Fairdice Game Testing

jetset

RIP Brian
CAG
Here's one that is guaranteed to generate some discussion! Cipher, is this connected with Cipher Strands, or is it something different and new?.

Press Release

24 August 2004

Today Project Fairdice announced the initial release of software designed to prevent the rigging of games by online casinos.

Spokesperson Douglas Reay said "This will deal a bitter blow to conmen and criminals in the gambling industry, and clear the way for the honest online casinos who give their players a fair chance."

Currently the only way the honest online casinos have to show they are trustworthy is to invite auditors occasionally in to check on things, and many players don't trust that. Too many get ripped off once and never come back. The problem is, when a casino says they've shuffled a deck of cards fairly, how can you know if they are telling the truth?

With the launch of this initial implementation of the Fairdice cryptographic protocol, Project Fairdice is offering casinos another way. We're saying to all the casinos out there, 'Come get involved in the project. Enable your websites to use the Fairdice Protocol. If you are not rigging your games, you have nothing to lose. This is your chance to really prove to your players that your random number generators are not fixed.'

Online gaming watchdog eCOGRA (eCommerce and Online Gaming Regulation and Assurance) require in their code of practice that the probability of any event occurring shall be as for the actual physical device except where deviations are clearly displayed to the players. Now eCOGRA and other regulatory bodies have their first opportunity to give real teeth to their laws. "It's going to be very interesting to see who welcomes this breakthrough with open arms, and who ducks for cover or tries to ignore it."

To find out more about Project Fairdice, come visit us at:

You do not have permission to view link Log in or register now.


PRESS CONTACT:

Douglas Reay

Lead Developer

Project Fairdice

+44 1223 426485

You do not have permission to view link Log in or register now.


douglasr+press@chiark.greenend.org.uk

ABOUT PROJECT FAIRDICE:

Project Fairdice is a non-profit organisation whose vision is to use open source software to revolutionise the gambling industry.
 

Simmo!

Moderator
Staff member
Ok this seems interesting although probably appealing more on a techie level...and for those who don't trust the casino they are putting money into!!

Anyway, if i read it right, the user installs a program that talks to a program on the casino operators server and between them they decide the result of a turn of cards or whatever the game is. So effectively, the user can see if the result on his "client" software matches what appears physically, or rather pictorally, on the screen. Is that how you read it Jet?

Seems reasonable, though if i were the casino operator, i may be a little worried that the result determination leaves me at the mercy of the programmers. Should they turn out to be fraudulent or inaccurate, then I'm screwed. *If* i understand it right from the not-quite-as-clear-as-it-could-be docs....
 
Last edited:

GrandMaster

Ueber Meister
CAG
I don't think it has anything to do Cipher strands. It is an implementation of a cryptographic protocol to generate random numbers that are acceptable to both parties.

Let's say we want to toss a coin. I don't trust you, you don't trust me, but we can agree that we each toss a coin, and if we both get the same result, then we call it heads, otherwise we call it tails. As long as at least one of the coins is fair, the outcome will be fair, and neither party has an interest in using a biased coin, because it could be exploited by the other.

Fairdice is the same sort of thing done electronically. The general idea of such protocols is that I generate a random number, you generate a random number, I send you an encrypted version of my number, you send me an encrypted version of your number, then we both calculate the same number somehow. If there is ever a disagreement, we can both reveal the numbers we generated and do the calculations to decide who is right. I had a quick look at the website, I did not see any information about which protocol they use, whether it is new or previously known.
 

jetset

RIP Brian
CAG
Grandmaster is more technically knowledgeable in this area than I, and I would depend more on his judgement, I think.

We sent a detailed list of relevant questions to the email address quoted on the press release but that turned out to be a dud, which isn't really a very encouraging start!
 

amandajm

Experienced Member
An open source rng tester?

Sounds good. Is so complicated for a non techy type to understand the way it is set out but it is worth a look. Even the message board is hard to use.

There are like 6 emails so which one to use is a gamble unto itself but there is a
You do not have permission to view link Log in or register now.


