Public remote RNG server service on the net - TCP-IP

This is a discussion on Public remote RNG server service on the net - TCP-IP ; Is there any public remote RNG server running on the Internet? By this I mean a public service similar to the Network Time Protocol (NTP). It should generate for example 50 random numbers in the range 0 to 255 in ...

+ Reply to Thread
Results 1 to 19 of 19

Thread: Public remote RNG server service on the net

  1. Public remote RNG server service on the net

    Is there any public remote RNG server running on the Internet?
    By this I mean a public service similar to the Network Time Protocol (NTP).

    It should generate for example 50 random numbers in the
    range 0 to 255 in string format in intervalls of a minute,
    and together with a timestamp make this record (ie. a line)
    publicly available. There should also be an open API for
    retrieving the RNG record for the specified datetime key.

    Such an independent public RNG service would be useful for
    online game operators and players; ie. for lotto, roulette and
    other chance games, but also for researchers.

    All the generated RNG records should also be archived and
    put online for manual downloading (for statistical tests etc.)

    The current situation of for example how the Keno lotto numbers
    are generated is not much trustworthy since it is in the hands of
    the Keno-organizers themselves. And there is a big mistrust
    by the players in this method, and there have also been some
    scandals because the game organizers know what the players
    have played and it is easy to generate numbers which would
    pay out the least prizes...

    So there is a public need for one or more trustworthy,
    independent and open public RNG servers around the globe
    for the benefit of everybody in the industry.


  2. Re: Public remote RNG server service on the net

    On Jul 1, 1:49 pm, "Adem24" wrote:
    > Is there any public remote RNG server running on the Internet?
    > By this I mean a public service similar to the Network Time Protocol (NTP).
    >
    > It should generate for example 50 random numbers in the
    > range 0 to 255 in string format in intervalls of a minute,
    > and together with a timestamp make this record (ie. a line)
    > publicly available. There should also be an open API for
    > retrieving the RNG record for the specified datetime key.
    >
    > Such an independent public RNG service would be useful for
    > online game operators and players; ie. for lotto, roulette and
    > other chance games, but also for researchers.
    >
    > All the generated RNG records should also be archived and
    > put online for manual downloading (for statistical tests etc.)
    >
    > The current situation of for example how the Keno lotto numbers
    > are generated is not much trustworthy since it is in the hands of
    > the Keno-organizers themselves. And there is a big mistrust
    > by the players in this method, and there have also been some
    > scandals because the game organizers know what the players
    > have played and it is easy to generate numbers which would
    > pay out the least prizes...
    >
    > So there is a public need for one or more trustworthy,
    > independent and open public RNG servers around the globe
    > for the benefit of everybody in the industry.



    What industry? And: then why doesn't whatever that
    industry setup such a server? And finally: what
    relation does any of this have with the subject
    matter of sci.math?

    -- m

  3. Re: Public remote RNG server service on the net

    may be this is a math problem ...
    "Mariano Suárez-Alvarez"
    ??????:69c18679-8fce-4ddc-9983-2974a07da90a@k37g2000hsf.googlegroups.com...
    > On Jul 1, 1:49 pm, "Adem24" wrote:
    >> Is there any public remote RNG server running on the Internet?
    >> By this I mean a public service similar to the Network Time Protocol
    >> (NTP).
    >>
    >> It should generate for example 50 random numbers in the
    >> range 0 to 255 in string format in intervalls of a minute,
    >> and together with a timestamp make this record (ie. a line)
    >> publicly available. There should also be an open API for
    >> retrieving the RNG record for the specified datetime key.
    >>
    >> Such an independent public RNG service would be useful for
    >> online game operators and players; ie. for lotto, roulette and
    >> other chance games, but also for researchers.
    >>
    >> All the generated RNG records should also be archived and
    >> put online for manual downloading (for statistical tests etc.)
    >>
    >> The current situation of for example how the Keno lotto numbers
    >> are generated is not much trustworthy since it is in the hands of
    >> the Keno-organizers themselves. And there is a big mistrust
    >> by the players in this method, and there have also been some
    >> scandals because the game organizers know what the players
    >> have played and it is easy to generate numbers which would
    >> pay out the least prizes...
    >>
    >> So there is a public need for one or more trustworthy,
    >> independent and open public RNG servers around the globe
    >> for the benefit of everybody in the industry.

    >
    >
    > What industry? And: then why doesn't whatever that
    > industry setup such a server? And finally: what
    > relation does any of this have with the subject
    > matter of sci.math?
    >
    > -- m




  4. Re: Public remote RNG server service on the net

    In article ,
    Adem24 wrote:
    >Is there any public remote RNG server running on the Internet?


    Google is your friend. http://www.google.com/search?q=random+number
    pointed me to http://www.random.org/


    >By this I mean a public service similar to the Network Time Protocol (NTP).


