The problem with a lack of vigilance

Provable fairness allows users to play on sites without the fear of their bets being altered into the house’s favor. But there’s an important caveat that is often missed or not explained to the players: full trustlessness is only there if the player does what they need to do also. Nearly all provably fair systems operate on the server seed client seed model. The server shows you a hash of their seed before you start betting and allows you to change your client seed before the first bet of the round. This way, since you are introducing new data into the hash function, the outcome of the hash is no longer controlled by the site as they do not have control over the data you give them.

But here’s the problem: many sites will pre-fill that box for users when they change their seed. This in itself does not have to be a problem. In fact, it’s possible for this to be even more secure than the user entering their own data. If the site allows you to enter up to 32 random characters and they pre-fill the client seed box with 32 actually random characters (preferrably generated on the client side with JavaScript instead of by the server) then it’s more secure than just entering “1234” as your seed, just like a password. (However it’s only “more secure” if the site is malicious and trying to change outcomes, and such a site would probably not generate good seeds for you so the point is moot).

The problem with pre-filling the client seed comes from a situation where the site is malicious, which we should assume until proven otherwise. A malicious site can easily generate a server seed and client seed ahead of time that when used result in more losing bets than winning ones. It’s just a matter of generating random client seeds and checking the results until they get one that’s sufficiently “bad”. If this site were to present this bad seed to the user as a sort of default option, many people would click past it and not think about it. The site would still use all the same provably fair algorithms, but could still be cheating you. Such a thing would only be possible if the site thinks you are likely to keep betting high or keep betting low, because estimates for you winning rely on consistently betting one or the other. (If the site generated a seed pair that would make you lose 55% of the time if you bet high, but you chose to bet low instead, you would be winning 55% of the time instead of losing). However, if the site does not allow you to pick high or low (or the game is some game other than dice where the numbers affect the outcome in a different way) then this opens up a good attack vector for them.

The concern with this kind of attack on players is small, because it would be difficult for a site to pull off consistently, especially without eventually drawing attention, but no hole however small should be discounted, especially with technology like machine learning becoming more prominent. If you take anything from reading this, always change your client seed to something that you created, copy down the hash of your server seed before you start betting and you’ll be fine.