Score:3

Crypto

How to create recreatable hashes?

FabZbi

5/7/23, 5:56 PM

I recently stumbled upon a YouTube video explaining a casino game. In simple words, they randomly generate a multiplier for your initial investment. This multiplier is supposed to be backed by a hash value. The casino also gives the customer the initial hash value of the first game and the hash value of every subsequent roll of the multiplier. The customer is supposed to validate the randomly generated hash by applying it to the following Python function:

def get_prev_game(hash_code):
    m = hashlib.sha256()
    m.update(hash_code.encode("utf-8"))
    return m.hexdigest()

Putting the resulting hash into this function over and over again should of course result in the initial game hash given.

Now my question: Since this get_prev_game function basically is hashing the hash value over and over again until it gets to the first hash value, I really wonder how the next hash value on the side of the casino is created? Wouldn't this mean they would have to create a new hash that matches hashed the previous hash? I thought this is supposed to be really hard to solve problem. Maybe I'm missing something. Thanks for any explanation in advance!

PS: I don't know if I'm allowed to poste the YouTube video but it's /watch?v=F1HA7e3acSI

Edit: I'm adding the function for calculating the multiplier. It's statistically obvious that this game is not winnable. I'm more interested in how they are generating new hashes and how the backtracking of previous hashes works.

def get_result(game_hash):
    hm = hmac.new(str.encode(game_hash), b'', hashlib.sha256)
    hm.update(salt.encode("utf-8"))
    h = hm.hexdigest()
    if (int(h, 16) % 33 == 0):
        return 1
    h = int(h[:13], 16)
    e = 2**52
    return (((100 * e - h) / (e-h)) // 1) / 100.0

172

0 + 0

hash

sha-256

Zac67

5/7/23, 6:30 PM

What's that hashing scheme supposed to prove?

FabZbi

5/7/23, 6:46 PM

The multiplier gets calculated from the hash. So it is trying to prove the integrity of picking those multipliers such that they are not favorably chosen by and for the casino.

Zac67

5/7/23, 6:50 PM

If the casino can "randomly" choose a start value it can do so that the hash chain conviently fits their needs.

FabZbi

5/7/23, 7:00 PM

@Zac67 I added the multiplier calculation function. It is out of question that this game will never be favorable for the customer by calculating the expected value as explained in the video but I'm more interested in the hash generation and backtracking.

Score:4

Crypto

kelalaka

5/7/23, 7:47 PM

This is simply a hash commitment by the Casino and this is not a pre-image problem.

Before all of the games start, the casino chooses a $seed$ and hash it $2M$ times. let $H^{s}(m)$ represents hashing $m$ $s$-time in cascading

$$H^{s}(m) = \underbrace{H(H(\ldots (H(m) ))}_{s-times}$$

The 1st game starts with $H^{2000000}(seed)$

When the 2nd game starts with $H^{1999999}(seed)$ and they say this;

look we are not using a random seeded game, we are on our commitment. Check this by hashing this game hash and seeing that the result is the previous game's hash.

$$H^{2000000}(seed) = H(H^{1999999}(seed))$$ or generic for the $i$th game ( omitting $2000000-i+1$ for the clarity);

$$H^{i}(seed) = H(H^{i-1}(seed))$$

Therefore, they may convince some gamblers but not the real cryptographers since the initial seed selection is not based on true randomness under a Notary.

They can simply search for a seed that always favors the casino, instead of relying on the expected uniform randomness of cryptographic hashes. The uniform randomness simply tells us that there are 2M cascading hashes that the casino will always lose. They simply will eliminate those cases.

The users cannot find the hashes of unplayed games since SHA-256 has a pre-image resistance of cost around $2^{256}$. They can only verify that the commitment is ongoing.

The main reason casinos use these hash commitments is to assure the player that when they play, their actions have no impact on their probability of winning. In particular the variation of the stake. They assure you that when you open the game, you are assigned a 2M sequence of multipliers, and that your computer checks after each spin to make sure they still live up to their pledge.

This way, if after 100 bets at $ 5 you decide to lower the bet to 25 cents, and on the first try you get a huge multiplier, at least you know they didn't do it on purpose!

0 + 0

FabZbi

5/7/23, 8:41 PM

This is perfect! I see.. the only purpose this mechanism has, is showing the customer they are not choosing the multiplier randomly but following the commitment of their first seed, which is verifiable. But the starting seed still could be in the favors of the casino. But with their `get_result` function everyone can calculate the expected value to be a loss disregarding the question of true randomness of the first seed. But this answers my question, thank you!

kodlu

5/7/23, 9:56 PM

yes. and isn't this basically *Lamport's scheme*?

kelalaka

5/7/23, 10:00 PM

@kodlu Lamport is more [than this](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fmedia.geeksforgeeks.org%2Fwp-content%2Fuploads%2F20200602205839%2FLamport1.png&f=1&nofb=1), there, we have many bit commitments. Am I missing something?

kodlu

5/7/23, 11:11 PM

no you are not, you are right, I was missing something.