J-Dawg Posted July 4, 2022 #1 Posted July 4, 2022 @Eddie@Ghostnipple@kayttobr Provably Fair Implementations Can Cheat Players (proof) (Due to space constraints, this is highly abridged. More detailed analysis on GitHub with the sample and optimized code)All provably fair casino games are shuffle based. This means that all games regardless of the interface, are akin to a pack of cards being shuffled and the results being determined from that. The exploit that casinos can use to cheat players is called Shufflepuff — a tool a casino can use to optimize against players, effectively creating cold decks. (code provided below in picture) Casinos can choose initial decks that perform strictly better against other initial decks, regardless of any Mersenne Twister seed. The result of the game is verifiably "provably fair" without compromising any code. The exploit can permanently alter the house edge of the game beyond expected outcomes. Due to the large arrangement space, the exploit is effectively undetectable. At the very least, refutable. I'll assume you're familiar with how this provably fair method works.This attack applies to any casino that uses it. You, as a player, have no ability to determine the actual Mersenne Twister seed. You can influence it, but the final seed is indirectly attributed to your client seed. However, the casino is free to determine the initial shuffle. It can be whatever they want. There is no guarantee that this shuffle (we'll call it initial deck from now on) is in any way random, and this is where the exploit begins. In a nutshell, the house knows that the final shuffle will be one of 2³² possible shuffles. Since the initial deck space can be astronomically larger than the final shuffle space, the house simply needs to find an initial deck that performs well against as many final shuffles as possible.How do we determine the optimized, stacked decks?Let's try roulette, since it has the smallest search space. In the real world, it's a wheel game, but casinos treat it like a card game nonetheless. First, we degenerate the deck into point-values based on the outcome we want. For example, if we want to optimize the deck for red, we convert all the red cards to +1 and the rest (including green) to 0. We arrange the point deck in lexicographic (sorted) order: { 0000000000000000000111111111111111111 }. For all permutations (without repetition), perform a Fisher-Yates or Durstenfeld shuffle with all possible Mersenne Twister seeds (which range from 0 to 232 – 1). Add the first value of the shuffle to the rolling count. Compare two permutations. If one has a higher count than the other, it is strictly better than the other. Meaning, a casino can use it to permanently alter the house edge. Implications Once an arrangement has been found, it can be easily masked to prevent detection. In the example, the arrangement only represents the position of red and blacks, but a casino can fill it with any red or black card, effectively producing shuffles that appear different. The casino presents the shuffle first, but it can learn from subsequent play. A player who consistently plays red or black (or green) can be exploited in the next round. A casino doesn't need to find the most optimized shuffle, just one that beats the theoretical expectation. So, a nefarious casino would collect many optimized shuffles on a rolling basis, making it effectively undetectable. The shuffles can be used to help you win as well. For example, the house could produce good shuffles to help dust bettors win, in the hopes they bet more (where they could then be cheated with bad shuffles for more bitcoin). Shufflepuff Code (C++) (see photo)
stuckmojo Posted July 4, 2022 #2 Posted July 4, 2022 The shuffles can be used to help you win as well. For example, the house could produce good shuffles to help dust bettors win, in the hopes they bet more (where they could then be cheated with bad shuffles for more bitcoin). This is fact for sure......very interesting post not sure what if anything will become of it
jungl3 Posted July 4, 2022 #3 Posted July 4, 2022 23 minutes ago, stuckmojo said: This is fact for sure......very interesting post not sure what if anything will become of it It will get locked and then deleted. I give it an hour. Interesting post, @J-Dawg - thank you. There is no pursuit more noble than the truth.
