What's new
By:
Filters
Poker Community, Online Poker Forums

Join our poker forum today to talk strategy, and participate in private poker games with our members. Once signed in to your account, you'll get instant access to the passwords for our private tournaments.

Play our daily home games on partnered online poker sites to qualify for our monthly private freerolls! The top players on the leaderboards qualify. Check the leaderboards for more information.

StockPoker Leaderboard DarkSidePoker Leaderboard How to Earn Poker Coins?

Can this Problem be solved?

J

Jonny0214

New Poker Communist
Messages
1
Poker Coins
15.12
StockPoker Screen Name
jonny0214
We need to build a custom Poker App with a focus on ensuring the integrity of the Random Number Generator (RNG), if this is doable.
The primary technical challenge here is to isolate the RNG from re-entry, ensuring that once the 52-card deck is randomized and the initial cards are dealt,
there is no way to alter the sequence.
This requires robust implementation of cryptographic techniques to secure the RNG, and possibly hashing algorithms to verify that the sequence remains
consistent throughout the game.
Also, by employing a combination of these techniques , securing the RNG output through hashing, and using tamper-evident logs to track the sequence of cards dealt.
Additionally, we would need to implement strict access controls and potentially use hardware security modules (HSMs) to further isolate and protect the RNG.
Please let me know, if you can assist or join the 'Team'
Thanks.
HYPOINT I.L.
 
Hey Jonny,

Yeah, the card shuffle randomization ensures the integrity that can be managed by multiple well-known public domain PRNG algorithms.
1) - Fortuna
2) - SHA-1 and SHA-2 based PRNGs (e.g. Java SecureRandom)
3) - AES based generators (AES-CTR, AES-KTR, AES-OFB)
4) - ISAAC
5) - Mersenne Twister (MT)

The first 4 are cryptographically secure algorithms that you can use for your online poker software. MT is also very popular and widely used for various poker websites.

If you want to use HRNGs (Hardware) you can go with any of these devices.
1)- Quantis, Quantis + MT
2)- ComScire
Using the HRNGs requires a special setup for your poker software and that is recommended if you are operating from a poker hall, for online PRNGs are enough.

Let me know what else you want to know, I will consult you for your upcoming poker software development project.
 
Do we think that the current RNG's out here are lacking integrity? There are so many sites out here with so many former employees. I am sure if RNG's were being manipulated we would have some concrete evidence by now.
 
padrespatty said:
Do we think that the current RNG's out here are lacking integrity? There are so many sites out here with so many former employees. I am sure if RNG's were being manipulated we would have some concrete evidence by now.
Click to expand...
I'm not sure I trust the RNG on ACR. I've had my suspicions for years. Runner Runner is a good movie about a poker site owner that was cheating his players.
 
The problem isn’t how sites generate random numbers or shuffle the cards. The real questions are:
  1. How do we know the site actually implemented the RNG as they claim?
  2. How can we verify the randomness and its implementation?
Every sites have 3rd party auditor like iTech to show their integrity but it's easy to change the system after getting the certificate.

How can players verify the randomness? They can't because in order to publicly verify fairness, every hand history must be revealed, which will kill the player privacy.

There's a fine line between integrity and privacy. We at Basepoker approached it completely differently. Instead of using RNG algorithm. We use the chain of hashes. You hash a seed a million times to get a million hashes in chain. And the millionth hash becomes the first hash. So you can guarantee that no one including the site can alter it and publicly able to verify it.

You then combine the hash with player seed, which is given to all players and also editable at anytime, to produce the final hash which will run the shuffle algorithm to distribute cards. In order to get fully verify, players can ask each other's seed and run the algo themselves. This consensus-based verification is the only way to achieve verifying the system without giving all hand history.
 
claudefolds said:
The problem isn’t how sites generate random numbers or shuffle the cards. The real questions are:
  1. How do we know the site actually implemented the RNG as they claim?
  2. How can we verify the randomness and its implementation?
Every sites have 3rd party auditor like iTech to show their integrity but it's easy to change the system after getting the certificate.
Click to expand...

This. It really comes down to the management. I only play sites where I know the owners, or they have a good reputation. The gambling industry can be a nasty business.
 
Jonny0214 said:
We need to build a custom Poker App with a focus on ensuring the integrity of the Random Number Generator (RNG), if this is doable.
The primary technical challenge here is to isolate the RNG from re-entry, ensuring that once the 52-card deck is randomized and the initial cards are dealt,
there is no way to alter the sequence.
This requires robust implementation of cryptographic techniques to secure the RNG, and possibly hashing algorithms to verify that the sequence remains
consistent throughout the game.
Also, by employing a combination of these techniques , securing the RNG output through hashing, and using tamper-evident logs to track the sequence of cards dealt.
Additionally, we would need to implement strict access controls and potentially use hardware security modules (HSMs) to further isolate and protect the RNG.
Please let me know, if you can assist or join the 'Team'
Thanks.
HYPOINT I.L.
Click to expand...
1. Isolating the RNG from Re-Entry
• The RNG should be seeded using a secure entropy source (e.g., hardware-based TRNG or a strong PRNG).
• Once the deck is shuffled, the sequence must be immutable.
• Implement one-time deck generation per game session to prevent re-randomization.

2. Ensuring Integrity with Cryptographic Techniques
• Use SHA-256 or SHA-3 hashing on the deck sequence to create a verification hash.
• Store this hash before the first card is dealt to ensure no changes occur mid-game.
• Make this hash publicly auditable or verify it through a tamper-proof system.

3. Tamper-Evident Logs
• Use append-only logs (blockchain or Merkle trees) to track the sequence of dealt cards.
• This ensures that any deviation in the sequence is detectable and verifiable.
• Log every deal action with timestamps and cryptographic signatures.

4. Access Control & Security
• Role-based access control (RBAC) to limit who can interact with the RNG.
• Hardware Security Modules (HSMs) or Trusted Execution Environments (TEE) (like Intel SGX) to ensure that the RNG runs in an isolated, secure environment.
• Secure communication protocols (TLS 1.3, end-to-end encryption) to prevent external tampering.
 
Cpvr said:
1. Isolating the RNG from Re-Entry
• The RNG should be seeded using a secure entropy source (e.g., hardware-based TRNG or a strong PRNG).
• Once the deck is shuffled, the sequence must be immutable.
• Implement one-time deck generation per game session to prevent re-randomization.

2. Ensuring Integrity with Cryptographic Techniques
• Use SHA-256 or SHA-3 hashing on the deck sequence to create a verification hash.
• Store this hash before the first card is dealt to ensure no changes occur mid-game.
• Make this hash publicly auditable or verify it through a tamper-proof system.

3. Tamper-Evident Logs
• Use append-only logs (blockchain or Merkle trees) to track the sequence of dealt cards.
• This ensures that any deviation in the sequence is detectable and verifiable.
• Log every deal action with timestamps and cryptographic signatures.

4. Access Control & Security
• Role-based access control (RBAC) to limit who can interact with the RNG.
• Hardware Security Modules (HSMs) or Trusted Execution Environments (TEE) (like Intel SGX) to ensure that the RNG runs in an isolated, secure environment.
• Secure communication protocols (TLS 1.3, end-to-end encryption) to prevent external tampering.
Click to expand...

These are all very good ideas. The implementation makes sense, but it does not allow the public to verify the implementation.
This is why hashchain is necessary for the verification. If you create a chain of hashes (using SHA256), then use the reverse order as the basis of the randomness, then combine it with player seed, given to each player and editable at will, you can consensually verify without compromising the hand privacy.

Check out how Basepoker works:

 

Top