    Given an error tolerance, there is only one NTP timestamp an any
    instant, but gazillions of random numbers are needed for many of
    the common definitions of "random number."
    Many of those definitions require that the numbers be secret.


    >It should generate for example 50 random numbers in the
    >range 0 to 255 in string format in intervalls of a minute,
    >and together with a timestamp make this record (ie. a line)
    >publicly available. There should also be an open API for
    >retrieving the RNG record for the specified datetime key.
    >
    >Such an independent public RNG service would be useful for
    >online game operators and players; ie. for lotto, roulette and
    >other chance games, but also for researchers.


    50*8 or 400 random bits/minute are very, very few.


    >All the generated RNG records should also be archived and
    >put online for manual downloading (for statistical tests etc.)
    >
    >The current situation of for example how the Keno lotto numbers
    >are generated is not much trustworthy since it is in the hands of
    >the Keno-organizers themselves. And there is a big mistrust
    >by the players in this method, and there have also been some
    >scandals because the game organizers know what the players
    >have played and it is easy to generate numbers which would
    >pay out the least prizes...


    What would keep your adversaries from bribing or otherwise subverting
    this new source of random numbers? Would it be profitable for me
    to convince the new operators to delay their offical output by an
    hour but give me a real time feed?

    At 400 bits/minute, this new random number source sounds too slow to
    be useful for most uses. It could not be used for any of the low bit
    rate random needs I can think of, such as generating passwords, because
    it would not be secret. So if it would be useful for gambling, it
    sounds unlikely to be useful for much else. Might the operators get
    in trouble with the U.S. government for being a party to running a
    gambling operation?


    >So there is a public need for one or more trustworthy,
    >independent and open public RNG servers around the globe
    >for the benefit of everybody in the industry.


    At 400 bits/minute and given what I understand of your needs, I think
    you would be better served by finding an algorithm that yields unpredictable
    numbers that anyone could compute. I think that's how illegal "numbers
    games" or "policy rackets" work
    http://www.google.com/search?q=%22policy+rackets%22
    http://en.wikipedia.org/wiki/Numbers_game says
    Rigging games to cheat players, and drive competitors out of business,
    led to the use of the last three numbers in the published daily
    balance of the United States Treasury.
    Perhaps every 30 seconds you could compute something like a 128-bit
    checksum of the trades during those 30 seconds of the stocks in Dow
    Jones Industrial average.
    Or a hash of some other constant stream of data such as weather radar GIFs
    http://www.goes.noaa.gov/ECIR4.html


    Vernon Schryver vjs@rhyolite.com

  5. Re: Public remote RNG server service on the net

    "Vernon Schryver" wrote:
    > Adem24 wrote:
    > >
    > >Is there any public remote RNG server running on the Internet?

    >
    > Google is your friend. http://www.google.com/search?q=random+number
    > pointed me to http://www.random.org/


    Thanks.

    > >By this I mean a public service similar to the Network Time Protocol (NTP).

    >
    > Given an error tolerance, there is only one NTP timestamp an any
    > instant, but gazillions of random numbers are needed for many of
    > the common definitions of "random number."
    > Many of those definitions require that the numbers be secret.


    No, I was meaning public random numbers
    for public random events, like lotto draws.
    The shortest intervall I know of where lotto draws are conducted
    is 4 minutes; it is a Keno game where 20 random numbers
    from 1 to 80 are used.
    So, a public RNG service which generates 50 numbers per minute
    is more than sufficient for such public events.

    > >It should generate for example 50 random numbers in the
    > >range 0 to 255 in string format in intervalls of a minute,
    > >and together with a timestamp make this record (ie. a line)
    > >publicly available. There should also be an open API for
    > >retrieving the RNG record for the specified datetime key.
    > >
    > >Such an independent public RNG service would be useful for
    > >online game operators and players; ie. for lotto, roulette and
    > >other chance games, but also for researchers.

    >
    > 50*8 or 400 random bits/minute are very, very few.


    It is more than enough, see above.

    > >All the generated RNG records should also be archived and
    > >put online for manual downloading (for statistical tests etc.)
    > >
    > >The current situation of for example how the Keno lotto numbers
    > >are generated is not much trustworthy since it is in the hands of
    > >the Keno-organizers themselves. And there is a big mistrust
    > >by the players in this method, and there have also been some
    > >scandals because the game organizers know what the players
    > >have played and it is easy to generate numbers which would
    > >pay out the least prizes...

    >
    > What would keep your adversaries from bribing or otherwise subverting
    > this new source of random numbers? Would it be profitable for me
    > to convince the new operators to delay their offical output by an
    > hour but give me a real time feed?


