//protocol
Random Number Generation (RNG) is a fundamental aspect of online gaming. This is obvious in the case of gambling, and even skill-based games such as Poker or anything else that makes use of cards or dice. Nonetheless, a varying degree of unpredictability is crucial for almost anything people play online, even if that’s not immediately apparent.
Role Playing Games, Quests, Real-Time Strategy Games and the like all include randomized elements which make a game worth the while. Being able to predict the appearance of these elements would grant a player an unfair advantage. Moreover, being able to control them would allow the controlling agent to determine the outcome of the game and corrupt it completely.
Introducing randomness into the world of code is not a trivial endeavor. In contrast to the real world which is notoriously chaotic, the world of computer code is a Newtonian dream (or nightmare?) of perfect determinism. Events lead to each other in an orderly manner of cause and effect. If you have enough information about these events and the algorithms that drive them, you can basically predict anything in a code-generated universe.
The standard way to work about that is simply by complicating things beyond recognition. This is done by implementing highly complex functions that generate radically different outputs over inputs that differ slightly, creating pseudo-chaotic behavior as a result. The inputs for these functions, or their seed, can be any arbitrary value generated by a machine’s CPU, or some external, undisclosed source.
While this might be good enough for enjoying a nice round of Minesweeper during lunch break, it’s far from perfect when the stakes are a bit higher. This short article, for example, demonstrates in less than 900 words how easy it is to crack the Mersenne Twister, an RNG used on many online Casino sites. Simpler games that rely on pseudo-random numbers generated by most Web-browser’s innate JavaScript-based engines are even worse. In many cases, two consecutive data points will be enough to reverse engineer the seed value and predict all its future outputs.
True randomness can, of course, be achieved by relying on specialized hardware which uses quantum-mechanical phenomena as an input source for RNG algorithms. Be it as it may, randomness, true or simulated, is very hard to prove. Eventually, gamers remain in the unfortunate situation of depending on the good graces of Online Game providers and their cyber security departments. As long as randomness can’t be proven beyond doubt, it will persist as the preferred attack vector of malicious platform operators and hackers alike.
While centralized systems will always be fundamentally limited to prove the true randomness of their operations (a “trust issue”, if you will), decentralized networks do have means to prove that a value is unpredictable, or at least not detriment by knowable variables like a specific function and its inputs.
As we have discussed in a previous post on Qlear’s Multi-Party Computation network, privacy-preserving computation allows MPC parties to jointly compute a function over their inputs while keeping those inputs private. This means that an RNG function, such as the Mersenne Twister or even Chrome’s xoroshiro128+, running on an MPC network would be fed with undisclosed and essentially unpredictable inputs generated by all parties to the computation network.
Essentially, the trick is the same: a complex function outputs seemingly random results over a simple seed input. However, in contrast to centralized systems, this initial seed is not only a highly guarded secret - it is fundamentally unknowable. No one, including players, nodes, the gaming platform or even Qlear itself have access to it.
Nonetheless, even this level of secrecy is not enough. As we explained earlier, the seed value, even if not known by anyone, could potentially be reverse engineered by an attacker, given enough knowledge about the RNG algorithm and its outputs. However, in Qlear’s case, we’re not dealing with one centralized system, serving interceptable outputs to its clients.
While inputs are provided by users, outputs are cryptographically calculated by the MPC network and served separately to each user. Even if a very determined attacker would intercept the communication between network and users, they would not be able to establish a consistent pattern between the user’s inputs and the pseudo-random outputs they’ll receive in the future. To crack the algorithm, an attacker would need to obtain absolute knowledge of all systems participating in a game in order to attack it. This is as good as impossible as it gets without invoking Quantum magic.
However, maybe more importantly than anything else, Qlear’s MPC-based PRNG isn’t only highly unpredictable, it is provably so. A user can obtain mathematical proof that the random value they’ve received is, in fact, a processed result of their and their peer’s inputs without ever having to know the inputs themselves. This guarantees that the supposedly random value can’t be known or predicted by anyone and fundamentally solves the trust issue associated with on-line randomness.
Nevertheless, just in case that a gamer feels that even this isn’t good enough, Qlear supports Quantum Number Generating hardware. Since in Qlear’s case, this hardware is installed on the user’s side, they can rest assured that thanks to their contribution the entirety of the game is truly random.
If you want to learn more about how Qlear helps developers and protects consumers, stay tuned here, follow us on Twitter, and join us on Discord.
The Qlear Team.
.