The art of generating random data

When it comes to playing a game involving even the smallest extent of luck, the task of generating random data is crucial. A biased algorithm may not only kill the excitement of players, but cost them their own stake.

Random number generators determine the result of such games. In the gambling sphere, the importance of their fairness is unquestionable.

Hosts should aim to provide their players a transparent, unbiased and auditable random number generator.

  • Transparency can be achieved by publishing the algorithm used for generating random data. In order to prevent malicious behavior, algorithmic determinism is necessary. Black box functions (including true random generators) violate these constraints, so they are ineligible for this purpose.
  • Bias can be avoided by using random seeds to initialize a so-called pseudorandom number generator (PRNG). Contrary to a true random number generator, PRNGs solely depend on the seed given to them.
  • Data generated by PRNGs are verifiable by nature given the seed and the PRNG function itself. Verifiers only need to compute the PRNG's outputs and compare them with the host-computed results.

Seeding a game

Seed generation shall be distributed amongst players and hosts.

To avoid bias, no entity may know the seed of others during this process.

In most applications, seeds consist of two main parts:

  • Host seed: Chosen at first and kept in secret until the end of a particular game.
  • Public seed: Chosen by every player of a game. Multiple players may contribute to it by using a commitment scheme. Should be revealed after a commitment to the host seed has been made.

(If multiple players bet against each other, then every participant should also be a host. The aforementioned situation describes the problem of playing a mental poker game.)

Host seeds should be computationally infeasible to break. This can be achieved by making them large and using a reliable source of entropy for their generation (e.g. a true random number generator device). Besides that, using a long period PRNG is recommended.

Multiple betting rounds

Having to choose a new seed before each betting round is inconvenient. A predictable value called a nonce can transform a single public seed to an arbitrarily large set of seeds. A unique nonce should be appended to the public seed before each round.


The significance of commitment schemes

Commitment schemes provide an indispensable building block of provably fair algorithms. They are used for storing information to be revealed later, similarly to how envelopes work.

Historically, letters were sealed to prevent message forgery. Attempting to remove an applied seal from its document would most certainly break it. Recipients could verify a message's invariability by the presence of an intact seal.

Shifting from traditional letters to digital communication, demand for protecting information arose. Cryptographic primitives were established, resulting in the invention of digital signatures and commitment schemes.

A commitment is a message concealing a value chosen by the sender.

Commitments have the following properties in common:

  • Hiding: The concealed value can only be known by the sender. (Recipients may verify the validity of a commitment once the sender reveals the chosen value.)
  • Binding: Only the sender's chosen value may validate the commitment during the opening phase.

The aforementioned properties grant commitment schemes application in secure coin flipping and multi-party computation (MPC). For example, collision resistant cryptographic hash functions can be used as a commitment function.

In provably fair algorithms, commitment schemes are widely used for computing an unbiased common seed used for generating random numbers.


The problem with a lack of vigilance

Provable fairness allows users to play on sites without the fear of their bets being altered into the house's favor. But there's an important caveat that is often missed or not explained to the players: full trustlessness is only there if the player does what they need to do also. Nearly all provably fair systems operate on the server seed client seed model. The server shows you a hash of their seed before you start betting and allows you to change your client seed before the first bet of the round. This way, since you are introducing new data into the hash function, the outcome of the hash is no longer controlled by the site as they do not have control over the data you give them.

But here's the problem: many sites will pre-fill that box for users when they change their seed. This in itself does not have to be a problem. In fact, it's possible for this to be even more secure than the user entering their own data. If the site allows you to enter up to 32 random characters and they pre-fill the client seed box with 32 actually random characters (preferrably generated on the client side with JavaScript instead of by the server) then it's more secure than just entering "1234" as your seed, just like a password. (However it's only "more secure" if the site is malicious and trying to change outcomes, and such a site would probably not generate good seeds for you so the point is moot).

