I admit I can only envision a solution, and can't show any proof. And that I'll never likely have any decent technical grasp of all this, but I do think that we have the solutions needed for decentralizing poker. I think the real issue is moving the players community behind the idea. Which means, getting credible people (developers?) to understand a provable solution. It probably involves a working model/product and a shift within the players community.
But if it can be shown that there could be a working decentralized game equal or superior to the best centralized sites, then the players can imagine a game with their own rake model and incentives to come up with cost saving solutions.
To me that means the players community today pays x dollars a day in rake to 3rd parties, and they stand to save that money by developing (and funding) a decentralized project. If I understand ethereum correctly, their is mutual incentive for the players community to adopt ethereum to the point of it being Epoker. It would be nice to add the poker community to the ethereum network I am assuming? And so if a solution could be presented that is verified and understandable their should be $100,000's or millions available for its implementation (depending on the solution and contracts for funding players might flock to it).
I just really think the key here is this can only work if the players buy their own game. (The only other possibility is an owner sells the players the idea with a working product and phases out eventually, but that is trivial anyways.)
I described it the best I could, I can barely understand any of the papers, but it seems to me that with decentralized chess and cyberdice, and the players community developing incentives and rules, ethereum can specifically address decentralized poker in every way that is significant to the player (but not necessarily to a 3rd party private interest).
Does the player community bring value with them? Extra computing power? Liquidity of ether?
Maybe you don't need to read my writing, but point me to someone who has shown this or could answer this?
I'm trying not to sound crazy but I feel like this community might not fear out there ideas.
http://www.scribd.com/doc/225582000/Epoker-as-a-solution-to-DPoker
Comments
I am not technical, yet I seem somewhat crucial for the sole reason I have zero limited beliefs.
I will take what you posted alone, to networks I have and perhaps they can instantly remedy it...but i will give some random thoughts in case it inspires more issues and points from you, giving me more questions and possibly you as well.
We just want to write the line by line (text) turn based game play as it happens. So my understanding would be the only issues is the possibility of reading the hand history in realtime (i have ideas for this anyways). Maybe I have an incorrect view but my thoughts is players broadcast their move (line of text) to each other AND the blockchain simultaneously.
I feel this can work because if for example we used msn groups for text based poker, and had a public forum as a ledger, you should able to facilitate a perfect poker game. Players announce their move in the msn chat and write to the forum ledger. This way all players can verify the authenticity of players and their actions. And they can verify if someone is not posting simultaneously to all the players and the ledger.
My understanding of cyberdice is that we have separated the deck protocol in a way that it doesn't need the ledger to function.
So i think i mean to say, and i hope it came out clear. We should be able to play dpoker (or epoker) in the same way as d.chess + cyber dice, and the players only new age request is the final results of each hand ends up on a ledger
Any thoughts are greatly appreciated, I feel once we can sort out all the road blocks, i can convince many players to fund this since in the long run it will make them money and after all they are poker players that hunt for +ev investments for their monies
Players can use any messaging service they want for their game play, it doesn't need to be secure or trustable in any fashion, in fact it really only needs be fast and able to be sent out to all parties on the table and a few random anonymous parties.
This works as long as the player to act also posts to the block chain their intended move.
So then players can easily cheat, however there is zero incentive to do so because they will ALWAYS get caught. *
Then games are free to run smoothly over an insecure style group messenger service.
*and the players community will dramatically reduce this players integrity rating because its a perfectly obvious and provable cheating method. We are creating a game where you need that integrity rating to participate.
"6. Peer-to-peer gambling. Any number of peer-to-peer gambling protocols, such as Frank Stajano and Richard Clayton's Cyberdice, can be implemented on the Ethereum blockchain. The simplest gambling protocol is actually simply a contract for difference on the next block hash, and more advanced protocols can be built up from there, creating gambling services with near-zero fees that have no ability to cheat. "
Did i understand this incorrect, and when we say gambling its not meant for card games?
That said, I love a good game of poker and am interested in researching this a bit more myself. I'll keep you in the loop via this thread or PM when I get to it Cheers!
Maybe its not relevant but it seems to me we can note that a poker hand only lasts a few minutes, so the encryption can be made to be 'crackable' as long as it takes X amount of time to do so. Don't know if that relates, maybe we are worried players won't share their keys? Again tho, as along as you have the possibility to catch cheaters always, then there will be zero incentive to cheat.
Here is one post on card procedure from https://bitcointalk.org/index.php?topic=362901.0:
A. Basic Poker:
There is a great cryptographic method called 'Mental Poker' which enables a set of cards (or other set of values) to be shuffled by multiple people without using a trusted third-party.
-Alice starts out with an unshuffled deck.
-Alice picks an encryption key A, and encrypts all cards using that key.
-Alice shuffles the deck.
-Alice passes the shuffled deck to Bob.
-Bob does not know what order the cards are in, since he doesn't know A (and thus doesn't know what values represent what cards in the new stack).
-Bob picks an encryption key B, and encrypts all cards using that key.
-Bob shuffles the deck.
-Bob gives the deck back to Alice.
