BetHash - How Provably Fair Isn't as Fair as it Looks
In our previous post, we took a look at how Bethash uses an entirely new system to prove fairness, as compared to cryptocurrency casinos that use an older system, known as ‘provably fair’.
In this article, we will explore the practicality of an absolutely fair casino and identify some of the flaws that exist in the provably fair system. These issues, in addition to some other limitations of the technology, are what prompted the BetHash team to begin using blockchain-based provable fairness.
Quick Recap on Fairness: 3 versus 21
If you remember correctly, our previous article explained the basics of how the provably fair system works. The provably fair system works because of 3 components: the server seed, client seed, and the nonce.
Now, for the sake of argument, if any two of these three components are compromised, then the security of the provably fair system breaks down. We will get into the specifics of how this might occur in the next section.
The way BetHash differs here is in fact of a simple numbers game. Instead of relying on three components as per typical provably fair casinos, BethHash relies on the 21 block producers of the EOS blockchain network.
As we have previously explained, the EOS network has a decentralized network of 21 block producers that secure the blockchain network against mutability. If you were to somehow trying to alter the results of BetHash, you would first have to first corrupt at least 11 of the 21 EOS block producers, which is a practically impossible task, since each block producer is voted into position by tens of thousands of EOS users.
Because of this, subvert even one of the EOS block producers is a nigh-impossible task, since every EOS block producer is a well-known, reputable force in the EOS community.
How is the Provably Fair System Corruptible?
The answer to this question lies more in human error and human nature rather than the technology itself. The implementation of the provably fair system differs from casino to casino, which can mean different casinos have loopholes not present in most others.
Then comes the concept of a Zero-day attack. Consider this; the first generation of online casinos used random number generators (RNGs) to ensure fairness until it was discovered that RNGs were not secured enough. This was primarily due to the faulty implementation of the number generation algorithm. A great example is this case, where one person was able to accurately figure out how the cards were being shuffled in an online poker game, despite them being arranged using random numbers.
A Zero-day attack can be defined as the exploitation of faulty code or faulty implementation of a perfectly fine code despite the implementor (in this case, a casino) knowing about this vulnerability. With this in mind, let's take a look at two examples of how a provably fair system could have hidden vulnerabilities:
Example 1: Nonce overflow
This vulnerability has to do with a faulty way of storing the nonce in an unsecured unsigned integer variable. This could, in turn, lead the nonce variable to overflow after a certain number of bets have been made and cause it to return 0, resulting in every future roll to become predictable.
For a detailed explanation of how a Nonce overflow flaw works, visit this article.
Example 2: Force-It Box
In this second example, one programmer was able to detect two vulnerabilities in the way the provably fair system was implemented by one bitcoin dice site. First, the programmer discovered that there was no way for the client-side seed to be entered in the roll, which meant the website could still manipulate the results.
But the second and the bigger vulnerability was caused by the fact that the starting seed was exposed, giving anyone with enough gusto the ability to brute force the encryption and predict all the rolls.
For a detailed overview of how the Force-It Box vulnerability works, visit this GitHub post.
In Summary
As you can see, although implementing a provably fair system is certainly a step in the right direction towards fairness, faulty implementations can cause the system to break down. On the other hand, with BetHash you are putting your trust in 21 incorruptible factors (EOS block producers) making BetHash a pioneering endeavor towards the evolution of fairness in online games.
Want to receive 100 Bonus Spins to help kick start your epic BetHash journey? Simply click here and follow the instructions to begin.
Congratulations @bethash! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :
You can view your badges on your Steem Board and compare to others on the Steem Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOP
To support your work, I also upvoted your post!
Vote for @Steemitboard as a witness to get one more award and increased upvotes!
To listen to the audio version of this article click on the play image.
Brought to you by @tts. If you find it useful please consider upvoting this reply.