Shanaya24 Posted July 4, 2022 #4 Posted July 4, 2022 so i'm not crazy, wondering what the provable fair evangelist has to say about this.
ulululu Posted July 4, 2022 #6 Posted July 4, 2022 11 hours ago, J-Dawg said: @Eddie@Ghostnipple@kayttobr Provably Fair Implementations Can Cheat Players (proof) (Due to space constraints, this is highly abridged. More detailed analysis on GitHub with the sample and optimized code)All provably fair casino games are shuffle based. This means that all games regardless of the interface, are akin to a pack of cards being shuffled and the results being determined from that. The exploit that casinos can use to cheat players is called Shufflepuff — a tool a casino can use to optimize against players, effectively creating cold decks. (code provided below in picture) Casinos can choose initial decks that perform strictly better against other initial decks, regardless of any Mersenne Twister seed. The result of the game is verifiably "provably fair" without compromising any code. The exploit can permanently alter the house edge of the game beyond expected outcomes. Due to the large arrangement space, the exploit is effectively undetectable. At the very least, refutable. I'll assume you're familiar with how this provably fair method works.This attack applies to any casino that uses it. You, as a player, have no ability to determine the actual Mersenne Twister seed. You can influence it, but the final seed is indirectly attributed to your client seed. However, the casino is free to determine the initial shuffle. It can be whatever they want. There is no guarantee that this shuffle (we'll call it initial deck from now on) is in any way random, and this is where the exploit begins. In a nutshell, the house knows that the final shuffle will be one of 2³² possible shuffles. Since the initial deck space can be astronomically larger than the final shuffle space, the house simply needs to find an initial deck that performs well against as many final shuffles as possible.How do we determine the optimized, stacked decks?Let's try roulette, since it has the smallest search space. In the real world, it's a wheel game, but casinos treat it like a card game nonetheless. First, we degenerate the deck into point-values based on the outcome we want. For example, if we want to optimize the deck for red, we convert all the red cards to +1 and the rest (including green) to 0. We arrange the point deck in lexicographic (sorted) order: { 0000000000000000000111111111111111111 }. For all permutations (without repetition), perform a Fisher-Yates or Durstenfeld shuffle with all possible Mersenne Twister seeds (which range from 0 to 232 – 1). Add the first value of the shuffle to the rolling count. Compare two permutations. If one has a higher count than the other, it is strictly better than the other. Meaning, a casino can use it to permanently alter the house edge. Implications Once an arrangement has been found, it can be easily masked to prevent detection. In the example, the arrangement only represents the position of red and blacks, but a casino can fill it with any red or black card, effectively producing shuffles that appear different. The casino presents the shuffle first, but it can learn from subsequent play. A player who consistently plays red or black (or green) can be exploited in the next round. A casino doesn't need to find the most optimized shuffle, just one that beats the theoretical expectation. So, a nefarious casino would collect many optimized shuffles on a rolling basis, making it effectively undetectable. The shuffles can be used to help you win as well. For example, the house could produce good shuffles to help dust bettors win, in the hopes they bet more (where they could then be cheated with bad shuffles for more bitcoin). Shufflepuff Code (C++) (see photo) Perfect post, but you should tag @Edward instead
dupeddonk Posted July 5, 2022 #7 Posted July 5, 2022 13 hours ago, J-Dawg said: @Eddie@Ghostnipple@kayttobr Provably Fair Implementations Can Cheat Players (proof) (Due to space constraints, this is highly abridged. More detailed analysis on GitHub with the sample and optimized code)All provably fair casino games are shuffle based. This means that all games regardless of the interface, are akin to a pack of cards being shuffled and the results being determined from that. The exploit that casinos can use to cheat players is called Shufflepuff — a tool a casino can use to optimize against players, effectively creating cold decks. (code provided below in picture) Casinos can choose initial decks that perform strictly better against other initial decks, regardless of any Mersenne Twister seed. The result of the game is verifiably "provably fair" without compromising any code. The