Provably fair gambling

Gambling where you cannot cheat the odds

Published December 17, 2019Updated May 7, 2021

There’s a sucker born every minute.
Attributed to Michael Cassius McDonald

I love the movie Ocean’s Eleven (2011). I’ve a fascination for heists and how they in the movie win against the house in various gambles—by cheating, of course. They hack the slot machines, they cheat in card games and they control the dice in craps like magicians. And they do it with style.

Cheating is possible in the real world, as well. For example you could do a coin toss, but with a coin with heads on both sides. Or a coin that’s heavier on one side, making the odds 55% and 45%. Don’t let the numbers fool you—this is a huge difference compared to a 50/50 gamble.

But it’s hard to verify that a gamble is fair. With a coin, you might be able to feel it, and specialized anti-cheating machines might be able to measure dice, but you can never be sure. Gambling on the internet is a whole other can of worms, where you’re often left trusting that the site isn’t screwing you over.

With cryptocurrencies, we can devise a scheme where gambling is provably fair. We can create a gambling site where users are sure the bets are fair—with mathematical certainty—and without a trusted third-party facilitating the bets.

Seeds and pseudo-random generators

To understand how the gambling scheme I’ll describe works, first it’s important to understand pseudo-random generators. Take this random sequence for example:

1 2 2 9 0 3 3 8 5 9 …

The important thing about it is that you cannot predict what number comes next. That’s why it’s random.

But if we want to flip a coin, and verify how it was flipped without looking at it, how could we do that? It’s simple—just flip it again in exactly the same way as you did before, and it should land exactly like it did before. (I didn’t say it was easy!)

With a pseudo-random generator, that’s what we can do. We give it a seed, which will produce a sequence that’s unpredictable, except that when given the same seed it will always produce the same sequence. For example:

seed 7:
5 2 6 0 1 8 1 5 9 0 …

seed 13:
4 4 2 3 2 3 2 2 1 8 …

seed 7:
5 2 6 0 1 8 1 5 9 0 …

A pseudo-random generator can produce a sequence of numbers, a number of coin tosses or even generate the whole world in Minecraft.

A simple provably fair gambling scheme

Here’s a simple scheme that allows us to prove that a gamble has happened, what the results were and how to verify if it was fair.

Our gambling algorithm is simple. We’ll concatenate the casino’s seed with the player’s seed and use it to initialize a pseudo-random generator, which will flip a coin to pick the winner. Here’s a simple Python 3 script that does this for us:

import random

casino_seed = input("Please enter the casino seed: ")
player_seed = input("Please enter the player seed: ")
our_seed = casino_seed + player_seed

print("Using seed:", our_seed)
random.seed(our_seed)

print("The winner is:", random.choice(["casino", "player"]))

Importantly, the casino should give out the seed encoded with a cryptographic hash function, otherwise the player can just pick the winning seed and there would be no gamble. When the player has sent their seed to the casino, the bet has been made, and the casino reveals their seed (which we can verify with the hashed value) and we know who won and who lost.

Concretely a game could play out like this:

The casino sends the player the seed, encoded with SHA-256:

4b227777d4dd1fc61c6f884f48641d02b4d121d3fd328cb08b5531fcacdabf8a

The player sends their seed 1 to the casino
The casino says they won, and reveals that their seed was 4

To prove that the bet was made, the above interactions should be signed by both parties, complete with timestamps. It doesn’t even have to be on a blockchain, just having a public key connected to their identity is enough. As long as either party has the signed messages, it’s all good.

Now the player would like to verify that they did in fact lose:

First we verify that the casino indeed used the seed 4
```
echo -n "4" | sha256sum
```
Giving us the SHA-256 hash:
```
4b227777d4dd1fc61c6f884f48641d02b4d121d3fd328cb08b5531fcacdabf8a
```
Which matches the hash the casino gave out before the bet.

Then we can use the Python script to verify the gamble:

Please enter the casino seed: 4
Please enter the player seed: 1
Using seed: 41
The winner is: casino

It checks out; the casino won fair and square.

Limits to this scheme

There are limits to the simple toy example I’ve described:

Seeds need to be longer
A seed like 4 is far too simple. We’d need a much longer seed for the game to be secure. Maybe something like 65654687731080707945?
Multiplayer games are more complex
This scheme works fine for simple single player games, like flipping a coin. But if we wanted to create a provably fair poker game the implementation would be more complex, but it would still be possible.
Here we’d have to encrypt your cards and hide them from other players, but they still need to be able to verify that they were dealt out correctly after the fact.
I leave the implementation details as an exercise for the reader.
Only for digitally randomized gambles
It’s not possible to bet on real life events, like the outcome of an ice hockey game, without relying on a trusted third-party to announce the result of the game (often called an Oracle).

How does this relate to cryptocurrencies?

Until now, nothing I’ve described requires a cryptocurrency (and if you don’t need it, you shouldn’t use it). So why bring it up in a book about cryptocurrencies?

By embedding the messages between the casino and the player on the blockchain, we get a permanent record of all gambles that take place. It would be proof of dishonest behaviour and act as a reputation boost for honest casinos.

But we can go further. The biggest issue with our simple scheme is that the casinos can still decide not to pay. There’s nothing forcing them to pay the players if they win big—they could just take the money and run.

With smart contracts, on a cryptocurrency with a powerful scripting language like Ethereum, we might enforce the payment as well. In our example when accepting the bet, both the casino and the player must lock up their funds in a smart contract that will play out the bet (like in the Python script) and send the funds to the winner. This removes the risk of the casino refusing to pay out if you manage to win, as it’s enforced by the smart contract.

You can also improve the state of sports betting. A smart contract can give an Oracle the power to transfer the money of a gamble to the winner—but it’s only allowed to send it to either the player or the casino, so the Oracle cannot steal the money. This is good if you can trust the Oracle to call the result of a game, but you don’t trust them to hold your money.

In this way cryptocurrencies can drastically reduce the risk of being cheated when we gamble.