Sportingbet.com

Why Paradise

Random Number Generation

The following section covers some of the issues of random number generation and how it relates to shuffling cards for multiplayer internet poker. We believe the public scrutiny of the algorithms used for generating random numbers and shuffling cards is the only way to ensure we have the best solutions in the industry. We continue to monitor newsgroups and cryptography mailing lists to ensure that our solutions remain the best. After reading about our methods, we're sure you'll agree.

There are a number of issues in common between random number generation for data security purposes and for shuffling cards in multiplayer online poker. The goals in both cases are to produce a number (or stream of numbers) which cannot be predicted using any and all available data. Both have the possibility of an adversary using a computer to help reduce the number of possibilities, and both can benefit from the same solutions. A large seed and a diversified non-predictable entropy pool are critical for both applications.

First, a little math to help explain the importance of a large seed and why we DON'T use the standard rand() function found in today's compilers:

Let's take Seven Card Stud as an example... if you had a 32-bit seed for your random number generator (the most common size in today's program compilers), that would give you over 4 billion possible ways to shuffle the deck. That sounds like a lot, but as you shall see, it's not nearly enough

After the first round of cards has been dealt, you can see your 3 cards, plus 1 card for each of your 7 opponents. That makes a total of 10 cards visible. The first card cuts down the possible seeds by a factor of 52, the second by 51, and the third by 50. Let's multiply that out and see where we get...

52*51*50*49*48*47 = 14.65 billion.

By the time you get to 6 cards (you didn't even need all 10), there aren't any more possible outcomes (14 billion is more than 4 billion) and a determined adversary can easily predict each and every card that has been dealt and that is going to be dealt, all the way to the end of the game. In fact, a 32-bit seed isn't even adequate to ensure that player 1 doesn't get more than his fair share of pocket aces! This is obviously very bad for multiplayer poker, and fortunately there is a solution.:

Lets continue with the multiplication... again in Seven Card Stud, by the time all the cards get dealt, there will be your 7 cards visible plus 4 for each of 7 opponents for a total of 28 cards visible (over half the deck).

52*51*50*49...*26*25 = 52!/24! = 1.3*1044 (which is 13 followed by 43 zeroes, or roughly 2147).

As you can see, even a 147 bit seed just barely reduces the number of possibilities to 1 by the time you factor in the last card. Clearly a larger seed is needed.

In fact, a deck of cards can be shuffled 52! different ways (approx. 8 x 1067, or 2225). To attempt to shuffle a deck of cards using merely a 32-bit seed like some of the other poker software does, results in at most 4 billion combinations. That's merely 0.000000000000000000000000000000000000000000000000000000005% (or 5 x 10-57 %) of the possible ways to shuffle a deck. Clearly inadequate.

We have chosen to use a 2016 bit seed for ParadisePoker. Some might call this overkill or paranoid, we think it was worth the effort. Using this method, combined with our shuffling algorithm, allows us to shuffle a deck so that ALL possible shuffles are indeed possible.

So what good is a 2016 bit seed if it doesn't contain random data? If we were to assume for the purposes of this discussion that each hand takes approximately 120 seconds (some take more, some take less) and that we wanted to have at least 2000 new bits modifying our seed for each hand (overkill), we would need approximately 17 completely random (non-predictable) new bits per second to add to the entropy of our seed

We have two main sources of these random bits. First, the rng on the server samples the low order bits of the CPU's time stamp counter (667MHz) at irregular parts of the program and when data is received from client connections, and uses it to add to the entropy in our large seed.

Secondly (and mainly) the client programs send their own 32-bits of entropy with every action they make and with several of the other packets they send to the server. The client's entropy is gathered from both mouse and keyboard movements, as well as the lower 32-bits of their CPU time stamp counters. With thousands of clients connected using all sorts of different hardware and moving their mice in different non-predictable ways, this is by far the biggest source of entropy and gets us far more than 17 new random bits per second. In fact, tests performed in February 2001 indicate that it typically yields over 7000 bits of new random data per second. We're using several sources of reliably random entropy; no single point of failure. Can you say overkill?

It is important to note that these new bits do not replace the existing seed bits, they merely modify the existing seed (XOR), therefore making it less predictable. Even if an attacker was able to feed non-random (probably fixed) data in place of the entropy we expect, there is still plenty of new random information from other clients and from the server itself to ensure that we are dealing truly randomly shuffled decks of cards.#42;51*50*49*48*47 = 14.65 billion.

The updated seed is used for dealing cards during each card dealing round, and since a hand always lasts longer than it takes to inject 2000 bits of new random data, all subsequent cards will be dealt using a seed which is completely random and which is completely unrelated to the seed used to deal the previous hands of cards.

You can't ask for better seeding than that.

The random number generator itself is based on the Berkeley prng using a state table size of 64 longs. We modified it to allow changing the seed state without a save/restore operation, but other than that, it is the same algorithm that has been scrutinized by data security professionals for years.

We are proud to say we have offered this level of security to our clients from the first day we opened. We believe you'll agree that this is by far the most comprehensive shuffling solution available at any internet poker site.

Back

1 2 3

Next

|Not yet part of Paradise? - Play Poker Now|