A working phone number? Who knows..
 

jpm

Dormant account
Very interesting idea, whether it will catch on remains to be seen. It would be interesting though to try it. GM the protocol info from further into the site states: TIGER/192 was chosen over MD5 as the message digest algorithm as doubts have been raised about MD5's collision resistance

I'm going to try and break down a little further the way this works, and put it in a more gambling centric context. Say you are playing video poker and you place your bet and hit deal. The gaming server, knowing this game is based on a deck of 52 cards (assume we're playing JoB) and it picks a card from 1 to 52 at random for your first card. Your computer also picks a card from 1 to 52 at random and each machine shares its encrypted pick with the other. They each then take the pick, and add it to their own pick and do a modulo 52 on the sum (see this page for an explaination on modulo arithmetic
You do not have permission to view link Log in or register now.
) and the result is the card that is used as your first card. Then repeat for the next 4 cards (a little more complex because of the previously chosen card, but for simplicity sake, repeat 4 more times). All of this shared cryptographically so theoretically nobody can intercept or modify the data to their own benefit.

So say your computer pics card #27 and the casino server picks card #46. 27 + 46 mod 52 = 21 (if I did my mod correctly) so the agreed upon first card is card #21. How you decide which one that works out to is up to you, but you both agree that #21 was a randomly chosen card.

Interesting concept, I'd like to play some VP & BJ at a casino using this system and compare the results to one of the regular casinos I play and see if it 'feels' the same.
 

jetset

RIP Brian
CAG
After some initial difficulties, we managed to contact the lead developer at Fairdice, Douglas Reay. We forwarded the following lay description from Grandmaster of how he interpreted this idea:

"It is an implementation of a cryptographic protocol to generate random
numbers that are acceptable to both parties.

"Let's say we want to toss a coin. I don't trust you, you don't trust me, but
we can agree that we each toss a coin, and if we both get the same result,
then we call it heads, otherwise we call it tails. As long as at least one
of the coins is fair, the outcome will be fair, and neither party has an
interest in using a biased coin, because it could be exploited by the other.

"Fairdice is the same sort of thing done electronically. The general idea of
such protocols is that I generate a random number, you generate a random
number, I send you an encrypted version of my number, you send me an
encrypted version of your number, then we both calculate the same number
somehow. If there is ever a disagreement, we can both reveal the numbers we
generated and do the calculations to decide who is right. I had a quick look
at the website, I did not see any information about which protocol they use,
whether it is new or previously known."

Reay has responded, confirming that this description is "Spot On".

"In this case the means of combining the two numbers is taking
the modulo. And the Fairdice apps hide all the nasty stuff. All the host (the casino) has to do is tell the fairdice server "I want to run a game called XYZ and produce a random number between 1 and 6". The player tells the fairdice
client app "I want to join the game XYZ".

"All the rest gets done automatically. The client and server talk to each
other and come up with the random number. They tell it to the host. And
when the game is over they tell it to the user (the player). And if
either participant tries to cheat, the fairdice apps spot this and let
everyone know."
 

DeMango

Dormant account
I believe:
Most BJ games are just a tad skewed, after 1000's of recorded BJ hands I have never approached 99.5% payout (crypto, BM, MG, Playtech) Therefore the chances of this program being implemented are slim and none. Something has to pay for these ludicrus bonuses!
 

GrandMaster

Ueber Meister
CAG
jpm said:
Very interesting idea, whether it will catch on remains to be seen. It would be interesting though to try it. GM the protocol info from further into the site states: TIGER/192 was chosen over MD5 as the message digest algorithm as doubts have been raised about MD5's collision resistance
This is actually more of a detail of the implementation. I did find a description of the protocol on the website, although still not as detailed as I would have liked. The problem with MD5 was only published 10 days ago, so I am favourably impressed by developers.
 

sw2003

Dormant account
jetset said:
"Let's say we want to toss a coin. I don't trust you, you don't trust me, but
we can agree that we each toss a coin, and if we both get the same result,
then we call it heads, otherwise we call it tails. As long as at least one
of the coins is fair, the outcome will be fair, and neither party has an
interest in using a biased coin, because it could be exploited by the other.
I want to know where is Fairdice going to get money to run this operation? Who is going to fund it? It requires cooperation between the software companies and Fairdice. Why would they want to do that with Fairdice?
 