-Alice now has no idea either about the values/positions of the cards.
-Alice uses her key A to decrypt all cards. (though she still doesn't know the values since Bob's key B is still in place)
-Alice encrypts all cards using a special key for each card.
-Alice passes the deck to Bob.
-Bob decrypts all cards. (though he still doesn't know the values since Alice's many keys are in place).
-Bob encrypts all cards using a special key for each card.
The deck is now shuffled: All players can see the stack, but they do not know what value is what card, since all players hold a key needed to decrypt it.
If the protocol decides that a certain player should be able to see a certain card, all players give that player their keys for that card.
Now only this player has all keys needed to look at the card.
This can be used to implement most of the poker scheme.
Here is the full paper on mental poker http://www.dc.uba.ar/inv/tesis/licenciatura/2010/lerner
And 2 more: http://crpit.com/confpapers/CRPITV21AZhao.pdf
http://people.csail.mit.edu/rivest/ShamirRivestAdleman-MentalPoker.pdf
http://bitcoinmagazine.com/9671/ethereum-next-generation-cryptocurrency-decentralized-application-platform/
http://blog.ethereum.org/2014/05/14/what-is-ethereum-project-platform-fuel-stack/
"A peer-to-peer fast messaging protocol, will enable the user interface to reflect such changes, and will facilitate communication among different DApps and among users."
"At this point, however, it is clear that contracts for difference are really only one special case of a much more general concept: contracts for formula. Instead of having the contract take in $x for Alice, $y from Bob, and return to Alice $x plus an additional $z for every dollar that some given ticker went up, a contract should be able to return to A an amount of funds based on any mathematical formula, allowing contracts of arbitrary complexity. If the formula allows random data as inputs, these generalized CFDs can even be used to implement a sort of peer-to-peer gambling."
"Each Ethereum contract has its own internal scripting code, and the scripting code is activated every time a transaction is sent to it. The scripting language has access to the transaction’s value, sender and optional data fields, as well some block data and its own internal memory, as inputs, and can send transactions. "
"A very basic protocol would simply be a contract for difference on random data such as a block hash"
We now need to be able to bring the other parts that make up a poker solution together. I think ethereum could be quite helpful.
Poker could also really catapult any BTC type technology. Poker could be a killer app for us. There is 3-5M flowing into the poker economy every day but most of it is raked away. So this could be really beneficial for both economies. And poker player might be able to switch faster than other parts of society.
1)If Hero makes a decision, hero needs to know that his decision will be validated vs 8 other colluders.
2)If colluder 1 makes a decision Hero needs to know that villains decision will be upheld in light of the 7 other colluders.
And I want to know if this is a simple solution?
gSf(m) = S(m)
S is a digital signature. f is the blinding function, and g an unblinding function. The blinding functions are usually based on a secret random number called the "blinding factor". m is another random number, a unique identifier which can, for example, refer to an instance of some object.
The idea is very clever but very simple. It may be counterintuitive because the simplest physical world metaphor of this highly useful e-commerce primitive sounds worse than useless: Alice can get Carol to sign a blank check! Here's how:
(1) Alice generates m and blinds it. "Blinding" is just a one-time-pad encryption to oneself, f(m). She sends this to Carol. This is like taking a piece of paper and sealing it inside an envelope which Carol can't open or see through.
(2) Carol signs it: Sf(m), and sends this back to Alice. This is like Carol signing the outside of the envelope.
(3) Alice unblinds it: gSf(m) = S(m). Carol has also signed the paper Alice put inside the envelope!
The genius behind this discovery: cryptography guru David Chaum. The brilliance lies in step 3: Chaum discovered that some signatures have the property of being "commutative" with the blinding functions: Alice can strip off the blinding in the reverse order which the blinding and signature were applied, leaving just Alice's signature of n. It is as if Alice put a piece of carbon paper inside the envelope!
In particular for RSA signatures, with public key (pq, e) and private key d, the blind signature functions are the following modulo pq:
S(x) = xd
g(x) = xk-1
f(x)= xke
We can check that the blind signature property holds: gSf(m) = (m(ke))d * k-1 = md * k * k-1 = md, which is the valid RSA signature of private key d on m
And then on top of it I feel like this would solve the above completely:
http://gavintech.blogspot.ca/2014/06...view=timeslide
And specifically the oracles outlined here https://github.com/orisi/wiki/wiki/Orisi-White-Paper
I've felt this was the solution for awhile but not sure if it outlines what I am thinking.
There are 4 issues outlined:
The oracle can be hacked.
The oracle process is opaque - we can never be 100% sure of the oracle’s program or of what it will output.
The oracle can disappear between the transaction setup and finalisation.
The oracle may be bribed to deliver faulty results.
Yet it seems to me that if we send a verification out to n anonymous nodes (as oracles), then we can control the security of it by increasing in. This is important because the poker can be done this way anonymously and so there cannot be a way to collude other than in a super fashion that does not serve the attacker in any profitable way.
Because only malicious intent is left its seemingly impossible that someone could have the economic backing (lack of incentive) to carry it through.
