EFF Staff Technologist Seth Schoen send in this brief, fascinating primer on the cryptography of secure gambling. This is in response to an earlier post about an online blackjack service that publishes cryptographic hashes of its decks in order to "prove their honesty."
It's odd that they claim that "Multiplayer Blackjack at The Gold
Casino is without question the most honest possible Blackjack
currently on the planet". The computer science literature has
been interested for years in the possibility of making distributed
card games fair without special hardware, using only cryptographic
protocols.Rivest, Shamir, and Adleman wrote a joint paper on mental poker,
which is great reading, and the literature has continued from
there with various improvements and enhancements. This was, as
far as I know, the genesis of the cryptographic subfield of
"security multiparty computation".This casino's protocol is _not_ the most verifiably fair known;
an enhanced cryptographic "mental poker" protocol would be fairer
because it would also prevent deck-stacking. Here is just one
random recent example via CiteSeer.On the other hand, all of the crypto protocols for mental poker
seem to require special software just to _play_. This casino
requires only a normal web browser to play, but requires special
software to audit.A casino could create a Java applet that implements a fair
gambling crypto protocol and lets you play in a regular Java-enabled
web browser. They could publish the source code to the applet
for audit and also show that the compiler the used produces the
exact Java bytecode with the same source file as input. (Or, if
players wanted to, they could compile the Java applet for themselves
and use their locally-compiled versions.) The source could verifiably
include features to detect if the house is cheating. The user interface
can be precisely the same as that of the existing web-based casino.A basic part of the original mental poker problem is how to let two
people shuffle a deck so that both of them agree that the deck was
fairly shuffled and not stacked. The fact that this casino does
not address this problem (but still relies on fancy crypto) suggests
that it didn't try too hard to investigate what's known in the
literature…
(Thanks, Seth!)
