Dialogue w/P.Bay On Cypher Poker 2.0 and Beyond

Escrow, Challenges, and Validation, and Vexations Player Attacks

Patrick Bay

The promissory notes work with just about every message except for the initial contract setup. To my knowledge there is no signed message that will allow me to send funds from your account to a smart contract – this is a step that every player must go through when they’re agreeing. Once the smart contract is able to manage the funds then signed messages can take over but if the contract has no funds to manage then there’s not much point. The contract becomes the effective third-party and it can arbitrate our disputes, know when actions have timed out, perform refunds, and so on.

As long as everyone’s cooperating then the contract needn’t be invoked (except for the initial agreement), and split between players a game would run just under a penny per hand which I think is a pretty reasonable cost. If everyone doesn’t cooperate then players need to turn to the third party – the smart contract – to arbitrate, and it does so using a very strict procedure that ensures that all players do what they’re supposed to do, when they’re supposed to do it.

This is the more expensive approach and even if a contract is being re-used could still run a few dollars per hand so it’s something that I imagine most players would want to avoid. Unfortunately, if someone decides to be a dick by either withholding messages or sending false ones (while retaining correct ones for the contract), then I don’t see much choice except to drop down from “cheap mode” (almost no contract interaction) to “full cost mode” (almost every action is recorded directly to the contract).

The contract will have the offending player’s funds (sent at agreement time), to work with, so if there are any problems those funds can be disbursed to honest players, but it has no good way of finding out what went on outside of its own environment.

For example, if we’re playing and I decide that I’ll get my customized CypherPoker game to _not_ send you any more messages if it looks like I’m going to lose, you must now turn to the smart contract and activate it, effectively forcing both of us to interact with the contract including doing so within specific time limits. I must now commit my messages to the smart contract (where you can read them), even if I sent nothing to you directly. If I fail to do so, fail to do so in a timely manner, or fail to do so correctly, I lose all my funds to you.

Now, instead of sending signed message to each other at a fairly quick pace we must interact with the contract, which is both slower and more expensive. However, since it’s the contract that decides who won and played fairly, and since we have no other third party to enforce these rules, we must use it to resolve what would otherwise be an impasse.

From the contract’s point of view, however, it has no way of knowing why it was called on to perform a “full cost” game – maybe I didn’t actually send you a message over our P2P channel or the message wasn’t signed correctly (it might even just be garbage). Alternatively, maybe you’re pretending that I didn’t send you anything or you’re claiming I sent you a wrong message. Since the contract can’t prove the veracity of our claims it can’t penalize anyone at this point. All it knows is that someone didn’t honour the gentlemen’s agreement of passing valid signed messages to each other so now it has to take over.

At the end of the “full cost” game the contract will either have all of our information (encrypted cards, decryptions, bets, etc.) so if anyone was cheating it can determine for itself who it was, or information will be missing for certain players which means that they didn’t play as required (i.e. they lose all their funds). That’s why the smart contract has to be able to perform all of the cryptographic functions, rule and winning hand evaluations as the game client (part of the reason it took me a while to put together); at the same time we want to prevent people from using these validation functions because they’re very expensive to run. It’s also fairly expensive to store or commit data to the contract but the final validation – where the contract decrypts all cards, checks them for validity, generates hand scores, and declares a winner – that’s the most expensive part. (edited)

Players have the option to challenge certain points in the game, whether during a game if they’ve been “dealt” incorrect card values (ones that don’t compute correctly) or have received incorrect betting messages, or at the end when it’s suspected that someone was cheating.

It’s the during-the-game part that the smart contract part can be left behind if everyone’s cooperating. Once activated, the contract can just sit there and await a player to announce that they’ve won. If no one challenges that claim within a specific timeout period the winner just calls the “resolve” function and the funds are paid out as described. This is the best scenario – only minimal interaction with the smart contract (i.e. cheap).