The problem with pre-filling the client seed comes from a situation where the site is malicious, which we should assume until proven otherwise. A malicious site can easily generate a server seed and client seed ahead of time that when used result in more losing bets than winning ones. It's just a matter of generating random client seeds and checking the results until they get one that's sufficiently "bad". If this site were to present this bad seed to the user as a sort of default option, many people would click past it and not think about it. The site would still use all the same provably fair algorithms, but could still be cheating you. Such a thing would only be possible if the site thinks you are likely to keep betting high or keep betting low, because estimates for you winning rely on consistently betting one or the other. (If the site generated a seed pair that would make you lose 55% of the time if you bet high, but you chose to bet low instead, you would be winning 55% of the time instead of losing). However, if the site does not allow you to pick high or low (or the game is some game other than dice where the numbers affect the outcome in a different way) then this opens up a good attack vector for them.

The concern with this kind of attack on players is small, because it would be difficult for a site to pull off consistently, especially without eventually drawing attention, but no hole however small should be discounted, especially with technology like machine learning becoming more prominent. If you take anything from reading this, always change your client seed to something that you created, copy down the hash of your server seed before you start betting and you'll be fine.


Why should I care about provably fair?

When you stroll into a casino, approach the cash desk and leave with a handful of chips you do so for one reason and one reason only. You have faith that you might leave the casino a winner. This faith comes from the belief you have that the outcome of the bets you are about to place will be random.

You walk to the roulette wheel and place your bets on the table in the sure knowledge that neither yourself nor the person spinning the roulette wheel has any influence over the outcome of the spin.

This is not always the case online. You find a site, complete your due diligence and you make a deposit. You play and you lose, you play some more and lose some more, and eventually a thought crosses your mind… what if the site you are playing on is not fair?

How do you know that the casino you are playing at online is not simply generating any outcome that guarantees them the win?

Step to the rescue, Provably Fair. The latest online casinos are embracing a ground-breaking technology to completely remove this doubt from their players’ minds. To generate a random outcome, gaming sites utilise a seed and run this through an algorithm. A seed is simply a starting point to generate a random number and an algorithm is a series of steps taken to convert that seed into a pseudo-random result.

In a Provably Fair gaming environment the site publishes to the player the seed they are using in advance of the game, however they do so using encryption, such that the player is only able to determine the seed after the game has taken place. In a Provably Fair game, the player also provides their own seed to the server which is used as part of the random number generation process.

Once the game has taken place the player can decipher the seed belonging to the casino and verify that the outcome of the game they have just played was completely fair. That is, the casino generated the most random result possible without unfairly influencing the outcome in their favor.

Quite simply put, Provably Fair gaming is the fairest way of gambling anywhere online in the world.

Which is why when you play at a Provably Fair gaming site, you know the money you wager is in safe hands.


What is provably fair gaming?

Before we may begin to understand what makes a casino provably fair, we need to study how the basis of online gambling works. Simply put, players bet on the outcome of randomly generated numbers.

Formerly, these random numbers were generated solely by the host of a game, leaving complete control in the hands of operators. Participants had to trust the host not generating results in favor of anyone. Casinos operating on these merits caused conflict of interest for those seeking a fair gambling experience.

Due to lack of transparency, the essence of provably fair games was born. Corresponding concepts provide a way for both the operators and players to contribute to randomization, which in turn removes any possibility of deceit or cheating.

The foundation of fair gaming algorithms were laid by pseudorandom number generators, utilizing seeds which determine the outcome of wagers.

A seed shall be equally influenced by players and hosts, meaning that the result of each bet at a provably fair casino is a team effort. The house is no longer in complete control of randomization.

So, wouldn't this mean that players are able to manipulate results in their own favor?

Commitment schemes to the rescue!

To prevent malicious behavior, hosts mustn't show us their actual seed at first. Instead, they present a commitment of their own seed to us. Similarly to envelopes, commitments seal and conceal messages contained by them. They cannot be altered or revealed without consent from the sender. For example, hosts may commit a seed by using a one-way hash function or public key cryptography.

Hosts shall provide transparency and proof of authenticity by revealing their actual seeds at the end of each game. Anyone in possession of a host's commitment may verify the immutability of the corresponding seed.

Bets shall be reproducible once the host seed gets revealed. Players can constantly audit the behavior of hosts by comparing random results calculated by a host and them.

Proving that the outcome of a wager is computed fairly and transparently should be performed by anyone at any time. We strongly believe in widespread use of provably fair algorithms throughout the gaming industry.

download If you would like to learn more about the technical workings of provably fair algorithms, you can download my whitepaper found here.