Provably fair: what it entails, and how to do it right
Smart players who frequent online casinos are going to know this as gospel truth: only play on casinos if they are provably fair. While that's easy to say, it becomes harder (for the layman) to actually check whether a given website is provably fair or not. This becomes especially hard when you encounter a malicious website claiming that they're provably fair, when they're actually not. Elements of a provably fair game
When doing provably fair right, the main idea is to allow players to verify that the game operator can't manipulate bet outcomes based on bet amounts. This can be done in many ways: the most simple is a two-key setup with nonces to traverse a generated chain of games. One key is the server seed, and the other is the client seed. The server seed can be hashed using a one-way encryption algorithm and revealed at a later point so that the user can verify all of the rolls. The client seed must be user-customisable, such that the house cannot force users to generate an unfavourable chain. Another popular method is the reverse hash chain setup, where a single secret is hashed over and over (the hash of the secret is hashed, and the resultant hash is hashed, and so forth) to create a long chain. At each stage of the game, the hash is printed beforehand, and its string is revealed to be the hash of the next game, making verification straightforward and easy.
Detecting malicious operators
It's important to note that if a casino truly wanted to be "rigged", it probably wouldn't implement a provably fair system in the first place. This is because a small subset of users will definitely be checking the system to see if it's working as intended: it is impossible to tamper with a provably fair system in an undetectable manner. But, let's look at some scenarios where provably fair methods were implemented, but the operator turned malicious.
One of these savvy users, as shown above, detected that the busts that were supposed to be derived from the game's hash chain weren't matching up. The site was thus exposed as a scam, and pretty easily at that. This is why it isn't really a good idea for a malicious operator to change one or two games, because in most cases, the player in question will eventually discover it. There is another key element to provably fair, which is ensuring that the house edge matches the advertised edge. That involves other methods (backtesting, using local verification scripts, and so forth) but is generally easier than spotting malicious operators fiddling with their provably fair system. The latter requires persistence. You really do need to keep your eyes out at each turn, especially in the world of bitcoin gambling.
When provably fair systems... aren't fair There is another class of malicious operator: in most cases, more incompetent than malicious. "Dangerous incompetence", since it usually ends up with innocent people losing money. There are a lot of casino case studies to go into when it comes to systems advertised as provably fair but aren't really, but we're going to explore a more recent scam called TempFlip. The chat of TempFlip is full of lies and deceit: you'll find the owner stating that the game is provably fair, and the coder of the bot correcting him and telling him that the provably fair system hasn't even been installed yet. You'll also find that the owner has multiple scam accusations against him (the scammed values being between $10 and $20, which makes it even more pathetic). However, this is a discussion for another day: we're going to look into how TempFlip's provably fair system fails.
The image on the left seems innocent enough: a user playing TempFlip and getting a game result. There's a client seed, and the coder has posted a server seed in a separate channel. Sure, there's no nonce provided, but to the untrained eye, this looks provably fair. Right?
Well, wrong. Something key to note is that the client seed changes with each game, and the user cannot set their own client seed. Firstly, the fact that the client seed changes with each game (and not each client) makes it supremely easy for TempFlip to manipulate a single given roll. If one player had a single client seed, then they would simply have a chain of games that they could verify, and TempFlip couldn't necessarily manipulate the outcome of a single game without being detected. However, giving each game a brand new client seed means that TempFlip can change the bet outcome to anything they want based on the bet amount. The user cannot set their own client seed, which pretty much defeats the purpose to having one in the first place, since it can't be proven that the house didn't pick an unfavourable chain.
While there are a few other cases of similar casinos (that claim to be provably fair but really aren't), this one really takes the cake in terms of hilarity and stupidity. Stuff like this ruins the reputation of real provably fair casinos: this is why it's important to arm yourself with the knowledge of how to spot scammers, and always remember to call them out. On a side note... While I'm typing this, something funny happened in the TempFlip chat. Someone is trying to make a withdrawal ($20) and the dev has been delaying the withdrawal for over an hour.
There are really several things to unpack here that make this amusing: one, the funds of a casino are stored on a shared Blockchain.com account (probably the least secure method of user fund storage), two, the dev team is unable to send out a basic withdrawal for an hour, and three, $20 is a large withdrawal which needs processing and can't be sent out instantly. (Although it should probably be mentioned that the bot doesn't have a withdrawal command yet... but accepts user deposits. Can you say shady again?)