I was inspired to write this article after attending Bryan Cooley's panel "Bitcoin Casinos: The Final Frontier in Online Gaming" at Inside Bitcoins' conference in Las Vegas.
Note - a lot of this article will be discussed using the analogy of a card game like Poker or Blackjack. However, everything presented here applies to every game with an element of luck, be it roulette, pachinko or anything else. It is just easier to describe some concepts with these terms.
Important cases to consider
Whether a game or a service can be considered provably fair, one has to look at a few aspects of what is being offered:
- Are the games interactive (such as Blackjack), or does the player have no agency on the game's outcome (like Baccarat)?
- Does the game involve one or more players?
- Do the players play against the casino (Blacjack), or against one another (Poker)?
- Does the casino provide the bank itself, or does it take investment money (like JustDice did)?
All of those aspects will be explored as we talk about various levels of how provably fair a game can be...
Level 0 - "Trust me"
Starting at the very bottom, we have the shadiest games that don't offer any reassurance that they are fair. We have to trust the people running the games not to cheat us. This is where all the gambling in new circumstances starts - be it traditional casinos in the distant past, online gambling in the 90's, and Bitcoin gambling before the PFGs became the norm. All in all, there is not much to discuss here - the games can be as crooked as the people running them and the players have no way of being sure if they are playing an honest game.
Level 1 - "Trust me, I'm certified"
This is the level most traditional casinos operate at. They have their gambling license, their online services are verified by third parties and so forth. While all this makes the business look more legit, it's still not scam-proof, as the story of Ultimate Poker have shown. Software review could be spotty, different software can be deployed on the final server, some rogue employees could cheat the system and so forth. While this level makes the scams less likely than the previous level, it still not perfect.
Level 2 - "Provable commitment"
This is the first level where the player can actually verify what is going on in the game. The key technology here is simple - the casino commits to an initial condition of the game, say an outcome of a coin toss, order of a deck, etc. The players is presented with a way to verify the initial state of the game at the conclusion of the game.
This system works well for single player games where the expected payout of any player action is the same - say guessing "heads" or "tails" with the same payout. However, if the expected payout for one outcome is different from the others (say, "0" appearing on the roulette spin), the system can still be cheated. The casino would only need to "stack the deck" against the player and they would win.
Level 3 - "Provable commitment with player seed"
An improvement on the previous level. The casino commits to a random seed and then the player presents their random seed to be used in combination with the server's seed. This makes the initial state of the game unknown to either party before the game starts, solving the issue of the casino being able to stack the deck against the player.
The full extent of the game must be known before the player reveals their seed however, otherwise for some games the casino can still influence player's game. Say we have a virtual horse racing game, where a player is presented with two horses - first one has a 50% chance to win and pays 1.9x the bet, while another wins 25% of the times but pays 3.9x the bet. Expected return for first horse is 0.95, while for the second - 0.975. This makes the second horse a more likely candidate to be picked by the player. If the horses are created after the player reveals their random seed, the server can create an appealing horse that will lose the game (since the casino knows the outcome of the "race" before the player picks the horse). However, if the casino commits to how the game plays for the round (horses are generated before the player reveals their secret seed), no such manipulation can take place.
This approach works well for single player games and has been a staple for such services like SatoshiDice, but this approach is inadequate for games involving more than one player.
In a multiplayer game, whether it is a player-vs-casino or player-vs-player, this approach fails. All a casino needs to run a crooked game is for the last player to determine their seed to be crooked and collude with the casino. This would allow them to pick from a number of favourable outcomes for the game to work against the other players. While this could be mitigated to some extent in games where the players play against the casino by making the players commit to a seed in secret first before revealing the actual seed, it still doesn't solve the problem of the casino and all colluding players knowing everyone's hands and all other cards in the deck. While this scenario is rather unlikely to occur, the above mentioned story of Ultimate Poker would work just as well in this level of PFG as any other level.
Level 4 - "Provably unknowable games"
The last level addresses the last problem PFG casinos face when it comes to fairness of the games (not necessarily the business as a whole mind you!) - how to make a game outcome unknowable before the game is played out? The most complicated scenario to solve is a game of poker - a multiplayer game where all players play against one another - and the possibility of collusion.
To achieve this level of fairness, the game needs to prove that even if everyone (including the casino) colludes against a single player, the player still knows that nobody knows what cards they have in their hand, nor what cards will come up next in the game. It is achievable by including every player in the deck shuffling and card dealing process. The process itself is a bit too complex to get into details here.
So far, I don't know of any service that has achieved this level of fairness. While not all games need to achieve it to be considered "fair enough", any game that involves more than one player that can influence the game definitely needs to aim this high to address all of the possible exploits.
Who watches the watchmen?
All of those precautions can still fail if there is one key component missing - a trusted frontend. Even if a game is provably fair, all is for naught if the interface you use to play the game is crooked and works against you in collusion with a malicious party.
The easiest exploit to use against the players would be to deploy a website that checks if a game is provably fair and lies about the outcome to make itself look legitimate. Most people won't check the code, and the casino would be able to scam them easily.
An operator that wants to protect the players against cheaters and gain their confidence will also have to prove that even they cannot be a malicious party. While this is possible to achieve for blockchain-based games with each game having a permanent, unalterable record on the blockchain and one doesn't rely on the website for any sensitive information, I haven't seen any serious solution to this problem in any "traditional" online casino. That's not to say that the problem is unsolvable - far from it - just that it might not be a priority for casinos at the moment.
Investor perspective
So far we've discussed only the fairness of a game itself, not considering whether the service as a whole is provably fair for its investors. If a given casino provides the bank all by itself, it's not really a problem (minus some possibility of claiming losses for tax purposes or the like), but as soon as someone else's money is on the line, that's an entirely different story.
Similarly to the fairness of the game, we can have a few levels of fairness when it comes to investing:
"Trust me" - no way of checking whether the casino is scamming its investors. Can work to some extent if the entity is known and trustworthy
"Here are my books, everything adds up" - the casino provides an extensive record of all games played in the system, allowing everyone to verify if various games add up to the proper investment amount. However, a casino still cannot prove it did not play against itself to lose its investors money and shift the winnings to its own pocket. Both SatoshiDice and JustDice achieved this level and were accused of the exact possible exploits.
The casino would also need to prove that the records were not tampered with - SatoshiDice did it by committing to the game seeds for many years in advance and embedding that data into the blockchain. JustDice would have a problem with proving the same.
"No way to lie" - it is possible for a casino to address the issue of being accused of gambling against itself to create artificial loss for its investors. Getting into the details of how this could be done is a topic for another article in itself, so I won't cover it here. In brief - it's possible, but I haven't heard of any casino implementing a solution like this yet.
In conclusion
There are many shades to how provably fair a game can be. One has to take into consideration not only the mechanics of the game and how to prove it to the player that no cheating has taken place, but also protecting the game environment and the investors' money from the casino itself. Only with all those issues addressed could a casino truly call itself "provably fair" without anyone being able to claim otherwise.
No comments:
Post a Comment