Random Number Generator Slot Machine

  1. Slot Machines Are Not Random
  2. Random Number Generator Slot Machines
  3. Beat Random Number Generator Slot Machines
  4. Slot Machine Random Name Picker

A Random Number Generator is a microchip that constantly generates numbers at a rate of several billion per second. In slots, the RNG is everything, in the early days of slot machines a mechanical concept was used for randomization but over the past decades, the RNG process has been digitalised and therefore the RNG computer chip is not only used in slots but also in video poker and other. In a slot machine, random numbers are continually and consistently being generated, even when no game is being played. The outcomes of the algorithm are always being calculated, thousands per second. These calculations are being performed by the main server in.

TL;DR

An Austrian casino company used a predictable pseudorandom number generator, rather than a cryptographically secure one, and people are taking advantage of it, and cashing out big.

The Story

Wired reported on an article about an amazing operation at beating electronic slot machines, by holding your phone to the slot machine screen for a time while playing, leaving the slot machine, then coming back an additional time, and cashing in big.

Unlike most slots cheats, he didn’t appear to tinker with any of the machines he targeted, all of which were older models manufactured by Aristocrat Leisure of Australia. Instead he’d simply play, pushing the buttons on a game like Star Drifter or Pelican Pete while furtively holding his iPhone close to the screen.

He’d walk away after a few minutes, then return a bit later to give the game a second chance. That’s when he’d get lucky. The man would parlay a $20 to $60 investment into as much as $1,300 before cashing out and moving on to another machine, where he’d start the cycle anew.

These machines were made by Austrian company Novomatic, and when Novomatic engineers learned of the problem, after a deep investigation, the best thing they could come up with, was that the random number generator in the machine was predictable:

Novomatic’s engineers could find no evidence that the machines in question had been tampered with, leading them to theorize that the cheaters had figured out how to predict the slots’ behavior. “Through targeted and prolonged observation of the individual game sequences as well as possibly recording individual games, it might be possible to allegedly identify a kind of ‘pattern’ in the game results,” the company admitted in a February 2011 notice to its customers.

The article, focused on a single incident in Missouri, mentions that the state vets the machines before they go into production:

Recognizing those patterns would require remarkable effort. Slot machine outcomes are controlled by programs called pseudorandom number generators that produce baffling results by design. Government regulators, such as the Missouri Gaming Commission, vet the integrity of each algorithm before casinos can deploy it.

On random number generators

I'll leave you to read the rest of the article. Suffice it to say, the Novomatic machines were using a predictable pseudorandom number generator after observing its output for a period of time. This poses some questions that should immediately start popping up in your head:

  1. What is the vetting process by states to verify the quality of the pseudorandom number generators in solt machines?
  2. Who is on that vetting commission? Is it made up of mathematicians and cryptographers? Or just a board of executives and politicians?
  3. Why aren't casino manufacturers using cryptographically secure pseudorandom number generators?

For me, that third item is the most important. No doubt, as the Wired article states, older machines just cannot be fixed. They need to be taken out of production. So long as they occupy casinos, convenience stores, and gas stations, they'll be attacked, and the owner will lose money. So let's talk about random number generators for a second, and see what the gambling industry can do to address this problem.

You can categorize random number generators into four categories:

  1. Nonsecure pseudorandom
  2. Cryptographically secure pseudorandom
  3. Chaotic true random
  4. Quantum true random

What I would be willing to bet, is that most electronic machines out there are of the 'nonsecure pseudorandom' type of random number generator, and Novomatic just happened to pick a very poor one. Again, there likely isn't anything they can do about existing machines in production now, but what can they do moving forward? They should start using cryptographically secure pseudorandom number generators (CSPRNGs).

Slot Machines Are Not Random

In reality, this is trivial. There are plenty of CSPRNGs to choose from. CSPRNGs can be broken down further into three subcategories:

  1. Designs based on cryptographic primitives.
  2. Number theoretic designs.
  3. Special-purpose designs.
Number

Let's look at each of these in turn.

Designs based on cryptographic primitives.

Random Number Generator Slot Machines

These are generators that use things like block ciphers, stream ciphers, or hashing functions for the generator. There are some NIST and FIPS standardized designs:

  • NIST SP 800-90A rev. 1 (PDF): CTR_DRBG (a block cipher, such as AES in CTR mode), HMAC_DRBG (hash-based message authentication code), and Hash_DRBG (based on cryptographically secure hashing functions such as SHA-256).
  • ANSI X9.31 Appendix A.2.4: This is based on AES, and obsoletes ANSI X9.17 Appendix C, which is based on 3DES. It requires a high-precision clock to initially seed the generator. It was eventually obsoleted by ANSI X9.62-1998 Annex A.4.
  • ANSI X9.62-2005 Annex D: This standard is defines an HMAC_DRBG, similar to NIST SP 800-90A, using an HMAC as the cryptographic primitive. It obsoletes ANSI X9.62-1998 Annex A.4, and also requires a high-precision clock to initially seed the generator.

It's important that these designs are backtracking resistant, meaning that if you know the current state of the RNG, you cannot construct all previous states of the generator. The above standards are backtracking resistant.

Number theoretic designs

There are really only two current designs, that are based on either the factoring problem or the discrete logarithm problem:

  • Blum-Blum-Shub: This is generator based on the fact that it is difficult to compute the prime factors of very large composites (on the order of 200 or more digits in length). Due to the size of the prime factors, this is a very slow algorithm, and not practical generally.
  • Blum-Micali: This is a generator based on the discrete logarithm problem, when given two known integers 'b' and 'g', it is difficult to find 'k' where 'b^k = g'. Like Blum-Blum-Shub, this generator is also very slow, and not practical generally.