In the meantime, or if “resolve” is not triggered, players may challenge the game. This is a “Level 1” challenge where everyone needs to store their encryption/decryption keys to the contract. All the other game data must already be stored at this point (otherwise calling Level 1 does nothing). If there was something untoward happening in the game we would have stopped it and dropped into a “full cost” game which meant storing our values into the contract. If, on the other hand, we have all the valid signed transactions we can prove that a game happened a certain way so we could feed the contract a cryptographic record of exactly how everything went down. Either way, the contract will have the entire hand ready and available for analysis and in a L1 we’re completing the hand by including our encryption/decryption keys along with all of the game data (encrypted cards, partially decrypted cards and who decrypted them, bets, pot, etc.)

Unfortunately, data storage is one of the more expensive Ethereum operations so this too isn’t cheap (but not too bad).

So at this point all players have full access to _committed_ game values. There’s no way for anyone to back out and we can perform all of the same calculations that the smart contract will do in order to determine the winner. The game client is set up to do this using two-pass system: in the first half we analyze the game using values that are known and recorded (in the game client) – if everything checks out then we know that the other players are holding verifiable cryptographic proof of how the game happened so I don’t need to challenge it on the smart contract, and failing that the game client calls a L1 challenge, waits for all data to have been committed, grabs that data, and re-runs the verification.

If there’s still a problem at this point a Level 2 is started. Currently I have it starting off by having players commit a refundable validation deposit equal to 0.6 Ether multiplied by the number of players minus 1. For example, if there are 3 players then my first call to L2 will require a 1.2 Ether deposit. This is a way to cover the costs of L2 for honest verifiers — if I start the L2 challenge (I’m the “challenger”) then I better have a good reason for doing so. Keep in mind that all of the game’s values are stored in the contract so I’m vouching for the fact that something is wrong with them — the math won’t work out. This means that someone will not be able to finish the L2 validation process because the contract will detect the mathematical error so as long as I finish to at least the same amount plus one extra step of L2 validation as anyone else then the contract can refund me both my validation deposit but also a cut (or potentially full mount), of the other player’s L2 validation deposit.

In this case I was being a good player, enforcing the integrity of the contract process.

On the other hand, I may be a vexatious player who tries to force others into full L2 validation because I’m a jerk. In that case it’s in everyone’s best interests to fully complete the L2 validation and I will almost certainly get burned. As a challenger I’m claiming that the contract’s stored values don’t work out but if everyone proves that theirs do (including me), or I stop the L2 validation at some point (the contract may stop it for me if the math doesn’t work out), while others are able to continue, then I have to cover the costs of the other player(s)’ validation(s). (edited)

In short, a player _correctly_ raises a challenge to a contract during L2 validation when they are sure that the stored contract values won’t compute correctly. (edited)

So, honest players will always be refunded the costs of their L2 validation while dishonest players or vexatious/frivolous challengers will pay the validation costs for other players.

Finally, it’s worth noting that L2 is relatively expensive to run, which makes it a nice penalty. To keep the number of operations within tolerable, albeit expensive, during L2 validation players must individually decrypt, verify, and convert the cards of their best hand. In other words, as a player each one of my best cards must be individually decrypted, cryptographically verified (each valid card becomes a [card index, suit, value] data item), and all valid cards from the previous step are used to generate a hand score. There’s an extra step I’ll be putting into the next version which will also check each card’s lineage — who dealt what to whom, and does that value decrypt correctly? (edited)

Since it’s going to be used to penalize frivolous challengers and cheating players I didn’t really focus much on keeping it cheap. The operations are expensive and it wouldn’t be possible to do an entire L2 validation in a single step. You wouldn’t be able to provide the contract with the necessary amount of gas without hitting the limit (at least not on the Ethereum mainnet). (edited)

So there’s an “index” that’s used instead with L2 as each step is completed. So the game client has to call the L2 validation function 5 times to decrypt each of their best cards, 5 times to validate/convert them, and finally once more to generate the hand score. Every individual call runs close to the Ethereum gas limit now so it’s possible that in the future I might have to split the operations into even smaller increments somehow.

In any event, it’s all pretty costly so you’d want to avoid it unless you’re sure that something with the contract’s data will fail.

That still leaves the problem of someone not cooperating _during_ a game. At that point we need to access the smart contract so that the offending player(s) are either forced to enter correct values or the time out (currently 12 blocks) in which case they lose their buy-in. Without a timeout, though, we now need to fully complete the contract including, potentially, L1 and L2. Either through malice or from an attempt to cheat all players are forced to pay more for the game than they would if everyone had cooperated.