    No, it wouldn't work because the public must know that
    the numbers drawn in the game are coming from a published
    record of the public RNG server belonging to a predetermined
    fixed timestamp.
    So when the draw is made official then the same numbers
    must already be present at the public RNG server...
    The game operator must make public which records (timestamp)
    it is going to use from the RNG server, and also the algorithm
    for choosing the draw numbers from that particular random numbers set.
    Ie. if in that game no duplicates can occur then they must apply
    an algorithm for picking n unique numbers from that single record.

    Ie. what is needed is an official RNG site who generates official
    sets of random numbers (together with a timestamp) and makes
    them publicly available for control by everybody.
    The game operators make public which set (ie. timestamp key)
    they are going to use for picking their own numbers from that,
    and the algorithm they use. By this method everyting is transparent
    and verifyable by everyone.
    That's the best and trustworthy method one can think of I would say.
    To make it even more stronger one can even use several such servers...

    For example in a lotto 6/49 game the draws are conducted say at 19:00 o'clock.
    At 19:00:15 or so it would get the 19:00:00 timestamped record
    from the RNG server (ie. a set of say 50 random numbers) and
    take say the first 3 numbers from that server, and from another
    server the remaining 3 numbers.
    In case of duplicates one would take the next number from
    the same record of that server...
    And the public can verify the official draw numbers against the
    published records at the official RNG server site...


    > At 400 bits/minute, this new random number source sounds too slow to
    > be useful for most uses. It could not be used for any of the low bit
    > rate random needs I can think of, such as generating passwords, because
    > it would not be secret. So if it would be useful for gambling, it
    > sounds unlikely to be useful for much else. Might the operators get
    > in trouble with the U.S. government for being a party to running a
    > gambling operation?
    >
    > >So there is a public need for one or more trustworthy,
    > >independent and open public RNG servers around the globe
    > >for the benefit of everybody in the industry.

    >
    > At 400 bits/minute and given what I understand of your needs, I think
    > you would be better served by finding an algorithm that yields unpredictable
    > numbers that anyone could compute. I think that's how illegal "numbers
    > games" or "policy rackets" work
    > http://www.google.com/search?q=%22policy+rackets%22
    > http://en.wikipedia.org/wiki/Numbers_game says
    > Rigging games to cheat players, and drive competitors out of business,
    > led to the use of the last three numbers in the published daily
    > balance of the United States Treasury.
    > Perhaps every 30 seconds you could compute something like a 128-bit
    > checksum of the trades during those 30 seconds of the stocks in Dow
    > Jones Industrial average.
    > Or a hash of some other constant stream of data such as weather radar GIFs
    > http://www.goes.noaa.gov/ECIR4.html



  6. Re: Public remote RNG server service on the net

    In article ,
    Adem24 wrote:

    >> What would keep your adversaries from bribing or otherwise subverting
    >> this new source of random numbers? Would it be profitable for me
    >> to convince the new operators to delay their offical output by an
    >> hour but give me a real time feed?

    >
    >No, it wouldn't work because the public must know that
    >the numbers drawn in the game are coming from a published
    >record of the public RNG server belonging to a predetermined
    >fixed timestamp.
    >So when the draw is made official then the same numbers
    >must already be present at the public RNG server...


    That ignores my point. What keeps the people running the random
    number generator from arranging the machinery so that they know the
    numbers before they are timestamped, recorded, and announced? Simply
    announcing "The people running the Acme Random Number Generator are
    honest and have nothing to do with the people running the AAA Keno
    Game" does not make it so.

    The only way to make a secure system is to assume that anyone and
    everyone will try to cheat and conspire to try to cheat. Only when
    there is nothing that anyone or any group can do to cheat can your
    gambling system be honest.


    >Ie. what is needed is an official RNG site who generates official
    >sets of random numbers (together with a timestamp) and makes
    >them publicly available for control by everybody.
    >The game operators make public which set (ie. timestamp key)
    >they are going to use for picking their own numbers from that,
    >and the algorithm they use. By this method everyting is transparent
    >and verifyable by everyone.
    >That's the best and trustworthy method one can think of I would say.
    >To make it even more stronger one can even use several such servers...


    You clearly do not know enough about "random numbers" and "security"
    in general to have that or any other relevant opinion. What's worse,
    you evidently think that someone's declaration of "official site" is
    tantamout to "incorruptible."

    Instead you must think about how you would subvert and break any and
    every proposed solution as if you were a bad guy. When you can't find
    any holes in your idea, you must get other people to look for holes.
    Only when no one can find any holes can you hope that your proof of
    security is not obviously wrong and not based on false assumptions that
    your adversaries are likely to find.



    >For example in a lotto 6/49 game the draws are conducted say at 19:00 o'clock.
    >At 19:00:15 or so it would get the 19:00:00 timestamped record
    >from the RNG server (ie. a set of say 50 random numbers) and
    >take say the first 3 numbers from that server, and from another
    >server the remaining 3 numbers.


