The art of generating random data

When it comes to playing a game involving even the smallest extent of luck, the task of generating random data is crucial. A biased algorithm may not only kill the excitement of players, but cost them their own stake.

Random number generators determine the result of such games. In the gambling sphere, the importance of their fairness is unquestionable.

Hosts should aim to provide their players a transparent, unbiased and auditable random number generator.

  • Transparency can be achieved by publishing the algorithm used for generating random data. In order to prevent malicious behavior, algorithmic determinism is necessary. Black box functions (including true random generators) violate these constraints, so they are ineligible for this purpose.
  • Bias can be avoided by using random seeds to initialize a so-called pseudorandom number generator (PRNG). Contrary to a true random number generator, PRNGs solely depend on the seed given to them.
  • Data generated by PRNGs are verifiable by nature given the seed and the PRNG function itself. Verifiers only need to compute the PRNG's outputs and compare them with the host-computed results.

Seeding a game

Seed generation shall be distributed amongst players and hosts.

To avoid bias, no entity may know the seed of others during this process.

In most applications, seeds consist of two main parts:

  • Host seed: Chosen at first and kept in secret until the end of a particular game.
  • Public seed: Chosen by every player of a game. Multiple players may contribute to it by using a commitment scheme. Should be revealed after a commitment to the host seed has been made.

(If multiple players bet against each other, then every participant should also be a host. The aforementioned situation describes the problem of playing a mental poker game.)

Host seeds should be computationally infeasible to break. This can be achieved by making them large and using a reliable source of entropy for their generation (e.g. a true random number generator device). Besides that, using a long period PRNG is recommended.

Multiple betting rounds

Having to choose a new seed before each betting round is inconvenient. A predictable value called a nonce can transform a single public seed to an arbitrarily large set of seeds. A unique nonce should be appended to the public seed before each round.


The significance of commitment schemes

Commitment schemes provide an indispensable building block of provably fair algorithms. They are used for storing information to be revealed later, similarly to how envelopes work.

Historically, letters were sealed to prevent message forgery. Attempting to remove an applied seal from its document would most certainly break it. Recipients could verify a message's invariability by the presence of an intact seal.

Shifting from traditional letters to digital communication, demand for protecting information arose. Cryptographic primitives were established, resulting in the invention of digital signatures and commitment schemes.

A commitment is a message concealing a value chosen by the sender.

Commitments have the following properties in common:

  • Hiding: The concealed value can only be known by the sender. (Recipients may verify the validity of a commitment once the sender reveals the chosen value.)
  • Binding: Only the sender's chosen value may validate the commitment during the opening phase.

The aforementioned properties grant commitment schemes application in secure coin flipping and multi-party computation (MPC). For example, collision resistant cryptographic hash functions can be used as a commitment function.

In provably fair algorithms, commitment schemes are widely used for computing an unbiased common seed used for generating random numbers.


What is provably fair gaming?

Before we may begin to understand what makes a casino provably fair, we need to study how the basis of online gambling works. Simply put, players bet on the outcome of randomly generated numbers.

Formerly, these random numbers were generated solely by the host of a game, leaving complete control in the hands of operators. Participants had to trust the host not generating results in favor of anyone. Casinos operating on these merits caused conflict of interest for those seeking a fair gambling experience.

Due to lack of transparency, the essence of provably fair games was born. Corresponding concepts provide a way for both the operators and players to contribute to randomization, which in turn removes any possibility of deceit or cheating.

The foundation of fair gaming algorithms were laid by pseudorandom number generators, utilizing seeds which determine the outcome of wagers.

A seed shall be equally influenced by players and hosts, meaning that the result of each bet at a provably fair casino is a team effort. The house is no longer in complete control of randomization.

So, wouldn't this mean that players are able to manipulate results in their own favor?

Commitment schemes to the rescue!

To prevent malicious behavior, hosts mustn't show us their actual seed at first. Instead, they present a commitment of their own seed to us. Similarly to envelopes, commitments seal and conceal messages contained by them. They cannot be altered or revealed without consent from the sender. For example, hosts may commit a seed by using a one-way hash function or public key cryptography.

Hosts shall provide transparency and proof of authenticity by revealing their actual seeds at the end of each game. Anyone in possession of a host's commitment may verify the immutability of the corresponding seed.

Bets shall be reproducible once the host seed gets revealed. Players can constantly audit the behavior of hosts by comparing random results calculated by a host and them.

Proving that the outcome of a wager is computed fairly and transparently should be performed by anyone at any time. We strongly believe in widespread use of provably fair algorithms throughout the gaming industry.

download If you would like to learn more about the technical workings of provably fair algorithms, you can download my whitepaper found here.