Online gaming, particularly poker, is a multi-billion dollar industry. The market’s financial boom allowed many of the more successful companies to become publicly traded.
Large amounts of money also attract the corrupted segments of the population, in this case hackers, cheaters, and phishers. The technology behind online gaming has been forced to advance to protect against these attacks, both for itself and its players. Nevertheless, well-known casino sites have been victims of cheating during the last two years. For example, in 2008, employees of a popular online gambling platform hacked the site’s software and created “super-user” accounts that allowed them to cheat players out of 150 millions of dollars over a two-year period before other players caught them and the site was forced by public pressure to return the money to the players.
Detecting online cheating is hard. Cheating can be done in very elaborate ways so it might go on inadvertently for years. It is likely that some of the online casinos have been hacked in the past, leaving back-doors for cheating.
Online casino players generally don’t underestimate this problem. A survey reflect that the levels of mistrust and cynicism are epitomized by the fact that only half of respondents felt that online gambling software was fair and random, and in fact, over a third of respondents thought there was an “on/off switch that could turn the software in favour of the operator”. So player always prefer gaming sites which give better security guarantees. On the other side, online casino operators have recognize the importance of its security and potential to boost or damp the profits. Nevertheless, until now, there was no solution in the market that could provide the privacy and security guarantees for both the player and the casino site.
Certimix has developed an unique technology based on firm mathematical grounds. Using this technology, Certimix has created a gamut products for the protection of online card gaming sites: CertifiedPlay. The innovation can be very simple stated: nobody, not even the casino operator, knows your cards. Yet, no casino site or casino software provider has been able to achieve such a simple privacy guarantee.
Certimix offers the following products/services:
– Patent licensing CertifiedPlay technology.
– CertifiedPlay-API (a programming a library)
– CertifiedPlay-Platform (a security platform)
– CertifiedPlay-Infrastructure (a complete gaming infrastructure).
CertifiedPlay technology is based on new cryptographic protocols that provide privacy of cards dealt to players through an insecure digital network (like Internet), achieving cryptographic security and real-time performance. These “Mental Poker” protocols are TDSP and MPF. TDSP is patent pending.
Mental Poker (“MP”) protocols allow multiple parties to securely play a card game over an insecure, peer-to-peer or broadcast medium. There are two kind of MP protocols: the ones who require a trusted third party and the ones which do not (TTP-Free). In a TTP protocol there is a third party who deals the cards, so it has knowledge of the cards in each players hand. It must be trusted and impartial. On the other hand, in TTP-free protocols, only each player knows his hand, and cards are completely private.
CertifiedPlay technology combines a state of the art MP protocol, with a complete and proven infrastructure for online game play, including an time-stamping service (to assure accurate times on messages), a broadcasting service (to forward messages to all other players), a logging service (to keep a log of all the game actions to allow ruling on a dispute), auditing entities (to rule on a dispute), network connection providers (like ISPs), online banks (to hold the bets and pay the pot), payment gateways (to transfer money from the player to the online bank), open-source client applications (to connect to the infrastructure), game servers (to direct the game with rules and actions) and game tracker servers (to search for an open table or create a new table to play in).
Also, CertifiedPlay products can be fully interfaced with current casino operators server and client softwares, minimizing porting effort.
If the e-casino already provides some of these services, then CertifiedPlay can use them, and there is no need for additional modules.
Key benefits of the gaming technology
- Protect online casino operators against cheating.
- Protect players against cheating.
- Substantially cut costs of security in card games application development, auditing and dispute ruling, for online casino operators.
- Works with legacy systems and allows to interconnect players.
- Can interconnect different game networks, from different e-casino operators and provide joined tables.
- Isolate the security components that handle players cards from the rest of the system, such as lower security layers like the visual interface or higher security layers such as monetary account management.
- Provides game logs for external auditing.
- Allows load-balancing on game servers.
- Allows players to specify minimum privacy and security levels desired.
- Not based on any trade secret: its security does not rely on obscurity.