    Again, what keeps the people who run the random number generator from
    generating the numbers for the 19:00:00 record at 18:45:00?
    Do you think there is something magic about random number generators
    that ensures that a timestamp of 19:00:00 proves that the numbers
    were not generated at 18:45:00? If so, you're wrong.

    You need to read and understand something about classic "numbers games"
    or "policy rackets," because those problems are quite similar to your
    problem. You evidently did not bother to read and understand these web
    pages or even the quote from the second:

    >> http://www.google.com/search?q=%22policy+rackets%22


    >> http://en.wikipedia.org/wiki/Numbers_game says
    >> Rigging games to cheat players, and drive competitors out of business,
    >> led to the use of the last three numbers in the published daily
    >> balance of the United States Treasury.



    >> Perhaps every 30 seconds you could compute something like a 128-bit
    >> checksum of the trades during those 30 seconds of the stocks in Dow
    >> Jones Industrial average.
    >> Or a hash of some other constant stream of data such as weather radar GIFs
    >> http://www.goes.noaa.gov/ECIR4.html



    Vernon Schryver vjs@rhyolite.com

  7. Re: Public remote RNG server service on the net

    Adem24 wrote:
    > Is there any public remote RNG server running on the Internet?
    > By this I mean a public service similar to the Network Time Protocol (NTP).


    The problems in offering such a service are that:

    - providing large volumes of truly random data requires special hardware;

    - the most common use of truly random data is for cryptographic
    purposes, for which one doesn't want them transmitted from an external
    source;

    - you need to trust the source of truly random numbers, which would be
    very difficult for a free service.

    (Small volume production relies on putting together lots of semi-random
    processes and extracting a small amount of randomness for each. This
    assumes that most of what the machine is doing is not to do with random
    numbers.)

  8. Re: Public remote RNG server service on the net

    "Vernon Schryver" wrote:
    > Adem24 wrote:
    >
    > >> What would keep your adversaries from bribing or otherwise subverting
    > >> this new source of random numbers? Would it be profitable for me
    > >> to convince the new operators to delay their offical output by an
    > >> hour but give me a real time feed?

    > >
    > >No, it wouldn't work because the public must know that
    > >the numbers drawn in the game are coming from a published
    > >record of the public RNG server belonging to a predetermined
    > >fixed timestamp.
    > >So when the draw is made official then the same numbers
    > >must already be present at the public RNG server...

    >
    > That ignores my point. What keeps the people running the random
    > number generator from arranging the machinery so that they know the
    > numbers before they are timestamped, recorded, and announced? Simply
    > announcing "The people running the Acme Random Number Generator are
    > honest and have nothing to do with the people running the AAA Keno
    > Game" does not make it so.
    >
    > The only way to make a secure system is to assume that anyone and
    > everyone will try to cheat and conspire to try to cheat. Only when
    > there is nothing that anyone or any group can do to cheat can your
    > gambling system be honest.
    >
    >
    > >Ie. what is needed is an official RNG site who generates official
    > >sets of random numbers (together with a timestamp) and makes
    > >them publicly available for control by everybody.
    > >The game operators make public which set (ie. timestamp key)
    > >they are going to use for picking their own numbers from that,
    > >and the algorithm they use. By this method everyting is transparent
    > >and verifyable by everyone.
    > >That's the best and trustworthy method one can think of I would say.
    > >To make it even more stronger one can even use several such servers...

    >
    > You clearly do not know enough about "random numbers" and "security"
    > in general to have that or any other relevant opinion. What's worse,
    > you evidently think that someone's declaration of "official site" is
    > tantamout to "incorruptible."
    >
    > Instead you must think about how you would subvert and break any and
    > every proposed solution as if you were a bad guy. When you can't find
    > any holes in your idea, you must get other people to look for holes.
    > Only when no one can find any holes can you hope that your proof of
    > security is not obviously wrong and not based on false assumptions that
    > your adversaries are likely to find.
    >
    >
    > >For example in a lotto 6/49 game the draws are conducted say at 19:00 o'clock.
    > >At 19:00:15 or so it would get the 19:00:00 timestamped record
    > >from the RNG server (ie. a set of say 50 random numbers) and
    > >take say the first 3 numbers from that server, and from another
    > >server the remaining 3 numbers.

    >
    > Again, what keeps the people who run the random number generator from
    > generating the numbers for the 19:00:00 record at 18:45:00?
    > Do you think there is something magic about random number generators
    > that ensures that a timestamp of 19:00:00 proves that the numbers
    > were not generated at 18:45:00? If so, you're wrong.


    Ok, I see your point. Then the consequence seems to be:

    1) Use timely generated and published public data
    like stock prices or stock indices, or satellite photos etc.,
    and publish the algorithm so everybody can verify.

