Benchmarking true provable fairness
With the crypto gambling industry constantly evolving, it can be easy for operators to fall behind with the latest innovations and optimal implementations. This is an understandable setback when it comes to keeping up with the fastest growing industry in the world; but when it starts to affect the expected standards towards fairness in gambling, we feel the need to step in. We want to establish a genuine representation for the players and their best interests.
In our previous article, we wanted to raise appropriate awareness towards operators in the industry who are refusing to conform to industry standards in regard to how they handle the fairness implementations on their platform. This article will discuss the technical reasoning behind why these outdated implementations of provable fairness are dangerous for players, as well as what would need to be done to fix the inherent problems associated.
The problem
- If you are using a unique server seed and/or client seed pair during each bet, this means that ultimately the power of the result is in the operators control. This is only unless the player checks the current pairing before each and every bet. Not only is this cumbersome but absolutely ridiculous when it comes to the player experience. This sort of implementation not only takes advantage of the fact players must blindly trust the operator if they don’t validate each pair, but also is somewhat deceitful when an appropriate solution exists but isn’t implemented.
The solution
- Implement a nonce into the provably fairness algorithm OR use the salt/hash method. These methods ensure that you can transparently ensure that all bets conform to a genuine result stream that has been predetermined even before a player sets up an auto-betting strategy, without the need to tediously check before you place every single bet with that operator.
- For operators like Luckygames, this would easily be solved by extending on their current provably fair algorithm to incorporate a nonce for each bet. This is not an unrealistic implementation and something that all players should be demanding to ensure there is no possible deceit in play.
Our goal here at the Crypto Gambling Foundation is to ensure the people with the smallest voice get the most out of their gambling experience. It’s easy for large casino operators to blindly provide a service that doesn’t ensure true legitimacy, especially when they utilise their large community following to dilute the concerns of players who genuinely care about their wellbeing.
There is nothing more harmful than operators in our industry who tarnish the integrity of provably fairness, especially consider how beneficial it is when implemented correctly.
Luckygames.io - The monarch of manipulation?
You read that correctly. Luckygames.io are in a position where they can easily manipulate the result of your bet.
Luckygames are currently preaching that they are a provably fair online gambling website. This is not the case.
Operating unfairly
Expecting players to change their client seed every single bet
No warning that Luckygames have the potential to manipulate results
Provably fair games use a nonce - a random number attached to the end of your client seed that ensures each result is random. Changing the nonce on the end of your client seed (after your bet) tells you what the result would have been for the next spin or the next hand. Luckygames.io do not use a nonce. Instead - to verify that your bet is completely fair, you need to manually change your client seed after every single bet.
The image above states ''since you choose your own Client Seed, there is no way for us to alter the outcome''.
How many players are actually going to choose their own client seed before every bet?
Change is necessary
Considering this would take their development team little effort to implement, it makes us wonder whether they are actually manipulating results.
Our role here at the Crypto Gambling Foundation is to raise awareness about the issues that exist within the crypto gaming industry. We are here to promote essential practices, that create an honest and fair gambling experience. While we aren’t here to call out companies for the sake of doing so, it is only right that we point out that there is a company out there that seem to be deceiving their players.
Luckygames.io have currently taken over 90 billion bets, but how many of these have been placed with a system that is completely provably fair? None. As previously stated, we are here to educate and to address issues in this industry. Until this is changed, Luckygames can be accused of cheating their players.
We are a foundation that cares, and wants to see these issues be rectified. But as a foundation, we are displeased that this has been allowed to happen for so long. The pressure is on you now Luckygames - we need you to fix this. It is about time, as a community - that we take a stand against websites that preach provably fairness without letting their games do the talking.
We want to advise our players of the risks that playing on this website may bring. Are you going to allow your bets to be potentially tampered with?
They know that players are not going to sit there every five seconds and manually change the client seed.
They know that what they are doing is truly unfair.
They know that they are manipulating players that have little education about provable fairness.
We know that we won’t stand for it.
The Art of Generating Random Data
When it comes to playing a game involving even the smallest extent of luck, the task of generating random data is crucial. A biased algorithm may not only kill the excitement of players, but cost them their own stake.
Random number generators determine the result of such games. In the gambling sphere, the importance of their fairness is unquestionable.
Hosts should aim to provide their players a transparent and unbiased random number generator.
- Transparency can be achieved by publishing the algorithm used for generating random data. In order to prevent malicious behaviour, algorithmic determinism is necessary. Black box functions (including true random generators) violate these constraints, so they are ineligible for this purpose.
- Bias can be avoided by using random seeds to initialise a so-called pseudo-random number generator (PRNG). Contrary to a true random number generator, PRNGs solely depend on the seed given to them.
- Data generated by PRNGs are verifiable by nature given the seed and the PRNG function itself. Verified casinos only need to compute the PRNG's outputs and compare them with the host-computed results.
Seeding a game
Seed generation shall be distributed amongst players and hosts.
To avoid bias, no entity may know the seed of others during this process.
In most applications, seeds consist of two main parts:
- Host seed: Chosen at first and kept in secret until the end of a particular game.