How CertifiedPlay works
Shamir, Rivest and Adleman proposed the first TTP-Free protocol [SRA81] that achieved some of the properties desired for card games, but forced the players to reveal their hands and their strategy at the end of the game. In [Cr86] the requirements for a MP protocol were established. If a protocol satisfied these requirement, it would be as secure as a “real” card game. [Cr86] also presents the first protocol that satisfies them. However the protocol is not practical, since an implementation is reported to take 8 hours to shuffle a poker deck [E94].
New protocols were later developed [KKO90], [BS03] [CDRB03][CR05]. Some of these protocols are difficult to verify because they lack a formal and abstract layer, with abstract data types, and a simple set of operations on cards. In addition to the MP requirements previously defined, in [CDRB03] an additional requirement is proposed. TDSP/MPF satisfies all previously required properties along with four additional requirements for a protocol to withstand real-world scenarios.
Key TDSP/MPF properties
- Uniqueness of cards: no player can duplicate cards. Duplicates are be detected and the cheater is identified.
- Uniform random distribution of cards: no player can predict or change the outcome of the card shuffle.
- Cheating detection: The protocol detects any attempt to cheat.
- Complete confidentiality of cards: It is computationally infeasible to guess any information of the cards in the deck or the cards other players hand.
- Minimal effect of coalitions: Players are no able to collude and work together to change the outcome of the shuffling, nor to exchange cards privately, nor to cheat without being detected, nor to cheat in such a way that the cheating players cannot be precisely identified.
- Complete confidentiality of strategy: Players who decide to show their cards are guaranteed that no strategic information will leak, for example, the round when each shown card was dealt. Also, players who opt no to show their cards are not required to disclose any information.
- Absence of trusted third party: No external party can know private cards.
- Polite Drop-out tolerance: If a player decides to quit the game politely, the remaining players are able to keep playing. Cards that where in the quitting player hand can be returned to the deck or put apart.
- Abrupt Drop-out tolerance: If a player abruptly quits the game (e.g. by closing his connection) the remaining players are able to keep playing, returning the quitting player cards to the deck, but without knowing which cards they were.
- Real-world comparable performance: The protocol allows real-time play, satisfying users expectation. This includes bandwidth usage, memory usage and CPU usage.
- Variable number of players: number of players is only limited by computational power of the client applications. A game with ten players is perfectly handled by today’s personal computer power.
- Card transfer actions: Digital cards work like real ones. Cards can be returned to the deck, the deck can be reshuffled, etc.
- Protection against suicide cheaters: Cheating, even if discovered, cannot be used as a medium to reach other goals. Suicide cheaters are malicious players willing to cheat even if the are sooner or later detected, in order to gain some information about other players way of playing (strategy) or generate a change in other players mood.
[BS03] A. Barnett and N. Smart. Mental poker revisited. In Proc. Cryptography and Coding, volume 2898 of Lecture Notes in Computer Science, pages 370–383. Springer-Verlag, December 2003.
[CDRB03] J Castellá-Roca, J. Domingo-Ferrer, A. Riera, and J. Borrell. Practical mental poker without a ttp based on homomorphic encryption. In T. Johansson and S. Maitra, editors, Progress in Cryptology, Indocrypt’2003, number 2904 in Lecture Notes in Computer Science, pages 280–294.
[CR05] Jordi Castellà-Roca, Contributions to Mental Poker. Autonomous University of Barcelona, Doctoral Programme in Computer Science and Artificial Intelligence. Data of public reading: Sep. 9, 2005.
[Cré86] C. Crépeau. A zero-knowledge poker protocol that achieves confidentiality of the players’ strategy or how to achieve an electronic poker face. In A. M. Odlyzko, editor, Advances in Cryptology – Crypto ’86, volume 263, pages 239–250, Berlin, 1986. Springer-Verlag. Lecture Notes in Computer Science.
[E94]. J. Edwards, Implementing Electronic Poker: A Practical Exercise in Zero-Knowledge Interactive Proofs. Master’s thesis, Department of Computer Science, University of Kentucky, 1994.
[KKO97] K. Kurosawa, Y. Katayama, and W. Ogata. Reshuffable and laziness tolerant mental card game protocol. TIEICE: IEICE Transactions on Communications/Electronics/Information and Systems, E00-A, 1997.
[SRA81] A. Shamir, R.L. Rivest, and L. Adleman. Mental poker. Mathematical Gardner, pages 37–43, 1981.