    2) Use a classic mechanical drawing method with numbered balls etc.
    that is transmitted live on TV.


    Another problem, besides computer generated draws
    with such lotto games is that nobody can verify how much
    the ticket sales really have been. This is important to know because
    the winner's prizes in such lotto games are usually determined
    parimutuel, ie. from the "pot" of sales, and this is known by
    the organizer alone...
    The more I think about lotto the more sources for possible
    manipulations and fraud by the organizer I see...


  9. Re: Public remote RNG server service on the net

    In article ,
    Adem24 wrote:

    >Ok, I see your point. Then the consequence seems to be:
    >
    > 1) Use timely generated and published public data
    > like stock prices or stock indices, or satellite photos etc.,
    > and publish the algorithm so everybody can verify.


    yes.


    > 2) Use a classic mechanical drawing method with numbered balls etc.
    > that is transmitted live on TV.


    No. That sort of thing is vulnerable to cheating.

    How do you know that the numbered balls have the same weight and
    so are equally likely to be chosen?

    I think I recall reports that over the years the results of some of
    those drawings were found to be other than uniformly distributed.
    However, the official odds for the stupid suckers in such games are so
    bad that whether the games are straight or crooked is irrelevant.

    Even if the machinery is honest, how do you know that the TV program
    is live instead of delayed? Yes, I understand there is supposed to
    be a live studio audience. See the old movie "The Sting" for why that's
    not very comforting. Besides, even if you somehow verify the audience
    is present for the drawing that is telecast and not in cahoots with the
    bad guys, how do you know they can tell time? People dumb enough to
    care about games with odds as bad as the state lotteries ought to be
    treated as legally incompetent and unable to testify about anything.

    >Another problem, besides computer generated draws
    >with such lotto games is that nobody can verify how much
    >the ticket sales really have been. This is important to know because
    >the winner's prizes in such lotto games are usually determined
    >parimutuel, ie. from the "pot" of sales, and this is known by
    >the organizer alone...


    that too,
    but the main cheating in such lotteries is the cut taken by the
    house before the drawing. There's no need to cheat when you get
    to keep 30% or more of every pot for "expenses" and "the kids."
    --


    Vernon Schryver vjs@rhyolite.com

  10. Re: Public remote RNG server service on the net

    On Jul 1, 9:49*am, "Adem24" wrote:

    > It should generate for example 50 random numbers in the
    > range 0 to 255 in string format in intervalls of a minute,
    > and together with a timestamp make this record (ie. a line)
    > publicly available. There should also be an open API for
    > retrieving the RNG record for the specified datetime key.


    > Such an independent public RNG service would be useful for
    > online game operators and players; ie. for lotto, roulette and
    > other chance games, but also for researchers.


    Actually, no, it would be useless for that purpose.

    > The current situation of for example how the Keno lotto numbers
    > are generated is not much trustworthy since it is in the hands of
    > the Keno-organizers themselves. And there is a big mistrust
    > by the players in this method, and there have also been some
    > scandals because the game organizers know what the players
    > have played and it is easy to generate numbers which would
    > pay out the least prizes...


    There are documented and well-understood ways to prevent that, and
    this is not one of them.

    > So there is a public need for one or more trustworthy,
    > independent and open public RNG servers around the globe
    > for the benefit of everybody in the industry.


    This is trivial to do correctly, so why do it incorrectly?

    For example, a keno operator could use the following trivial
    mechanism:

    1) Publish an algorithm for generating keno numbers using a 160-bit
    random seed.

    2) Generate a random 160-bit seed and publish its SHA1 hash before the
    game begins.

    3) Use this seed the generate the random numbers used in the game.

    4) After the game, publish the seed.

    This actually solves the problem. Clients can verify that the SHA1
    hash of the seed published in step 4 matches the hash published in
    step 2.

    DS

  11. Re: Public remote RNG server service on the net

    On Jul 1, 4:51*pm, "Adem24" wrote:
    > "Vernon Schryver" wrote:
    > > Adem24 *wrote:

    >
    > > >> What would keep your adversaries from bribing or otherwise subverting
    > > >> this new source of random numbers? *Would it be profitable for me
    > > >> to convince the new operators to delay their offical output by an
    > > >> hour but give me a real time feed?

    >
    > > >No, it wouldn't work because the public must know that
    > > >the numbers drawn in the game are coming from a published
    > > >record of the public RNG server belonging to a predetermined
    > > >fixed timestamp.
    > > >So when the draw is made official then the same numbers
    > > >must already be present at the public RNG server...

    >
    > > That ignores my point. *What keeps the people running the random
    > > number generator from arranging the machinery so that they know the
    > > numbers before they are timestamped, recorded, and announced? *Simply
    > > announcing "The people running the Acme Random Number Generator are
    > > honest and have nothing to do with the people running the AAA Keno
    > > Game" does not make it so.