Although there are ways to minimize the costs beyond what I’ve noted in the post, the potential for this to come up exists nonetheless and I don’t currently have a foolproof solution. However, there may be a good stop-gap solution that may also employ smart contracts as trust third-parties.

I’m thinking about setting up another contract that includes simply: player account, up ratings, down ratings

gmixxer

Just catching up thx! :stuck_out_tongue_winking_eye:

vexatious is good

“That still leaves the problem of someone not cooperating _during_ a game”

Now we are still solely referring to a vexatious player right?

And the player enter an initial escrow for the hand, and THEN if there is an L2 challenge they enter another escrow?

patrickb

Players would register themselves with this “Rating” contract, perhaps for a small fee (a small transaction cost is incurred anyway) which would contain a list of known/trusted hand contract addresses. Those contracts would report back to the Rating contract whenever they conclude a hand/game and if a player from the contract exists in the Rating contract their ratings are updated.

An up rating would be incremented by 1 anytime a player finished an uncontested contract – players simply agreed at the beginning and the contract was allowed to pay out uncontested. The up rating would be incremented by 0.5 for any game in which the player finished/validated farthest. If the player timed out the contract, failed to validate as far as possible, or otherwise failed to cooperate, they would register a 1 down rating. So each player would have a completed/incomplete ratio.

It’s slightly pricier than playing unranked but it should provide some good indicators for players

Regarding the “problem of someone not cooperating _during_ a game”, that could happen for many reasons. Maybe we had a temporary power failure. There’s a configurable grace period that the contract will allow so you can reconnect and continue if possible. Re-joining a game is something I still need to implement but it’s 100% doable.

While the player is away someone may believe that they can capitalize — if they call the contract and know that the other player can’t commit any values then they’ll have timed out the contract and lose their buy-in.

gmixxer

“Unfortunately, if someone decides to be a dick by either withholding messages or sending false ones (while retaining correct ones for the contract), then I don’t see much choice except to drop down from “cheap mode” (almost no contract interaction) to “full cost mode” (almost every action is recorded directly to the contract).”

When “dick” sendings false msgs they lose their escrow/deposit eventually right?

patrickb

But the other player has that grace period between actions in which they can still reply, but it must be a valid action at the valid time.

When said dick sends false messages we need to inform the contract that we’re only dealing with it now. Now all players will have to interact with the smart contract.

So the game is still enforced, just more expensively. Hence the player that caused it could be being a dick — just out to make things more expensive for people.

gmixxer

“Players would register themselves with this “Rating” contract, perhaps for a small fee (a small transaction cost is incurred anyway) which would contain a list of known/trusted hand contract addresses. Those contracts would report back to the Rating contract whenever they conclude a hand/game and if a player from the contract exists in the Rating contract their ratings are updated.

An up rating would be incremented by 1 anytime a player finished an uncontested contract – players simply agreed at the beginning and the contract was allowed to pay out uncontested. The up rating would be incremented by 0.5 for any game in which the player finished/validated farthest. If the player timed out the contract, failed to validate as far as possible, or otherwise failed to cooperate, they would register a 1 down rating. So each player would have a completed/incomplete ratio.

It’s slightly pricier than playing unranked but it should provide some good indicators for players”

This, as I understand what you are suggesting, is a separate problem of reputation management, not solvable by cypher poker etc. Have to modulate it out and solve it separately.

“Regarding the “problem of someone not cooperating _during_ a game”, that could happen for many reasons. Maybe we had a temporary power failure”

This can be solved by insurance companies (edited)

patrickb

Exactly. This is just a basic reputation rating and could be farmed out to anyone. What I’m proposing is using the smart contract as a trusted third-party.

gmixxer

yup
ok

patrickb

The rating would necessarily have to be simple, the contract too. If it took me more than a day to cobble together it’s too complicated.

gmixxer

“So the game is still enforced, just more expensively. Hence the player that caused it could be being a dick — just out to make things more expensive for people.”

