't get however much investment he wants anyway. And looks like he CAN get the investment he needs - so run by me again why he should even consider it?