    >
    > > The only way to make a secure system is to assume that anyone and
    > > everyone will try to cheat and conspire to try to cheat. *Only when
    > > there is nothing that anyone or any group can do to cheat can your
    > > gambling system be honest.

    >
    > > >Ie. what is needed is an official RNG site who generates official
    > > >sets of random numbers (together with a timestamp) and makes
    > > >them publicly available for control by everybody.
    > > >The game operators make public which set (ie. timestamp key)
    > > >they are going to use for picking their own numbers from that,
    > > >and the algorithm they use. By this method everyting is transparent
    > > >and verifyable by everyone.
    > > >That's the best and trustworthy method one can think of I would say.
    > > >To make it even more stronger one can even use several such servers...

    >
    > > You clearly do not know enough about "random numbers" and "security"
    > > in general to have that or any other relevant opinion. *What's worse,
    > > you evidently think that someone's declaration of "official site" is
    > > tantamout to "incorruptible." *

    >
    > > Instead you must think about how you would subvert and break any and
    > > every proposed solution as if you were a bad guy. *When you can't find
    > > any holes in your idea, you must get other people to look for holes.
    > > Only when no one can find any holes can you hope that your proof of
    > > security is not obviously wrong and not based on false assumptions that
    > > your adversaries are likely to find.

    >
    > > >For example in a lotto 6/49 game the draws are conducted say at 19:00 o'clock.
    > > >At 19:00:15 or so it would get the 19:00:00 timestamped record
    > > >from the RNG server (ie. a set of say 50 random numbers) and
    > > >take say the first 3 numbers from that server, and from another
    > > >server the remaining 3 numbers.

    >
    > > Again, what keeps the people who run the random number generator from
    > > generating the numbers for the 19:00:00 record at 18:45:00?
    > > Do you think there is something magic about random number generators
    > > that ensures that a timestamp of 19:00:00 proves that the numbers
    > > were not generated at 18:45:00? *If so, you're wrong.

    >
    > Ok, I see your point. Then the consequence seems to be:
    >
    > *1) Use timely generated and published public data
    > * * like stock prices or stock indices, or satellite photos etc.,
    > * * and publish the algorithm so everybody can verify.
    >
    > *2) Use a classic mechanical drawing method with numbered balls etc.
    > * * that is transmitted live on TV.


    Why are you creating ****amamie solutions to a simple problem that's
    trivially solvable with real solutions? It's really this simple:

    1) Before the event, publish a public key. Also publish the chosen
    numbers encrypted with the public key.

    2) After the event, publish the private key.

    This way, everyone knows that the results were determined before their
    own choices were made.

    If that's not what you want, there are trivial ways to make it so that
    they know the choices are determined randomly after their choices are
    made too.

    > Another problem, besides computer generated draws
    > with such lotto games is that nobody can verify how much
    > the ticket sales really have been. This is important to know because
    > the winner's prizes in such lotto games are usually determined
    > parimutuel, ie. from the "pot" of sales, and this is known by
    > the organizer alone...
    > The more I think about lotto the more sources for possible
    > manipulations and fraud by the organizer I see...


    That's simple to solve too. Give each participant a cryptographic
    receipt with a timestamp and publish a timestamped, signed list of the
    SHA1 hashes of all receipts in a given game periodically. If any
    receipt does not appear on the list, the person who has that receipt
    can publish the receipt and the signed list, and prove that the
    company has cheated.

    These are ridiculously simple problems to solve. Really.

    DS

  12. Re: Public remote RNG server service on the net

    "David Schwartz" wrote:
    >
    > 1) Before the event, publish a public key. Also publish the chosen
    > numbers encrypted with the public key.
    >
    > 2) After the event, publish the private key.
    >
    > This way, everyone knows that the results were determined
    > before their own choices were made.


    Hmm. I'm afraid this wouldn't be accepted by the players.
    It's mainly a psychological issue, but at the same time also a
    very dangerous issue because some criminal minds would
    try to get the private key before the event....

    > If that's not what you want, there are trivial ways to make it so that
    > they know the choices are determined randomly after their choices
    > are made too.


    That's a solution I'm looking for,
    so I'm very curious to learn how your solution looks like.

    > > Another problem, besides computer generated draws
    > > with such lotto games is that nobody can verify how much
    > > the ticket sales really have been. This is important to know because
    > > the winner's prizes in such lotto games are usually determined
    > > parimutuel, ie. from the "pot" of sales, and this is known by
    > > the organizer alone...
    > > The more I think about lotto the more sources for possible
    > > manipulations and fraud by the organizer I see...