exploit can permanently alter the house edge of the game beyond expected outcomes. Due to the large arrangement space, the exploit is effectively undetectable. At the very least, refutable. I'll assume you're familiar with how this provably fair method works.This attack applies to any casino that uses it. You, as a player, have no ability to determine the actual Mersenne Twister seed. You can influence it, but the final seed is indirectly attributed to your client seed. However, the casino is free to determine the initial shuffle. It can be whatever they want. There is no guarantee that this shuffle (we'll call it initial deck from now on) is in any way random, and this is where the exploit begins. In a nutshell, the house knows that the final shuffle will be one of 2³² possible shuffles. Since the initial deck space can be astronomically larger than the final shuffle space, the house simply needs to find an initial deck that performs well against as many final shuffles as possible.How do we determine the optimized, stacked decks?Let's try roulette, since it has the smallest search space. In the real world, it's a wheel game, but casinos treat it like a card game nonetheless. First, we degenerate the deck into point-values based on the outcome we want. For example, if we want to optimize the deck for red, we convert all the red cards to +1 and the rest (including green) to 0. We arrange the point deck in lexicographic (sorted) order: { 0000000000000000000111111111111111111 }. For all permutations (without repetition), perform a Fisher-Yates or Durstenfeld shuffle with all possible Mersenne Twister seeds (which range from 0 to 232 – 1). Add the first value of the shuffle to the rolling count. Compare two permutations. If one has a higher count than the other, it is strictly better than the other. Meaning, a casino can use it to permanently alter the house edge. Implications Once an arrangement has been found, it can be easily masked to prevent detection. In the example, the arrangement only represents the position of red and blacks, but a casino can fill it with any red or black card, effectively producing shuffles that appear different. The casino presents the shuffle first, but it can learn from subsequent play. A player who consistently plays red or black (or green) can be exploited in the next round. A casino doesn't need to find the most optimized shuffle, just one that beats the theoretical expectation. So, a nefarious casino would collect many optimized shuffles on a rolling basis, making it effectively undetectable. The shuffles can be used to help you win as well. For example, the house could produce good shuffles to help dust bettors win, in the hopes they bet more (where they could then be cheated with bad shuffles for more bitcoin). Shufflepuff Code (C++) (see photo) Ok, editing my post as I've done some more research. This post is plagiarized from here: https://bitcointalk.org/index.php?topic=1494470.0 It's a very interesting thread, with some people that know way more about provably fair and programming than me weighing in. Including Stunna ( @Edwards better co founding half) But, what @J-Dawgdid was add a couple sentences, and twist a few words around to fit his narrative, which is that the entire provably fair theory isn't fair. It's all rigged, etc... These are the only two sentences that were actually written by @J-Dawg: Quote All provably fair casino games are shuffle based. This means that all games regardless of the interface, are akin to a pack of cards being shuffled and the results being determined from that. Not all provably fair games are shuffle based. But @J-Dawg wants you to think they are, so he removed this part: Quote Any shuffle-based provably fair casino that used bitZino as a reference implementation can exploit players. He also later replaced this: Quote There are many recent, modern casinos that can deploy this exploit. With this: Quote This attack applies to any casino that uses it. (keep in mind this was all from 6 years ago) Mods, please don't nuke this entire thread. If you must do something with it, move it to off topic or something. We're trying to have a conversation here, OP is going to keep doing this kind of thing and every time you nuke his threads you just make it easier for him to get away with it next time.
ktinho Posted July 5, 2022 #8 Posted July 5, 2022 It is all reliant upon the reputation and how you feel about the casino you are using. All this stuff has been posted here and elsewhere time and time again. it is nothing new. it is information that is 8 years old.
dupeddonk Posted July 5, 2022 #9 Posted July 5, 2022 10 hours ago, Shanaya24 said: so i'm not crazy, wondering what the provable fair evangelist has to say about this. OP duped you.