- Public seed: Chosen by every player of a game. Multiple players may contribute to it by using a commitment scheme. Should be revealed after a commitment to the host seed has been made.
(If multiple players bet against each other, then every participant should also be a host. The aforementioned situation describes the problem of playing a mental poker game.)
Host seeds should be computationally infeasible to break. This can be achieved by making them large and using a reliable source of entropy for their generation (e.g. a true random number generator device). Besides that, using a long period PRNG is recommended.
Multiple betting rounds
Having to choose a new seed before each betting round is inconvenient. A predictable value called a nonce can transform a single public seed to an arbitrarily large set of seeds. A unique nonce should be appended to the public seed before each round.
The Significance of Commitment Schemes
Commitment schemes provide an indispensable building block of provably fair algorithms. They are used for storing information to be revealed later, similarly to how envelopes work.
Historically, letters were sealed to prevent message forgery. Attempting to remove an applied seal from its document would most certainly break it. Recipients could verify the invariability of a message by the presence of an intact seal.
Shifting from traditional letters to digital communication, where the demand for protecting information arose. Cryptographic primitives were established, resulting in the invention of digital signatures and commitment schemes.
A commitment is a message concealing a value chosen by the sender.
Commitments have the following properties in common:
- Hiding: The concealed value can only be known by the sender. (Recipients may verify the validity of a commitment once the sender reveals the chosen value.)
- Binding: Only the sender's chosen value may validate the commitment during the opening phase.
The aforementioned properties grant commitment schemes application in secure coin flipping and multi-party computation (MPC). For example, collision resistant cryptographic hash functions can be used as a commitment function.
In provably fair algorithms, commitment schemes are widely used for computing an unbiased common seed used for generating random numbers.
Why I believe in Provable Fairness
Bitcoin was created on the principle of trustlessness. Back when it was created, it didn't attract the same attention that it does today. The people that worked on and built the Bitcoin ecosystem did this because they didn't want to have to put their trust into anybody.
Provable fairness was created as a direct consequence of this. People looked at traditional gambling and saw something that could be improved upon, something that could be changed the same way they looked at money and thought of Bitcoin. The result was the first completely trust less gambling system the internet had ever seen, and it sparked a boom. Although the system originally only applied to generating random numbers for dice, the process was quickly adapted into many other games and a whole new community was formed.
But as Bitcoin grew more and more, and started attracting different people, some joined the community that weren't familiar with these systems. These people didn't understand the significance of being provably fair, or what it really meant. Later on, some people with a lighter sets of morals started trying to take advantage of this lack of knowledge. Some of them used software they bought from some other companies. Or worse, they created systems that at first looked to be provably fair, but upon closer inspection, contained holes that made it difficult for users to keep the site truly provably fair. These people looked to take advantage of newcomers that didn't know the reasons behind this technology that had been created for the benefit of the user.
This is an opportunity to be reminded of why provable fairness was created. People need to be educated, without getting taken advantage of. I believe in provable fairness because it shares the same core principles as Bitcoin itself, and once people see and understand it, they will see what an amazing thing it is.
The Problem with a lack of Vigilance
Provable fairness allows users to play on sites without the fear of their bets being altered into the favour of the house. But there's an important caveat that is often missed or not explained to the players. Full trustfulness is only there if the player does what they need to do also. Nearly all provably fair systems operate on the server seed/client seed model. The server shows you a hash of their seed before you start betting, allowing you to change your client seed before the first bet of the round. This way, since you are introducing new data into the hash function, the outcome of the hash is no longer controlled by the site as they do not have control over the data you give them.
But here lies a problem. Many sites will fill that box for users when they change their seed. This in itself does not have to be a problem. In fact, it's possible for this to be even more secure than the user entering their own data. If the site allows you to enter up to 32 random characters and they auto-fill the client seed box with 32 actually random characters (preferably generated on the client side with JavaScript instead of by the server) then it's more secure than just entering "1234" as your seed, just like a password. (However it's only "more secure" if the site is malicious and trying to change outcomes, and such a site would probably not generate good seeds for you, making the point unnecessary).
The problem with pre-filling the client seed comes from a situation where the site is malicious, which we should assume until proven otherwise. A malicious site can easily generate a server seed and client seed ahead of time that will result in more losing bets than winning ones. It's just a matter of generating random client seeds and checking the results until they get one that's sufficiently "bad".
If this site were to present this bad seed to the user as a sort of default option, many people would click past it and not think about it. The site would still use all the same provably fair algorithms, but could still be cheating you. Such a thing would only be possible if the site thinks you are likely to keep betting high or keep betting low, because estimates for you winning rely on consistently betting one or the other. (If the site generated a seed pair that would make you lose 55% of the time if you bet high, but you chose to bet low instead, you would be winning 55% of the time instead of losing). However, if the site does not allow you to pick high or low (or the game is some game other than dice where the numbers affect the outcome in a different way) it this opens up a good attack vector for them.
The concern with this kind of attack on players is small, because it would be difficult for a site to pull off consistently, especially without eventually drawing attention. However, no small hole should be discounted, especially with technology becoming more prominent. If you take anything from reading this, always change your client seed to something that you created and copy down the hash of your server seed before you start betting.