I need to think if this can be a reasonable attack. Well I mean it can’t because there is no economic incentive

so as long as you can play with nice players

no thats not the right word

like we are thinking that is solved if poker star for example can provide the player FIELDs

ya the game can tolerate polite disonesty

something like that :stuck_out_tongue_winking_eye:

patrickb

So, up ratings are games that you have completed as you should have. Some of those games may have been costlier because someone wasn’t cooperating (or maybe they temporarily got disconnected), but at least the ranking is always positively up-moving. You would receive a down ranking, however if you didn’t complete each contract as specified, or you challenged the contract and everyone validated correctly (since you should be able to calculate that the contract won’t fail so you challenged for no reason).

gmixxer

its secure vs a polite cheater, but not a rude one

patrickb

Right. Sometimes you may actually not be able to continue. Your internet connection goes out — were you trying to cheat? Unfortunately it’ll count against you, but for most honest players the up ratings should _far_ outweigh the down ratings.

gmixxer

coo

amicable cheaters allowed :stuck_out_tongue_winking_eye:

patrickb

A very high up to down ratio indicates that thus far in your ranked career you’ve played most games honestly. You can count up the ratio numbers to get a “lifetime” rating, or total number of hands ranked.

gmixxer

its really interesting, that much of it is solely credible threat, like thats really gonna mess with people, its neat

now can one game that tho? Can’t people just create games to build reps?

patrickb

Cheating still won’t be allowed. I think that if there’s outright cheating detected by the contract (the values I committed, for example), that should count as a 2 down rating. Also keep in mind that I would probably also be penalized by losing my entire buy-in and, if I were being obstinate enough, I’d also lose my validation deposit. (edited)

gmixxer

yes I mean to say an amicable cheater is welcome at the tables

patrickb

No way to prevent cheaters from joining, lots of ways to detect that they’ve cheated 😉

gmixxer

yup, and we take their monies when they do

So there is the possibility that such a rep system could be used to build a block chain, not sure if that is useful at this point (edited)

patrickb

No way to know if a player is being a vexatious player or just someone with bad luck, but those who push the issue are guaranteed to lose their money.

gmixxer

correct

patrickb

Actually, I think that that contract I mentioned is absolutely necessary for version 2.0 (or VERY soon afterward).

I can point the compiled version to that as the default contract — here are all of the existing, CypherPoker-vetted smart contracts available for your discounted play (of course you may also publish your own contracts if you wish), and here’s a list of registered

accounts and their ratings (but you’re free to play with anyone, of course).

gmixxer

yes

and so that signals, as I understand, a modular part, that can be “upgraded” with others offering similar evolved versions of that contract
?

patrickb

Exactly. The contract must be open source and anyone can modify their own, make changes, deploy on any network _freely_ (in any sense of the word).

gmixxer

coo

On the CypherPoker Lounge Contract

patrickb

This is why I broke CypherPoker up into the Lounge and GameEngine components. The Lounge can now take care of connecting to “Lounge” contracts (probably a better name in hindsight), which can point to hand contracts and provide lists/stats of registered players. The game client can very easily switch between Lounge contracts and it would be nice to be able to provide a way to join new ones easily.
If you wanted to run a Lounge contract, for example, you would control which hand contracts are considered kosher (allowed to interact with the Lounge for updating ratings), and you could also publish those hand contracts if you wanted to have full ownership.

gmixxer

ah its so nice, I doubt anyone will consider this aspect better than you

yup okok

patrickb

And you set any fees that may be required for interacting with any pieces you own.

Some hand contracts could be made rentable so they can be shared between Lounges with variable splits of any fees.

And it won’t be hard to get started. I’m including the poker hand contract with the game client and it pretty much takes care of fully deploying it onto any network for you. A Lounge contract would be even easier to deploy, though you may have to update the parameters to your own specifications.

You could offer special features, tournaments, whatever … stuff like that shouldn’t be complicated to code.

gmixxer

yes

patrickb

But the contract would come prepared with basics like sign-up fees, insurance escrow collection at regular intervals, and of course easy registered account look-up.

gmixxer

so i have been, and will continue to canvass new independent/emerging sites like luckychewy pokerplayer how can sort of connect their front end to this back end

patrickb

Players could then enter the address of Lounge contracts to get access to the host’s entire range of offerings :slightly_smiling_face:

gmixxer

kk

patrickb

Yeah, there are investment opportunities.