Oracles can be kept honest and we can create a greater anonymity (more collusion proof) by sending out false verifications, that the players pay the oracles to get correct.
Any input is appreciated even (maybe especially) from non poker players.
http://www.scribd.com/doc/240518193/Satoshi-Paper-A-Decentralized-Secure-Mental-Poker-Protocol
khanacademy.org/cs/deck_01/6473950051958784
Save for each possible combination of players which could see the flop a different set of cards. Encrypt the cards with the keys of players who would see this particular flop, save the encrypted cards on the chain and send a key to each player. If two players are in the flop round they have to send there keys to unlock the particular flop.
Also the described reshuffle has the particular problem with 2 players – if a card on the river is rejected my opponent know one of my hole cards.
Right now the only save solution I see is, if a player folds/leaves he has to give back his key. If he does not do it the round has to be terminated and the play has to pay some kind of fine/deposit.
I checked out your code, I am not too technical so it will take me a bit, but I have someone I chat with that will look at it with me. I think your attempt is different than mine which is good, but I am just checking to see if you think its different too?
I think I noticed, that you have situations where only 1 player sees a flop which is arbitrary, but that doesn't matter for the example.
How do player get "hole" cards that they don't share with each other? We have to make sure the cards they don't share are also no longer in the deck?
Thx for sharing, please stick around maybe we can get different minds wrapped around this problem!
In this example it might be easier, but the question is of course about a 52 card deck with 23 cards being used for 9 players.
And then the question is for n players can n-1 players collude and use the adjustments to determine 1 players initial deck choice.
If we find a solution, than we would have a solution for the random number problem too. https://forum.ethereum.org/discussion/546/lll-question-random-number-function#latest
But I am a little pessimistic at the moment.
"Each player secretly picks a random number, and puts it into the function."
The problem is the contract (function) can not hide anything and only one player at the time can call the contract. This means the contract has to store the randomly generated number. Therefore everyone - at least the last player - can see the number.
Because we have not only the problem of generating a random number but also the number should be only known by the contract itself. Otherwise you could figure out the starting hand of the player.
With a random number would be the rest straight forward.
But maybe I need a different understand of ethereum from the start.
It is discussed, to import as example weather or stock data in ethereum, maybe this could be a source of randomness.
I am sure someone will come up with a solution, but I doubt it is me.
If we find a solution than we would have a solution for the random number problem too. https://forum.ethereum.org/discussion/546/lll-question-random-number-function#latest
But I am a little pessimistic at the moment.
"Each player secretly picks a random number, and puts it into the function."
The problem is the contract (function) can not hide anything and only one player at the time can call the contract. This means the contract has to store the randomly generated number. Therefore everyone can see the number.
Because we have not only the problem of generating a random number but also the number should be only known by the contract itself. Otherwise you could figure out the starting hand of the player.
If the contract could just call a random number then the rest would be straight forward.
________________
Here is a poker program I wrote with ethereum in mind. I stopped because of the random number problem. Therefore it is not translated. You can only send two values to the program. A seat number and a bet. Maybe you can figure out how it works - just click randomly.
khanacademy.org/cs/ep03/6722018477342720
The idea is the "contract" gets encrypted inputs, and the output must be decrypted by the players together.
Then the point might be made, that no contract is needed, but its simply part of the overall verification of the game flow, proof.
As long as encrypted inputs can still be "summed", then they can be hidden yet useful...
I'm still trying to find out if this is the possibility.
It gave me a better insight how it work.
My last try to "shuffle a deck of cars" was
mintchalk.com/c/99b06
(It was just a try, does not mean it really works.)
Each player sends a shuffle order and a encryption key. In the end you could have a encrypted shuffled deck.
If all player work together they could decrypt the deck again.
But I did not jet found a solution that the program could do anything useful with encrypted deck or decrypt only a single card instead the whole deck, because the program does not know the key.
PS: I have today a longer train raid, so I have some time to think again about the problem.
Of course, the server still knows everything during the game, so he could cheat by telling other people. However, the state of the game does not have to be a state of a deck. It could be a probability distribution as-if the game was played the way it was. In the case of a deck where the cards are distributed one by one, the server only needs to know which are still in the deck, and random ones are picked out based on the next (yet unknown, as they come from RANDAO)random value.
The server now still knows who has which cards, and i dont think you can stop players from telling each other what cards they have. Really the best that can be done in-principle that the players just know what they aught to know according to the game. I.e. if cheating is sharing that information, afaik there is nothing to stop that. Well, you could try ensure that the origin of the different players is truly a different party, to limit the possibility of collusion. You could also try keep players to the same account and do statistical analysis, but probably people ran away with a lot of money before you have enough to 'convict' any of them.
Also there is the issue of timing. Preferably, when people indicate their moves, the game can immediately continue. However, if you dont want the server to know what is going to happen, you want the next move to be the after-the-next block, or a block that the players dont yet expect has been created yet, anyway. The random values become clear each block.
Sorry for not incorporating the stuff said in this thread, particularly from PokerPlayer's comments. The above would be a bunch better if the server did not know everything but order of the current stack of cards in the scheme.