Lydia26 Posted July 5, 2022 #10 Posted July 5, 2022 It's hard to challenge the house.. it's gambling no one force us to gamble it's a choice I guess
Zugarol Posted July 5, 2022 #11 Posted July 5, 2022 in the world of gambling no one ever win except the in House
ktinho Posted July 5, 2022 #12 Posted July 5, 2022 53 minutes ago, dupeddonk said: OP duped you. it is a system that was in use 10 years ago. What i find interesting is that some people are so obsessed with proving that stake use a system that's not provably fair and that they are being cheated - if they are using this casino still - surely it must affect their mental health. Some of these people get very irate when a person tries to help or to explain things. How can gambling possibly be fun for those kind of personalities? It appears like a form of OCD. Even IF they prove legitimately that everything is unfair i wonder what will become of them. I assume they will have to find a new crusade to obsess over, once their '15 minutes' is over, they will be left unfulfilled. IF they never succeed in proving their beliefs then it will be a time wasted and we can never get that time back. They should go gamble with friends that they do trust (poker perhaps). I do genuinely wish the best for these people. ❤️
dupeddonk Posted July 5, 2022 #13 Posted July 5, 2022 18 minutes ago, ktinho said: it is a system that was in use 10 years ago. What i find interesting is that some people are so obsessed with proving that stake use a system that's not provably fair and that they are being cheated - if they are using this casino still - surely it must affect their mental health. Some of these people get very irate when a person tries to help or to explain things. How can gambling possibly be fun for those kind of personalities? It appears like a form of OCD. Even IF they prove legitimately that everything is unfair i wonder what will become of them. I assume they will have to find a new crusade to obsess over, once their '15 minutes' is over, they will be left unfulfilled. IF they never succeed in proving their beliefs then it will be a time wasted and we can never get that time back. They should go gamble with friends that they do trust (poker perhaps). I do genuinely wish the best for these people. ❤️ edited my post above fyi, OP is sneaky sneaky.
ktinho Posted July 5, 2022 #14 Posted July 5, 2022 3 minutes ago, dupeddonk said: edited my post above fyi, OP is sneaky sneaky. Updated the quote! I have to agree with the sneaky aspect. I read the thread where the information originates and it's definitely been on here before. I sometimes feel like i am conversing with the same individual and they are using multiple accounts but i am not going to obsess and try to prove it. 😂 Not sure what it would prove other than i have too much time to waste.. which i don't! 1 hour ago, dupeddonk said: Ok, editing my post as I've done some more research. This post is plagiarized from here: https://bitcointalk.org/index.php?topic=1494470.0 It's a very interesting thread, with some people that know way more about provably fair and programming than me weighing in. Including Stunna ( @Edwards better co founding half) But, what @J-Dawgdid was add a couple sentences, and twist a few words around to fit his narrative, which is that the entire provably fair theory isn't fair. It's all rigged, etc... These are the only two sentences that were actually written by @J-Dawg: Not all provably fair games are shuffle based. But @J-Dawg wants you to think they are, so he removed this part: He also later replaced this: With this: (keep in mind this was all from 6 years ago) Mods, please don't nuke this entire thread. If you must do something with it, move it to off topic or something. We're trying to have a conversation here, OP is going to keep doing this kind of thing and every time you nuke his threads you just make it easier for him to get away with it next time. Thanks for correcting the thread and the OP. I noticed what he/she had done and how certain key components of the information had been omitted. What this now goes to prove and i feel this is a 'provably fair' statement to make:- The OP is attempting to manipulate the outcome of this thread by giving false and misleading information. which is the same practice they are accusing the casino of undertaking.
GotSeven Posted July 5, 2022 #15 Posted July 5, 2022 I believe there s some swtich. Eddie just do on/off and rip me on bj and dice everytime.ripped amount usualñy is around 500 usd. If i won one hand then i lose next 7 8 hands in a row. Why i do not win often the way i lose ??? I stopped playing bj and dice over a week ago. And im up almost 4k usd. Just playing crash. I know if i go to bj 5 minutes 4k usd will fly away
ktinho Posted July 5, 2022 #16 Posted July 5, 2022 5 minutes ago, GotSeven said: I believe there s some swtich. Eddie just do on/off and rip me on bj and dice everytime.ripped amount usualñy is around 500 usd. If i won one hand then i lose next 7 8 hands in a row. Why i do not win often the way i lose ??? I stopped playing bj and dice over a week ago. And im up almost 4k usd. Just playing crash. I know if i go to bj 5 minutes 4k usd will fly away Perhaps you just use better judgement in crash than you do in BJ or dice. Like sports betting knowing when to cashout.