Contracts can collect minuscule fees per hand. Contract owners can access those fees and with some extra coding those fees can be split in more complex ways (for example, owner gets access to 2/3 and Lounge owner gets 1/3).

I suspect that there may be minor rounding leftovers in certain situations so occasionally contracts will end up with extra value even when they don’t collect fees. It’s good for the contract’s owner to retain some control such as the ability to empty any non-accounted-for funds or destroy the contract altogether.

gmixxer

but anyone can copy a contract right? maybe you are referring to sort of someone that puts a game together?

patrickb

With P2P networking players are able to verify their presence online so the Lounge can be seen as providing the list of players to check for on the P2P the network. Players have full control over how this handled — they can be online and simply not respond (private mode), or they can respond and even flag themselves as being available for a game.

gmixxer

right

ah youve been thinking about this, this is killer stuff people want to know, and im not gonna show/tell them right now :stuck_out_tongue_winking_eye:

patrickb

As part of my “are you there?” messages I would include my own stats (perhaps with all the Lounges I’m registered with), that anyone can easily verify, and can determine up front if they want to play me; how good should my up-to-down rating ratio be, what should the lifetime (number of ratings), be — is this even a reputable Lounge or do I not recognize its ratings?

Lounges would have their own reputations, mediated culturally beyond the blockchain.

gmixxer

k

the video and articles I posted in general, at first they might not seem relevant, but they are going to blow your mind open on how we might solve and evolve this.

its all on proof of stake

and that the solution requires escrow :stuck_out_tongue_winking_eye:

patrickb

The default CypherPoker Lounge would be the one that is accessed through the game software “out-of-the-box”, otherwise players are 100% free to sign-up with and use whatever Lounges they like.

gmixxer

yes, we might evolve it into an immortal immutable block chain or something in between

patrickb

If you strike up a friendship with another player, one of you can publish a private hand contract (no need for a Lounge), and be completely untethered to anything CypherPoker. The game client software can also be anything that’s capable of the P2P communication and Ethereum integration – I’m certain that a Node.js version that plays in the browser (without any plugins) is doable.

Hopefully some _official_ CypherPoker client can always something a little extra that people may be willing to pay for if they’re not satisfied with the free, open-source version. However, it needn’t be the only stream of revenue out of all the moving pieces that make CypherPoker tick.

The design is something I’m keeping very fluid. I’ve decided on a high-performance UI framework named Starling Feathers UI which, on top of being very skinnable, looks and moves very nicely. I’ve put in lots of code to handle as much of the styling from external XML data as possible so a designer can very easily update the config data and reload the game to see the results. Most of the UI is split into widgets which have their own independent functions, and widgets live in sliding panels.

gmixxer

Yes now we (you) might make a base layer, basically the protocols that never really need to change, and then perhaps with the ability to setup different lounges and connect different UI’s

And I think that you could run this layer with a finite amount of stakes.

ok yup thats inline

patrickb

Some of the wireframes are here: http://patrickbay.ca/blog/?p=1253

gmixxer

yup i was just reading that the other day

patrickb

Right. I’m only really making one client Lounge that’s fully skinnable.

There are containers for objects like widgets and they all do their own things in there. Object-Oriented Coding embraced :slightly_smiling_face:

I spent some time writing the translation system that takes the XML and converts it to the appropriate skins for various widget components but it’s as close to freeform as I could get. Anything can be just about anywhere and it’ll organize itself when it needs to :slightly_smiling_face:

gmixxer

So there is a base that doesn’t change much and then a layer that has to provide a team of devs the incentive to continually evolve what would connect the base to different implementations/games/offerings/lounges

patrickb

Now I’m putting together the basic compoments. Have the “Enable Ethereum Integration” button completed and a nice Ethereum account management interface.

gmixxer

ya i’m interested in that but ill really ask about it probably later

the skins and stuff i mean

yes so if you can encapsulate the part that will always need a dev team, that part I think will be controlled by stake.