Special-purpose designs

Thankfully, there are a lot of special purpose designs designed by cryptographers that are either stream ciphers that can be trivially ported to a CSPRNG, or deliberately designed CSPRNGs:

  • Yarrow: Created by cryptographer Bruce Schneier (deprecated by Fortuna)
  • Fortuna: Also created by Bruce Schneier, and obsoletes Yarrow.
  • ISAAC: Designed to address the problems in RC4.
  • ChaCha20: Designed by cryptographer Daniel Bernstein, our crypto Lord and Savior.
  • HC-256: The 256-bit alternative to HC-128, which is part of the eSTREAM portfolio.
  • eSTREAM portfolio: (7 algorithms- 3 hardware, 4 software)
  • Random123 suite: Contains four highly parallelizable counter-based algorithms, only two of which are cryptographically secure.

The solution for slot machines

So now what? Slot machine manufacturers should be using cryptographically secure algorithms in their machines, full stop. To be cryptographically secure, the generator:

  • Must past the next-bit test (you cannot predict the next bit any better than 50% probability).
  • Must withstand a state compromise (you cannot reconstruct past states of the generator based on the current state).

If those two properties are met in the generator, then the output will be indistinguishable from true random noise, and the generator will be unbiased, not allowing an adversary, such as someone with a cellphone monitoring the slot machine, to get the upperhand on the slot machine, and prematurely cash out.

Slot

However, the question should then be raised- 'How do you properly seed the CSPRNG, so it starts in an unpredictable state, before release?' Easy, you have two options here:

  • Seed the CSPRNG with a hardware true RNG (HWRNG), such as a USB HWRNG, or....
  • Build the machine such that it collects environmental noise as entropy

The first point is much easier to achieve than the second. Slot machines likely don't have a lot of interrupts built into the system-on-a-chip (SoC). So aside from a microphone, video camera, or antenna recording external events, you're going to be hard-pressed to get any sort of high-quality entropy into the generator. USB TRNGs are available all over the web, and cheap. When the firmware is ready to be deployed, read 512-bits out of the USB generator, hash it with SHA-256, and save the resulting hash on disk as an 'entropy file'.

Then all that is left is when the slot machine boots up and shuts down:

Beat Random Number Generator Slot Machines

  • On startup, read the 'entropy file' saved from the previous shutdown, to seed the CSPRNG.
  • On shutdown, save 256-bits of data out of the generator to disk as an 'entropy file'.

This is how most operating systems have solved the problem with their built-in CSPRNGs. Provided that the very first 'entropy file' was initially seeded with a USB true HWRNG, the state of every slot machine will be always be different, and will always be unpredictable. Also, 256-bits is more than sufficient to make sure the initial state of the generator is unpredictable; physics proves it.

Of course, the SoC could have a HWRNG onboard, but then you run the risk of hardware failure, and the generator becoming predictable. This risk doesn't exist with software-based CSPRNGs, so provided you can always save the state of the generator on disk at shutdown, and read it on startup, you'll always have an unpredictable slot machine.

Slot machines are truly random and in any casino land-based or online, slots are the most favoured, even though most players do not completely understand how they function. There is a general misconception of how slots work and once you understand the inner operations of slots they can be even more fun, extremely profitable and provide hours of enthralling play.

Slot machines are truly random and use a random number generator, the first slot generation was mechanical, think back to coin-operated slots and even those utilised a random number generator most referred to as RNG, to determine the outcomes of the game.

Do modern slots at online casinos use a random number generator?

Modern or video slots at online casinos also use RNG to determine outcomes, the RNG is a mathematical formula in the program running the slot, this program utilises numbers generated by RNG to determine which symbols appear on the reels when they stop. The programs used in physical and online slots are pretty much the same, instead of real spinning reels, it spins on a computer screen.
A Random Number Generator is a microchip that constantly generates numbers at a rate of several billion per second. In slots, the RNG is everything, in the early days of slot machines a mechanical concept was used for randomization but over the past decades, the RNG process has been digitalised and therefore the RNG computer chip is not only used in slots but also in video poker and other casino games.

Slot Machine Random Name Picker

To best way to explain how RNG’s work, as its title, suggests the random number generator has one function and that is the generation of random numbers, this is an ongoing and constant process, generating a set of randomized numbers in a fraction of a second and constantly repeating the process whether the slot is played or not.

As a matter of fact, the randomization process is completely separated from the slot or game and supply the game with the random numbers which the game expresses in a specific format be it slot symbols, poker cards or even keno numbers. Casinos have the match working to their advantage, this is why they seriously don’t need to rig the game. If players enjoy slots at a well-regulated online casino they can be certain that all software is regularly tested, which means the game had to pass rigorous testing before the software are certified as random and fair.

It is not possible to predict random numbers as the RNG are pseudo-random number generators, this means numbers appear random as well as that their value is completely unpredictable in advance. It is important to remember that slots don’t react to previous results, it also does not react to wherever the previous outcome was, a win or a loss. Results are random and none of the superstitious believes is true, lucky charms could make you feel more empowered but at the end of the day it is a game of luck and if you the one playing when the luckiest combination spins into place, you could win life-altering payouts.