GrandMaster

Ueber Meister
CAG
sw2003 said:
It requires cooperation between the software companies and Fairdice. Why would they want to do that with Fairdice?
Fairdice would produce results which are provably fair to all parties, so there should not be any further complaints that "XYZ casino cheats, I lost three hands of BJ in a row there!"
 

DouglasReay

Dormant account
Simmo! said:
*If* i understand it right from the not-quite-as-clear-as-it-could-be docs....
I apologies for any lack of clarity in the documentation. It is unintentional, and something I would love to improve. Sometimes it is hard to document something you know very well because it is difficult to realise what is not going to be obvious to other people. May I quote from this thread on the Fairdice website to improve them?

Simmo! said:
if i were the casino operator, i may be a little worried that the result determination leaves me at the mercy of the programmers. Should they turn out to be fraudulent or inaccurate, then I'm screwed.
Quite understandable. I hate trusting software too. In this case though the software is open source. That means that the casino operator doesn't have to trust the original programmer. They can hire one of their own to read the program's source code, verify it does what is claimed, compile it and install it on a machine under the casino's control.

Or, more likely, several different casino associations will all check the code out. And hopefully publish statements of the form "The binary fairdice_server.exe (for windows Longhorn, version 9) has been checked by us to be good. You can recognise you have the same binary not a hacked version because it has file length 129322 bytes and the md5 checksum DEADBEEF1234DECAFBAD9876". Then, as long as the casino trusts at least one of the organisations that has done a verification, all they have to do is:
  1. download the right binary for their system
  2. check it has the right size and checksum
  3. install it on a machine they trust

GrandMaster said:
I had a quick look at the website, I did not see any information about which protocol they use, whether it is new or previously known.
Nice explanation - want to come join the project and write a little documentation? Project Fairdice is a non-profit voluntary organisation. That means you won't get paid but neither will you have any liability or be required to do any more than you wish. What you do get, hopefully, is some satisfaction of having actually DONE something about the state of the online gambling industry.

The general concept of the protocol (using message digests for non-repudiability) is very well known and not at all new. The specific use of it in this context and the details such as the precise order the messages get exchanged between parties, the length of the plaintext and digests, etc are new.

jetset said:
We sent a detailed list of relevant questions to the email address quoted on the press release but that turned out to be a dud
Yes, sorry about that. Chiark, the remote unix server I use for email (run by the maintainers of the Debian Linux distribution) uses some anti-spam software called SAUCE that is new, still slightly experimental and rather complex. It works very well (I get maybe one spam a month, on an email address I've used widely for years), but you do have to remember 4 or 5 steps when adding a new sub address (+fairdice_press in this case). I forget one of those steps in the rush setting things up after making the press release and didn't get around to testing it until later that week.

amandajm said:
Even the message board is hard to use.
Ok, I've tried documenting how to use the board better. Have a look at
You do not have permission to view link Log in or register now.
and tell me what you think.

amandajm said:
A working phone number? Who knows..
Yes, it is more or less working. British Telecom are fiddling about trying to set up an answering service on it. Do give me a ring. (though I'd appreciate it if you didn't phone between 12 midnight and 8am UK time).

DeMango said:
the chances of this program being implemented are slim and none
Casinos are competing against each other for players. All it takes is for one casino to decide it might be worth seeing if they can make more money by differentiating themselves from the other casinos by offering provable fairness over big bonuses. Once one casino offers this, it will be up to the players to make clear which they prefer by choosing which casino to play at.