patrickb

Right, exactly. You don’t need to code (just some basic XML knowledge), to make your own fully custom skins. And everything’s open-source so you can create your own widgets that perform some useful function for the CypherPoker console.

gmixxer

yup ok

was hoping you were thinking that but we never discussed

ill have lots of questions about it

not necessarily right now :stuck_out_tongue_winking_eye:

patrickb

I’m thinking ahead. I want to put as few roadblocks in front of people to make this their own in whatever capacity they want.

gmixxer

so you have patrick bay’s cypher poker, which can be an infrastructure to take the whole server model industry to be serverless

patrickb

I’m _trying_ to think ahead :stuck_out_tongue:

gmixxer

yes i trust you to do that, which is why i am here :slightly_smiling_face:

i know you are, ive known it for a long time :slightly_smiling_face:

so if we understand cypher poker to eventually evolve for the whole industry to move to, then we encapsulate that with a finiteness and that offer it as stake.

patrickb

It’s still somewhat server based except that the servers are contract based and will reward you for either not bothering them or for notifying them of genuine problems.

gmixxer

the PROPER balance of owners, investors, devs etc. will produce a nice product

yes but it solves some problems that equate to massive cost savings

security problems = cost etc.

For the players it breaks a monopoly and payment processing restrictions which has killed the games

patrickb

Well, this model can be worked out over time. If a Lounge fails it’s not expensive to start a one, and even though they’re quite costly to put on the blockchain the poker hand and validator contracts are a one-time cost and still reasonably priced for most people.

gmixxer

and in that sense the problems come because the servers reside in places such that

there is massive regulation compliance costs etc

well with the industry working off of one core, the costs are combated cooperatively

patrickb

If I had to put a dollar amount on it, I believe you could start your own Lounge with its own hand and validator for between CDN$2 to $3

gmixxer

haha

patrickb

The hand and validator contracts would be the more expensive components. If you got an agreement with other contract owners you could just publish a Lounge for under CDN$1. (edited)

gmixxer

So is it too far of a stretch for me to suggest, you have some boundary that is the core, like a globe, and that can have a finite amount of “space” and so “new poker stars” and “new fulltilt” and “cypher poker” and “gmixxer poker” can each have stake in it?

patrickb

Yes, everyone can openly compete. Well, “openly” as much as cryptocurrency accounts will provide :slightly_smiling_face:

gmixxer

yes

patrickb

Nothing to stop people from doing something similar but incompatible with the CypherPoker protocols too.

gmixxer

same with bitcoin 😉

patrickb

I think it would be a massive shift. Plus I’ve already tested Tor integration with that slot game I produced so we can mix in some good anonymity. This should help to mix that free market stew a little :slightly_smiling_face:

gmixxer

If we can be allowed to view it that way, and you check out that video and those articles on Pos, they are suggesting that its most transmutable to cartel and cooperativce game theory

yes I agree

thats sick

so we are imagining a few “big players” pick up this project as the core of their operations. We sort of NEED a cartel to arise to secure the proof of stake

patrickb

Bitcoin is as good as done. Early after v2.0 I’ll work on a widget that will convert between the various cryptocurrencies, at least Bitcoin, so that will provide a good on-ramp.

gmixxer

but its safe because the players can just fork the project if the cartel destroys the games

ya bitcoin is fine

other business will auto-convert instantly :stuck_out_tongue_winking_eye:

So in other words we can frame this in a way that is compatible with emerging theory from Vitalik and crew. Dunno if you know “casper” I don’t really but its relevant and discussed in the article.

patrickb

Exactly. And there needn’t be cartels, and they can be easily bypassed. If, for example, I play with some very trusted people and we just need an electronic card deck to play one night (we just need a way to detect if someone cheated at the end), CypherPoker solo would do fine because it’s fast, provable, and it can work on a private network. The dealer punches in the fiat buy-in that everyone tossed in the hat, no physical chips needed. In the end we paid 0 fees for the game but still had excellent assurance that everyone played fairly.

gmixxer

yes

patrickb

If I only use CypherPoker in such a hyper-local way then why pay any fees for Lounge or on-blockchain hand/validator contracts?

gmixxer

amicable cheaters welcome: aka friends

right

patrickb

It would also be possible to play on a private blockchain if we wanted a little more cryptographic certainty.