    >
    > That's simple to solve too. Give each participant a cryptographic
    > receipt with a timestamp and publish a timestamped, signed list of the
    > SHA1 hashes of all receipts in a given game periodically. If any
    > receipt does not appear on the list, the person who has that receipt
    > can publish the receipt and the signed list, and prove that the
    > company has cheated.


    Yes, this is indeed a very good method.

    > These are ridiculously simple problems to solve. Really.


    I'll believe it when I see your solution to the main problem
    mentioned above :-)


  13. Re: Public remote RNG server service on the net

    On Jul 1, 9:04*pm, "Adem24" wrote:

    > "David Schwartz" wrote:
    >
    > > 1) Before the event, publish a public key. Also publish the chosen
    > > numbers encrypted with the public key.

    >
    > > 2) After the event, publish the private key.

    >
    > > This way, everyone knows that the results were determined
    > > before their own choices were made.


    > Hmm. I'm afraid this wouldn't be accepted by the players.
    > It's mainly a psychological issue, but at the same time also a
    > very dangerous issue because some criminal minds would
    > try to get the private key before the event....


    That's nonsense.

    You can make the same objection to *any* blackjack implementation.
    After all, criminal minds might try to get the contents of the
    dealer's hand before they have to choose whether to hit or not.

    > > If that's not what you want, there are trivial ways to make it so that
    > > they know the choices are determined randomly after their choices
    > > are made too.


    > That's a solution I'm looking for,
    > so I'm very curious to learn how your solution looks like.


    For example:

    1) The house and all players (who wish to) choose a random 160-bit
    seed.
    2) The house and all players publish the SHA1 hashes of their seed.
    3) All players pass their seeds to the house. The house uses the XOR
    of all seeds as the seed for the game.
    4) After the game, all seeds (included the house's) are published.

    This system is secure so long as at least one player or the house does
    not cheat.

    If you explain your exact security objectives, odds are it's nearly
    trivial to come up with a protocol that meets them.

    > > That's simple to solve too. Give each participant a cryptographic
    > > receipt with a timestamp and publish a timestamped, signed list of the
    > > SHA1 hashes of all receipts in a given game periodically. If any
    > > receipt does not appear on the list, the person who has that receipt
    > > can publish the receipt and the signed list, and prove that the
    > > company has cheated.


    > Yes, this is indeed a very good method.


    > > These are ridiculously simple problems to solve. Really.


    > I'll believe it when I see your solution to the main problem
    > mentioned above *:-)


    State your problem with sufficient specificity that I can tell whether
    I've solved it or not, then I'll solve it.

    DS

  14. Re: Public remote RNG server service on the net

    David Schwartz wrote:

    > That's simple to solve too. Give each participant a cryptographic
    > receipt with a timestamp and publish a timestamped, signed list of the
    > SHA1 hashes of all receipts in a given game periodically. If any
    > receipt does not appear on the list, the person who has that receipt
    > can publish the receipt and the signed list, and prove that the
    > company has cheated.


    I don't believe that's practical. It takes the UK lottery organisers a
    couple of hours to search their database and work out the number of
    winners. Just imagine how long it would take them to publish an
    encrypted version of every single ticket bought.

    Also, there is always a low level of fraud perpetrated by lottery
    outlets eg someone buys a ticket from a newsagent then the newsagent
    voids the ticket immediately and keeps the cash. Should a whole draw be
    invalidated by a few such incidents?

    Evil Nigel



  15. Re: Public remote RNG server service on the net

    On Jul 2, 3:45*am, nigel wrote:

    > David Schwartz wrote:


    > > That's simple to solve too. Give each participant a cryptographic
    > > receipt with a timestamp and publish a timestamped, signed list of the
    > > SHA1 hashes of all receipts in a given game periodically. If any
    > > receipt does not appear on the list, the person who has that receipt
    > > can publish the receipt and the signed list, and prove that the
    > > company has cheated.


    > I don't believe that's practical. It takes the UK lottery organisers a
    > couple of hours to search their database and work out the number of
    > winners. Just imagine how long it would take them to publish an
    > encrypted version of every single ticket bought.


    I was assuming a smaller, online application with all tickets sold
    through a single outlet. You are correct that that may not be
    practical for a large national lottery. There are, however, ways to
    make it scalable. (For example, you can have tickets signed by
    regional authorities rather than a singe list.)

    > Also, there is always a low level of fraud perpetrated by lottery
    > outlets eg someone buys a ticket from a newsagent then the newsagent
    > voids the ticket immediately and keeps the cash. Should a whole draw be
    > invalidated by a few such incidents?


    No, you then issue an "invalidation entry" and publish it in the list
    next to the entry it invalidates. You can also have a reason code. If
    they invalidate your entry, you will know it before the drawing.

