Provably Fair: A Fair Game?

admin Provably Fair 0 Comments

“Provably fair” is a term you’ll see at most bitcoin/crypto casinos. A game can be called provably fair, if the results of it are generated by both a client (clientseed) and a server part (serverseed), allowing you to verify the outcome, checking the house results. At least, that is the theory. But there are ways a casino can manipulate your bets depending on the implementation. There are many variations of provably fair solutions. In this article we will have a look at the past and current implementations, on and off blockchain seed generation, and some of the pitfalls of “provably fair” implementations.

When is provably fair compromised?

  • When the client knows the serverseed and vice-versa (knowing the result before the bet)
  • When the client does not know the hashed serverseed before betting (because of the editing of the serverseed during the bet)
  • Abuse of the serverseed variables, for example: betId (frontrunning certain bets of larger volume over lesser bets)
  • Sneaky editing of the clientseed for favourable outcomes (1,l,I and 0,O substitution in combination with an ambiguous font)
  • ‘random’ disconnection bugs (the server can decide not to reply to the results, but silently returns the funds used for that bet. So the player thinks it’s a failed bet, when in fact it’s a winning bet the house doesn’t need to pay out.)

Using the blockchain as clientseed

Bitlotto.com was one of the first bitcoin gambling sites that used a provable fair solution. It used the transaction-ids made to the Bitlotto address, shuffled them, and the first txid in the list was the winner. It stopped paying out on March 2013. The only thing left off it is their verifier.

SatoshiDice.com works in a similar way, generating a number (2^16)-1, (0-65535) based on the txid. It uses a daily secret serverseed to generate the winning number, which they publish after each day.

provably-fairOff Chain Game Provably Fair Flow Chart

Using (random) client generated seeds

BitZino.com uses a random generated ‘deck of cards’ from a string going from 0-9, a-z, A-P, representing 52 cards (10+26-16), appending it with a random string, and hashing it. This will be shown to the player. (“Showing the shuffled deck”). Then the player generates his/her own random hash (the clientseed). The serverseed and the clientseed together generate the total seed. This will be used to generate a random number to shuffle the the deck that will be used (“Cutting the deck”).

initial_shuffle = shuffle(0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOP);
server_seed = <random string>
hash_secret = SHA256(server_seed + initial_shuffle)
client_seed = get_seed_from_client()
seed = SHA256(client_seed + server_seed) % 2^32
rng = MersenneTwister19937(seed)
final_shuffle = FisherYatesShuffle(initial_shuffle, rng)
deal(final_shuffle)

Cryptobetfair.com

cryptobetfair.com, a new in-beta cryptocurrency gambling site, is using a more elegant approach to generating the serverseed. Their server generates a random seed, hashes it and publishes it to the player. The player then sends his seed, and that combination will produce the result. Just like BitZino, but instead of using a random serverseed they generate the serverseeds as a hashchain.

CryptoBetfair

A problem in most provable fair implementations that do not use blockchain data as seed is the editing of the serverseed, so that the server can cheat by using a favorable serverseed. Cryptobetfair eliminated this by using a hashchain for their daily seeds.

Every daily seed is the sha256 result of the next one, forming a hashchain which proves that every new value was known in advance and they are published daily, making any serverseed manipulation impossible.

I think this is a very good addition to the concept of provable fair, also it shows that the concept of provable fair is actively being improved upon by developers.

CryptoDice

There are also dice scripts that are used for various altcoins that claim provable fair. In the end it just combines a server and clientseed, hashes it, then converts to decimal. Many of the attacks described above are possible exploits hosters of this script could be using without your knowledge. Be very cautious about sites using this script!!


Conclusion

Onchain implementations are doing a good job in providing fair games, but are straining the blockchain. Offchain provable fair implementations can be done properly as well. BitZino showed a good solution, and the serverseed hashchain used by Cryptobetfair showed that innovation on provable fair solutions is still ongoing.

Leave a Reply