Fair Play in Online Casinos

Many players complain about “freak hands” and frequent bad beats in Internet poker rooms. Numerous comments are posted on poker forums about strange hands occurring. Some observers claim that it is the speed with which hands are dealt online that gives a false impression about the frequency of these.

There are two opposing schools of thought. One is that hands dealt in the virtual poker rooms are somehow not the same as in a bricks and mortar card room. The other is that because the software is dependent on random number generators the deals are trustworthier than those by a human dealer.

All online operators have their software endorsed by outside bodies and firms of accountants. But do the people who endorse them really understand what they are endorsing?

To try and find out the truth Poker Europa approached one of the world’s experts on random number generators. Peter Hellekalek is Professor of Mathematics at Salzburg University, Austria and leads a global working party (known as the pLab Project), which carries out ongoing research into RNGs and the validity of their results.
We asked him to look at the online poker scene and answer a simple question: What can go wrong? Here is what he says.


Online Poker – Is it the real deal?

How do the dice roll in an online-casino?

In other words, where do online-casinos get their randomness from? There is no roulette wheel spinning, no dice are rolling and no cards are drawn. All that moves are bits and bytes on some computers. The Lottery Fairy has become virtual. You are not convinced that everything works as it should? You are right to be cautious.

How can computers produce randomness, if every step in a computer program is well-defined and definitely non-random, at least in theory?
One employs pseudorandom number generators (PRNGs, for short) which produce pseudorandom numbers (PRNs) that mimic the outcome of the random processes we are interested in like the roulette wheel, throwing dice, and so on. (One keyword in this context in the world of science is the Monte Carlo method.)

What are the requirements for PRNGs?

We will illustrate this with the roulette wheel:

  1. Every number will have the same chance to be drawn,
  2. The preceding results do not influence the outcome of the next draw. The output is unpredictable.

In scientific terms, we call (i) uniform distribution, and (ii) independence of the results. Now we have a problem. PRNGs are mathematical algorithms that produce random-looking numbers. (In mathematics, computing, linguistics, and related disciplines, an algorithm is a finite list of well-defined instructions for accomplishing some task that, given an initial state, will terminate in a defined end-state.)

Statistical tests should not be able to find any "non-random" behaviour in the PRNs. Because of the very nature of the PRNGs, their outcome is uniquely determined by the initial state of these algorithms.

If you know the initial state of this "machine", you will know all about its output. In other words, you will be able to predict the next cards in poker, the next throw of the dice, and so on.

This implies the first commandment for online gambling casinos: use a PRNG that is state-of-the-art in science. This also yields the second commandment: keep the initial state of the PRNG in use secret, top secret.

We face a further problem. PRNGs produce huge numbers at every step. We will have to transform this output to play poker, or roulette, and other games by mathematical formulae. If the transformation method is not appropriate, a bias will occur. In other words, some cards may appear more often then they should.

This implies the third commandment: use appropriate transformation methods for online gambling to avoid bias.

The next problem is obvious: the PRNG and the transformation method might be correct, but the computer programme might be faulty.

Hence, the fourth commandment is as follows: make sure that the algorithms are implemented correctly.

Everything is seemingly perfect, at the moment: you have a state-of-the-art PRNG, the correct transformation method, and a carefully checked implementation of all these mathematical formulae into a computer programme.

Unfortunately, you have overlooked one thing. In the meantime your PRNG has become predictable due to the research results of some obscure mathematician. Some gamers have noticed this fact and use it to make money in your online casino.

As a consequence, the fifth commandment reads: evaluate your PRNG at regular intervals (twice a year, for example).

You are obeying the first five commandments but you are overlooking one fact: your spirit is willing, but the flesh of your system administrator is weak.

Who makes sure that…

  • The implementation of the mathematical algorithms, i.e., the computer programme, remains unchanged and has not been replaced by an unfriendly version?
  • Some very able hacker has got access to your computer system and, hence, is able to guess the initialisation of your PRNG and improve his gambling accordingly?

The sixth commandment is: make sure that your computer system is tamper proof and even an insider cannot get improper access to it.

Finally, some educational stuff. In modern cryptography, one assumes that the enemy knows which encryption system we use. The whole security lies in the protection (and the quality) of the secret key. This approach has proven to be most useful. By letting the (scientific) public study one’s system, one avoids stupid mistakes, because specialists from all over the world will comment on the security.

Generating PRNs for online gambling is a cryptographical task. Requirements like unpredictability are typical for cryptography, also the prevention against attacks by insiders.
We have already dwelled upon unpredictability.

A closely related question is the following: how do you initialise your PRNG? This is a delicate problem, because even your system administrator should not know the exact value of the initialisation, although he is able to and must be able to know how this value is generated.

Hence, the seventh commandment is the following: choose a secure technique to initialise your PRNG.

I hope this makes clear how much can go wrong in an online gambling casino.


The author is head of Salburg University maths department and one of the world’s leading experts on Random Number Generators. This article was originally published by Poker Europa Magazine in October 2007.