Moderator maverick528 Posted July 5, 2022 Moderator #17 Posted July 5, 2022 This is just crap, if you believe this, you dont use your brain at all. First, I assume you understand how provably fair works, it guarantees that all the sequence of results are set in stone when the two seeds are chosen, so the casino can not change the results in any way if you bet a big amount for example, or if you play always the same style. In Stake, the same seed pair is used in all the original games excluding crash and slide, If the casino can produce "rigged seeds" that make you lose for example in plinko by making lots of balls go to the center, that same seed pair applied to wheel for example does not produce the same "losing riggedness", and you can test it in the bet verifier. The casino HAS NO WAY of predicting which of the games you are gonna play because it is YOUR decision. The more important thing that invalidates the "rigged seeds" theory is that there are games like Baccarat or Roulette where you can bet on ALL OF THE POSSIBLE OUTCOMES. If the casino uses a rigged seed that makes the red colour hit more often than black, the casino does not know IF you are going to bet on red or in black. If some numbers in roulette always hit more often than the others, then you can win by betting at those numbers, any riggedness in the numbers generated can be used in your favor, because you are free to bet on any of the possible outcomes on every roll. Because the casino can NOT change the sequence of results that is set after the seed pair is picked. Stake does not use a mersenne twister in the rng. It is just the output of the cryptographic function HMAC SHA256. Plus, there is no way Stake can rig the sequence because 1) you can choose the client seed that you like and Stake has no way to predict your choice. Different client seeds produces different sequences. 2) the hash of the next server seed is shown to you before you set your client seed, this means the casino can not change or adjust the server seed after you decided your own client seed,
dupeddonk Posted July 5, 2022 #18 Posted July 5, 2022 9 minutes ago, Ghostnipple said: I wonder is that the reason my own seed was nowhere near house edge after 1 million bets. I wonder why you keep pretending like that's true. 5 minutes ago, maverick528 said: This is just crap, if you believe this, you dont use your brain at all. First, I assume you understand how provably fair works, it guarantees that all the sequence of results are set in stone when the two seeds are chosen, so the casino can not change the results in any way if you bet a big amount for example, or if you play always the same style. In Stake, the same seed pair is used in all the original games excluding crash and slide, If the casino can produce "rigged seeds" that make you lose for example in plinko by making lots of balls go to the center, that same seed pair applied to wheel for example does not produce the same "losing riggedness", and you can test it in the bet verifier. The casino HAS NO WAY of predicting which of the games you are gonna play because it is YOUR decision. The more important thing that invalidates the "rigged seeds" theory is that there are games like Baccarat or Roulette where you can bet on ALL OF THE POSSIBLE OUTCOMES. If the casino uses a rigged seed that makes the red colour hit more often than black, the casino does not know IF you are going to bet on red or in black. If some numbers in roulette always hit more often than the others, then you can win by betting at those numbers, any riggedness in the numbers generated can be used in your favor, because you are free to bet on any of the possible outcomes on every roll. Because the casino can NOT change the sequence of results that is set after the seed pair is picked. Stake does not use a mersenne twister in the rng. It is just the output of the cryptographic function HMAC SHA256. Plus, there is no way Stake can rig the sequence because 1) you can choose the client seed that you like and Stake has no way to predict your choice. Different client seeds produces different sequences. 2) the hash of the next server seed is shown to you before you set your client seed, this means the casino can not change or adjust the server seed after you decided your own client seed, The post OP plagiarized was based on a shuffle-based implementation that didn't use a nonce. He added a few sentences to make it seem like it was referring to all provably fair implementations. (Please do not nuke this thread, move it if you have to, but try to keep it from getting nuked. Please.)
jungl3 Posted July 5, 2022 #19 Posted July 5, 2022 18 minutes ago, maverick528 said: The casino HAS NO WAY of predicting which of the games you are gonna play because it is YOUR decision. This is a disingenuous statement. People are creatures of habit and over hundreds or thousands of sessions, a fairly accurate profile could be made for many of them. It's standard in the industry to analyse user patterns. I'm not arguing with anything else you've said or that a user could suddenly break their routine, but this is well within the realm of possibility.
iulianbutanu Posted July 5, 2022 #20 Posted July 5, 2022 ok the op reminds me of another system of probably fair who was quite popular at a moment, but loooong time ago. anyway don't be guided by this. it's not worth it.