GrandMaster said:
The problem with MD5 was only published 10 days ago, so I am favourably impressed by developers.
If you look at the CVS file
You do not have permission to view link Log in or register now.
you will see that I make the comment about doubts being raised on June 2nd. Several weeks before the actual discovery of a collision was published.


sw2003 said:
I want to know where is Fairdice going to get money to run this operation? Who is going to fund it? It requires cooperation between the software companies and Fairdice. Why would they want to do that with Fairdice?
It may be optimistic, but Project Fairdice is not a for-profit organisation. It isn't specifically looking for funding. Sure, if some casino thinks this is a great idea and wants to pay one of the developers to work full time on it instead of doing it in their spare time in order to get it all to happen faster, I for one might consider it. But that isn't needed. The project will continue either way.

I'm guessing that the conversation between a casino operator and the company who writes their software will go something like this:
  • Operator: I've heard that if we use 'fairdice enabled' software on our website, eCOGRA will let us display a spangly new enhanced seal logo that has been proven to increase a casino's revenue by 10% by attracting new customers. Will your next update be including this option, or should we be looking at moving over to using company X's software?
  • Developer: mutter mumble err sure maybe

The casino software developer then hopefully downloads the developer kit from the Fairdice website, spends a few days changing calls to rand() over to calls to frdiRand(), spends a few weeks testing it, then charges the casino an arm and a leg for their new update.

Fairdice get no money from that. However with luck, when the casino software developer is spending a few weeks testing it, grumbling about the fairdice server application being too slow / too unstable / lacking a certain feature their host app needs, they will edit the fairdice source code to add in what they need. And then maybe release their patch back to the project so they don't have to bother adding their custom requirement every time a new fairdice server version comes out.


I hope that helps people understand a little better what is going on with Project Fairdice. I will carry on answering questions here if people would like that. I hope also that you will come join the discussion on the Project's own website.


Douglas
 

jpm

Dormant account
sw2003 said:
I want to know where is Fairdice going to get money to run this operation? Who is going to fund it? It requires cooperation between the software companies and Fairdice. Why would they want to do that with Fairdice?
Pretty simple I think, the casino would be paying for it (licensing the use). Since the house ALWAYS has an edge (except on full pay deuces wild), then they would have nothing to lose by giving you a fair game. And I believe that real gamblers (particularly BJ players, as GM mentioned before) would flock to a fairdice enabled casino and offset whatever costs there would be for implementation. The casinos running rigged s/w on the other hand, won't go anywhere near it and probably try to discredit it.
 

caruso

Banned User - repetitive violations of 1.6 - troll
I think is is extremely interesting and encouraging if I've got my head around it all correctly:

As long as 1) the software is verified as good and 2) the casino log numbers match with the player numbers - as verified by the player - then the cards in question have been dealt randomly. There is no need of any "disclosure" beyond the code itself - there is no results-testing involved and therefore no opportunity for a rogue regulator to cook the books. All the verification can be done by the player or a trustworthy second party, in the form of a check on the code, to ensure that it's functioning as it should. The only drawback is that it cannot be "forced" on the casino, as the OCA basically was, because it requires their cooperation in running the software. Small inconveniece - any casino refusing to cooperate clearly has something to hide, and players can draw their own conclusions.

I hope this develops speedily.
 

sw2003

Dormant account
caruso said:
I think is is extremely interesting and encouraging if I've got my head around it all correctly:

As long as 1) the software is verified as good and 2) the casino log numbers match with the player numbers - as verified by the player - then the cards in question have been dealt randomly. There is no need of any "disclosure" beyond the code itself - there is no results-testing involved and therefore no opportunity for a rogue regulator to cook the books. All the verification can be done by the player or a trustworthy second party, in the form of a check on the code, to ensure that it's functioning as it should. The only drawback is that it cannot be "forced" on the casino, as the OCA basically was, because it requires their cooperation in running the software. Small inconveniece - any casino refusing to cooperate clearly has something to hide, and players can draw their own conclusions.

I hope this develops speedily.
Players will flock to a FairDice casino over a non-FairDice one, so in a way, it is still forced on the casinos via this thing called consumers' choice. :)
 
Top