    DS

  16. Re: Public remote RNG server service on the net

    In article <5ce28914-00e7-4151-a3d9-7e0a29832782@x41g2000hsb.googlegroups.com>, davids@webmaster.com (David Schwartz) writes:

    | For example:
    |
    | 1) The house and all players (who wish to) choose a random 160-bit
    | seed.
    | 2) The house and all players publish the SHA1 hashes of their seed.
    | 3) All players pass their seeds to the house. The house uses the XOR
    | of all seeds as the seed for the game.
    | 4) After the game, all seeds (included the house's) are published.
    |
    | This system is secure so long as at least one player or the house does
    | not cheat.

    Assuming you are still talking about Blackjack, it is secure if the
    house doesn't cheat or if no player cheats (or obviously if nobody
    cheats). The house in collusion with one or more players/shills can
    manipulate the game.

    Dan Lanciani
    ddl@danlan.*com

  17. Re: Public remote RNG server service on the net

    In article <1348429@news1.IPSWITCHS.CMM>, Dan Lanciani wrote:
    >In article


    >| 1) The house and all players (who wish to) choose a random 160-bit
    >| seed.
    >| 2) The house and all players publish the SHA1 hashes of their seed.
    >| 3) All players pass their seeds to the house. The house uses the XOR
    >| of all seeds as the seed for the game.
    >| 4) After the game, all seeds (included the house's) are published.
    >|
    >| This system is secure so long as at least one player or the house does
    >| not cheat.
    >
    >Assuming you are still talking about Blackjack,


    When did Blackjack become the issue? The original question mentioned
    Keno and there have been references to lotto, but `grep blackjack`
    in my spool directory says that the Cliff Claven raised a typical
    non-solution to the Blackjack problems.


    > it is secure if the
    >house doesn't cheat or if no player cheats (or obviously if nobody
    >cheats). The house in collusion with one or more players/shills can
    >manipulate the game.


    If you trust the house to not cheat, then you must also trust the house
    to run an honest, good (i.e. unpredictable) random noise generator and
    you have no justification for the risks of hashes of random numbers etc.
    Asking players to compute SHA1 hashes and so forth increases the
    risk of implementation errors (bugs) that might be found and exploited
    by a player.

    Such a relatively complicated implementation also risks more active
    attacks. In the real world each player would be running an opaque
    program on pathologically insecure (Windows) systems that would do all
    of the hashing, seeding, comparing, publishing, and so forth. A crooked
    player could use the techniques of botnet recruiters and other bad guys
    to subvert the programs of other players. The players would be told
    by the subverted program that all is well and everything compares, but
    the program would not publish, compare, etc. what it claims.


    Vernon Schryver vjs@rhyolite.com

  18. Re: Public remote RNG server service on the net

    In article , vjs@calcite.rhyolite.com (Vernon Schryver) writes:
    | In article <1348429@news1.IPSWITCHS.CMM>, Dan Lanciani wrote:
    | >In article
    |
    | >| 1) The house and all players (who wish to) choose a random 160-bit
    | >| seed.
    | >| 2) The house and all players publish the SHA1 hashes of their seed.
    | >| 3) All players pass their seeds to the house. The house uses the XOR
    | >| of all seeds as the seed for the game.
    | >| 4) After the game, all seeds (included the house's) are published.
    | >|
    | >| This system is secure so long as at least one player or the house does
    | >| not cheat.
    | >
    | >Assuming you are still talking about Blackjack,
    |
    | When did Blackjack become the issue?

    Refer to the article to which I responded.

    | The original question mentioned
    | Keno and there have been references to lotto, but `grep blackjack`
    | in my spool directory says that the Cliff Claven raised a typical
    | non-solution to the Blackjack problems.

    Well, grep Cliff in my spool directory produces no result other than
    your mention of the name...

    | > it is secure if the
    | >house doesn't cheat or if no player cheats (or obviously if nobody
    | >cheats). The house in collusion with one or more players/shills can
    | >manipulate the game.
    |
    | If you trust the house to not cheat, then you must also trust the house
    | to run an honest, good (i.e. unpredictable) random noise generator and
    | you have no justification for the risks of hashes of random numbers etc.

    Yes, that was my point.

    Dan Lanciani
    ddl@danlan.*com

  19. Re: Public remote RNG server service on the net

    On Jul 2, 12:50*pm, ddl@danlan.*com (Dan Lanciani) wrote:

    > Assuming you are still talking about Blackjack, it is secure if the
    > house doesn't cheat or if no player cheats (or obviously if nobody
    > cheats). *The house in collusion with one or more players/shills can
    > manipulate the game.
    >
    > * * * * * * * * * * * * * * * * Dan Lanciani
    > * * * * * * * * * * * * * * * * ddl@danlan.*com


    You are correct. I meant "secure" only in the sense that the sequence
    of cards cannot be manipulated by the house or any player.

    DS


+ Reply to Thread