Finally, we can also use the Ethereum testnet (Ropsten), either for free or for *much much* cheaper than the Ethereum mainnet, although that’s still not as secure as the full mainnet.

Just because the number of mining nodes is fairly small there.

(in the testnet)

gmixxer

Well we might introduce one, I have another friend that has ideas for a community/site with a strong algorithm similar to “steemit” and they have their own block chain for that reason.

And for example you might want some of the hand histories to be immortal and immutable so that you can analyze the history of the game with ultra confidence

oh

also!

patrickb

So we pay for our security, all the way up to a full-cost, on-the-Ethereum-blockchain hand.

But once we start interacting with Ethereum we need to come armed with a bit of extra cash since we may have to pay our way through to the end, which may include validation costs & deposit.

 

On Randomness

gmixxer

lets say this works and incentivizes really good game theory and players. With each player providing their own randomness, and the security protected by competition, IF we assume that all players are fighting to win (and therefore protecting their random sources), then the flops generated are the high random source we have available…no? :slightly_smiling_face:

yes

but that can also be provided by insurance companies

and so if you never defect and the insurance companies pick honest players then the cost is low

patrickb

I believe that yes, they could work as good source of entropy. That could be a microservice provided by some other contract that’s able to access hands.

gmixxer

yes my conjecture is that this provides EFFECTIVELY the best source. Sort of that you have to corrupt the whole “industry” to attack that source and if we do our job the system won’t be gameable in that way

patrickb

The entropy source for CypherPoker is pretty good and I’ve tried to add a few others for good measure but if you wanted to use a solid random generator contract, why not?

gmixxer

we as in YOU but I am already thinking about a team of who can bring this to life

patrickb

The randomness is needed primarily at the beginning when keys and other cryptographic values are being generated.

gmixxer

entropy meaning, each players shuffle right?

patrickb

entropy as in randomness

gmixxer

I mean that in a game with honest smart secure players…their flops will be random

patrickb

Can be used for a shuffle, yes.

gmixxer

you can use their flops as seed for randomness, maybe, if i understand right

patrickb

Also used to generate encryption/decryption keys and also the initial shared modulus value.

gmixxer

im saying you can’t corrupt the flops in these games cause players in competition won’t allow it

patrickb

Yes, you could use it that way but if everyone knows where the seed is coming from, and how it’s used, you might run into problems :slightly_smiling_face:

gmixxer

are you saying because its public its bad, or because you could then corrupt the players and therefore corrupt the seed?

patrickb

Unless this was designed correctly, a flaw in such generator would allow anyone to have a completely unobstructed view of all encrypted values in the game — which includes your private/hole cards. It’s not something I’m planning to explore any time soon :slightly_smiling_face: (edited)

For example, consider a hashing function like SHA256…

The entire proof-of-work system is based around how a value, when hashed, will produce a specific value. In Bitcoin I believe that this output must start with a certain number of 0s. (edited)

gmixxer

yup

patrickb

So if we don’t know the seed, the input, it makes a pretty good number number generator. Technically we should be saying pseudo-random number generator because that “randomness” can easily be repeated if we know the input.

gmixxer

right now a flop is like a multi sig generated random number.

patrickb

So if we know the input to even the best hashing function on earth we know how it’s related to the output. If I know which card value from which hand is being put into the “random” number generator then I know the output because I can run exactly the same calculation. This is especially true on a public blockchain like Ethereum.

Who would do the signing?

gmixxer

well each play shuffles the deck right?

patrickb

Yes, correct.

But that order can be determined in the final analysis.

In other words, at the end you can see that the Ace appeared as card #23 in my shuffled deck, for example, while it appeared as card #50 in your shuffled deck output. No one will know this while the game is active but anyone looking at the contract at the end of the game will see this.

I’ve already written some analysis tools that run in Node.js so there are many ways to independently get this information.