Shanaya24 Posted July 5, 2022 #22 Posted July 5, 2022 16 minutes ago, Ghostnipple said: Please Note: Stake.com does not allow players from the US. Please also note: The stake.com shop does not accept returns from anywhere outside the US. huh ? So if you are us citizen you can order and return goods but you cannot play on stake, on the other side when you are non us citizen you can play on stake but the stake store can send you damaged goods and you cannot return it.
iulianbutanu Posted July 5, 2022 #23 Posted July 5, 2022 33 minutes ago, Ghostnipple said: This is a community forum. Whether a member is correct or incorrect they have a right to be heard. Please respect that right as it is to the benefit of all players that this happens. If you have a counter argument to make then please make it. Attacking the individual and not their argument does nothing to advance the community's understanding of the topic under discussion. Do not forget that this is an unregulated sector with a filthy history of fraudulent practice and exit scams. So it is important that players can challenge the casino, particularly when it is operated by anonymous individuals. The casinos dominate and control virtually all communication channels, and have unlimited resources to which they can bring to bear in order to drown out any lone dissenting voices. It is a sector in which casino operators are highly incentivized to do everything within the realm of possibility to ensure that profit is maximized. It is a sector in which the players pay for everything but the player's influence amounts to nothing. It is a sector in which operators are so proficient in bending the truth, they will declare a product as unique, innovative, and mind enhancing, then charge you $50 for a white tshirt and the right to use your body as an advertising platform. Further reading: The Emperor's new clothes, Andersen H.C. 1837, Reitzel, Denmark now available https://shop.stake.com/ Please Note: Stake.com does not allow players from the US. Please also note: The stake.com shop does not accept returns from anywhere outside the US. wtf are you even talking about!? you're making a post just to have more characters or what? and what has the stupid shop policy to do with the discussion on topic?
ktinho Posted July 5, 2022 #24 Posted July 5, 2022 2 hours ago, Ghostnipple said: This is a community forum. Whether a member is correct or incorrect they have a right to be heard. Please respect that right as it is to the benefit of all players that this happens. If you have a counter argument to make then please make it. Attacking the individual and not their argument does nothing to advance the community's understanding of the topic under discussion. Do not forget that this is an unregulated sector with a filthy history of fraudulent practice and exit scams. So it is important that players can challenge the casino, particularly when it is operated by anonymous individuals. The casinos dominate and control virtually all communication channels, and have unlimited resources to which they can bring to bear in order to drown out any lone dissenting voices. It is a sector in which casino operators are highly incentivized to do everything within the realm of possibility to ensure that profit is maximized. It is a sector in which the players pay for everything but the player's influence amounts to nothing. It is a sector in which operators are so proficient in bending the truth, they will declare a product as unique, innovative, and mind enhancing, then charge you $50 for a white tshirt and the right to use your body as an advertising platform. Further reading: The Emperor's new clothes, Andersen H.C. 1837, Reitzel, Denmark now available https://shop.stake.com/ Please Note: Stake.com does not allow players from the US. Please also note: The stake.com shop does not accept returns from anywhere outside the US. So in your rush to make fun of the original poster, stop for a moment and consider they have taken the hard road, and that everyone benefits from free and fair discussion (most of all, stake). A solid argument will stand on its own feet independent of whoever raised the issue, a solid counter argument doesn't need to be propped up with personal attacks and innuendo. It is the role of the moderator to see that this happens, the fact that it does not, reflects poorly on stake. Having read the original post, seen how the information has been tailored to fit a certain narrative, don't you feel this undermines the discussion? If all the key information had been presented and then the question asked "does this have any relevance to how stakes provably fair system works?" I don't see an issue - it is open for discussion and not someone making a statement of fact. Unfortunately it is not presented this way and the thread title tells me the narrative that the OP is going for. No personal attacks have taken place.
ktinho Posted July 5, 2022 #25 Posted July 5, 2022 3 minutes ago, Ghostnipple said: I will not discuss the content for the same reason I moved it. I dont want to risk derailing the discussion here, however as it seems to be important to you Im very happy to discuss the issues I raised in my post if you would like to start a thread on any of those issues. I will give it as much time and attention as I think you deserve. the question is in regards to this topic. Starting another thread elsewhere to talk about this thread is illogical.
Featured Comment
Archived
This topic is now archived and is closed to further replies.