The game client also runs an analysis.

gmixxer

You are saying you can reverse engineer SOME information?

patrickb

So you know which cards are where and at which point.

gmixxer

but then the players can change their input

patrickb

Yes, they can reverse engineer all of the information. That’s the whole point — the game is provable or, to put it another way, there’s a way to “unwind” everything that happened during the game (and as you’re doing this you can detect problems).

gmixxer

right but not their input seeds?

patrickb

If all of this information is public and I know that it’s the source to your random generator, I simply copy the contract and run it locally to make it faster, then feed it those card values so that I have a peek into anything being generated by the live contract.

If you don’t know what the contract’s input seed is, then you’ve got a good setup. You still need a good hash function but otherwise it’s possible.

But if I can read it then I can grab a sample of values that you may have used (since this is your randomness source), and pre-calculate some possible outputs. It would only take

me seconds to successfully break your encryption and see your private/hole cards.

I would: take the input card from an existing contract, hash it, produce an output, decrypt a private card I know only has your encryption applied, and try to match it to a plaintext card. If I’ve successfully done that for both cards then I’m extremely confident that I have your keys. At my leisure I can then run decryptions on other cards and see if they match expected results.

gmixxer

ok if me and you make a bet based on a random outcome thought we can use a flop…maybe that’s not useful

patrickb

So using a known entropy source like cards from existing and publicly-accessible contracts just won’t work.

gmixxer

right

patrickb

The problem of where to get your randomness is as old as cryptography itself :slightly_smiling_face: (edited)

gmixxer

yes szabo has some amazing stuff on it too and ill dig it up

patrickb

However, there are some excellent sources if you want to be extra paranoid. Stuff like this: http://www.idquantique.com/random-number-generation/quantis-random-number-generator/

or maybe this :slightly_smiling_face: : http://physicsworld.com/cws/article/news/2014/may/16/how-to-make-a-quantum-random-number-generator-from-a-mobile-phone
IDQ
Quantis TRNG (True Random Number Generator)
Quantis TRNG is a physical random number generator (RNG) exploiting quantum optics. It is available in USB, PCI and PCI Express versions.
physicsworld.com
How to make a quantum random-number generator from a mobile phone – physicsworld.com
Cheap, high-quality cameras could improve cryptography

There could be a CypherPoker “accessory pack” under some people’s trees for Christmas :stuck_out_tongue:

gmixxer

http://unenumerated.blogspot.ca/2006/03/shared-key-generation-using-quasars.html#links

http://szabo.best.vwh.net/perfect_compression.html

http://szabo.best.vwh.net/statistics.html

links are broken for me

last two i mean

ya cool

So you will REALLY wanna catch up on those articles or video (ideally both) I think and it will get you thinking on how to structure the whole of this.

because once you introduce stake with the competition of sites, then its completely comparable to what they are working on and I think that will get a lot of people excited

patrickb

I know that when I run the full setup my machine really revs up. Faster hardware would definitely be a plus when playing. If your rig is powerful enough you can even mine while playing — contributing both to the security of Ethereum and also your own bottom line.

gmixxer

ya thats special :slightly_smiling_face: I suggests sort of some poker specific hardware which is fine, as long as you have “pros” which means the games need to be profitable which they will be.

but you also have bot farms that could arise.

Now I have a proposed solution of a botnet that is a randomized player field (zoom poker)…

and an equillbrium is created that allows the bots to offer private games on the side that are effectively bot free

its a long way of saying that such hardware will be used to secure ethereum rather than collude the game

(and therefore secure cypher poker)

with proper checks and security its more profitable to secure the network than it is to infiltrate the industry with bots hardware/software to profit from the players.

gmixxer

I’m gonna save much of this dialogue onto my blog and maybe clean it up especially so I can show it to my friend.

He will be quite interested because he has a model for a site/governance that could be the crux of the implementation of cypherpoker.

I won’t advertise all this too much by there is some nice stuff I can send to some emerging indepent sites/owners and they can pass it to their devs…

the idea is to get a couple reputable projects working off of this. phil galfond, if you know of him, announced he would release a site in Q1. This back-end would save an immense hassle, eliminating a barrier he probably can’t otherwise surpass

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s