PRNG period & update frequency
October 25th, 2017 at 9:03:08 AM
permalink
New to the forum, so sorry if this has been addressed before. I recently read about the Russian hacker who was able to predict approximately when a slot was going to hit by reverse engineering the PRNG.
I am wondering how this is even possible. It seems the period of the PRNG must be very long and/or the rate at which it increments must be very slow in order for someone to time a press of the spin button. I would think that with processor clock speeds in the GHz range (or even 100s of MHz), it should be possible for the PRNG to cycle through all the possible outcomes in a second or so, making it seemingly impossible to time the pressing of the spin button. I must be missing something in the way PRNGs work in slots; can anyone enlighten me?
I am wondering how this is even possible. It seems the period of the PRNG must be very long and/or the rate at which it increments must be very slow in order for someone to time a press of the spin button. I would think that with processor clock speeds in the GHz range (or even 100s of MHz), it should be possible for the PRNG to cycle through all the possible outcomes in a second or so, making it seemingly impossible to time the pressing of the spin button. I must be missing something in the way PRNGs work in slots; can anyone enlighten me?
October 25th, 2017 at 9:17:29 AM
permalink
I have no idea about the specifics of these incidents, or the specific RNG tech in slot machines. But here are few possibilities I can think of....
A) The slot machine's PRNG algorithm was using a weak source of entropy as a seed, which made the values predictable in some way
B) The PRNG algorithm was not great or had a bug where the results had some sort of bias, or would repeat after a certain amount of time
C) The hacker was able to get malicious code into the machine somewhere along the line
D) The machine was using a hardware RNG, which can fail silently and produce predictable results
Here's an explanation I wrote in another thread about how PRNG seeding works:
Computers aren't physically capable of generating randomness because they are deterministic, meaning any program they execute takes an input and produce a completely predictable output with no variation or error.
Hardware based random number generators, attempt to capture some sort of physical noise as a source of entropy. Software based number generators attempt to simulate that chaotic randomness, since they are physically bound to the deterministic nature of computers, thus why they are considered pseudo-random. What these algorithms do is extrapolate a series of pseudo-random values from a fixed input, which is called the seed.
Seed values can range from things like system time in milliseconds (not a great source of randomness), to a combination of high accuracy system values/counters.
For example, Microsoft's cryptographic secure RNG seeds itself with the following parameters:
- The current process ID
- The current thread ID
- The tick count since boot time
- The current time
- Various high-precision performance counters
- An MD4 hash of the user's environment block, which includes username, computer name, and search path
- High-precision internal CPU counters, such as RDTSC, RDMSR, RDPMC
The best physical analogy of a psuedo-random number generator I can think of is a double pendulum.
Look at this short video:
https://www.youtube.com/watch?v=U39RMUzCjiU
A double pendulum is a chaotic system that is extremely sensitive to an initial state (e.g. the seed state), and the seemingly random motion is very hard to predict/calculate, even though the system still functions within the bounds of physics (e.g. determinism in the case of algorithms).
A) The slot machine's PRNG algorithm was using a weak source of entropy as a seed, which made the values predictable in some way
B) The PRNG algorithm was not great or had a bug where the results had some sort of bias, or would repeat after a certain amount of time
C) The hacker was able to get malicious code into the machine somewhere along the line
D) The machine was using a hardware RNG, which can fail silently and produce predictable results
Here's an explanation I wrote in another thread about how PRNG seeding works:
Computers aren't physically capable of generating randomness because they are deterministic, meaning any program they execute takes an input and produce a completely predictable output with no variation or error.
Hardware based random number generators, attempt to capture some sort of physical noise as a source of entropy. Software based number generators attempt to simulate that chaotic randomness, since they are physically bound to the deterministic nature of computers, thus why they are considered pseudo-random. What these algorithms do is extrapolate a series of pseudo-random values from a fixed input, which is called the seed.
Seed values can range from things like system time in milliseconds (not a great source of randomness), to a combination of high accuracy system values/counters.
For example, Microsoft's cryptographic secure RNG seeds itself with the following parameters:
- The current process ID
- The current thread ID
- The tick count since boot time
- The current time
- Various high-precision performance counters
- An MD4 hash of the user's environment block, which includes username, computer name, and search path
- High-precision internal CPU counters, such as RDTSC, RDMSR, RDPMC
The best physical analogy of a psuedo-random number generator I can think of is a double pendulum.
Look at this short video:
https://www.youtube.com/watch?v=U39RMUzCjiU
A double pendulum is a chaotic system that is extremely sensitive to an initial state (e.g. the seed state), and the seemingly random motion is very hard to predict/calculate, even though the system still functions within the bounds of physics (e.g. determinism in the case of algorithms).
October 25th, 2017 at 9:40:39 AM
permalink
Quote: logicGuyIt seems the period of the PRNG must be very long and/or the rate at which it increments must be very slow in order for someone to time a press of the spin button. I would think that with processor clock speeds in the GHz range (or even 100s of MHz), it should be possible for the PRNG to cycle through all the possible outcomes in a second or so, making it seemingly impossible to time the pressing of the spin button.
Some people - mainly musicians, apparently - have demonstrated the ability to time a periodic event (e.g. a light that blinks once every second) to within 1/10,000 of a second. Even with a 1 GHz PRNG, someone who knows the period of the jackpot number, assuming it is regular, and can time it to 1/10,000 of a second can reduce the number of "random" numbers to a set of 200,001, since a 1 GHz PRNG will generate 100,000 numbers in 1/10,000 of a second. That doesn't sound like much, but if the jackpot pays more than 200,000-1, then it is an advantage play.
This method works much better when the number of possibilities is small, such as E-roulette or E-craps; in 1/10,000 of a second at 1 GHz, each of the 36 possible rolls of a pair of dice, or each possible number on a roulette wheel. occurs over 2700 times. Even at 10 MHz, each occurs around 27-28 times.
October 25th, 2017 at 9:47:48 AM
permalink
The Russian hackers were targeting Aristocrat Mark IV slot machines that are over 20 years old. From everything that I read they used a very weak RNG and I can only assume the increment rate was slow. About 25 years ago I worked on a slot machine that updated the RNG every 50ms. By today's standards that would be unacceptable.
At my age, a "Life In Prison" sentence is not much of a deterrent.
October 25th, 2017 at 10:03:35 AM
permalink
20 years old, and if the processor used was not state of the art, then the clock rate, and hence the RN update rate, could've been quite slow. To counter, the period of the PRNG should therefore be very long, right? So if it wasn't or was somehow otherwise predictable, I could see how the hackers exploited it.
Nowadays, however, it seems you wouldn't even need a PRNG provided it cycled thru the sequence of outcomes fast enough. A simple counter could suffice, I would think (not factoring in the abilities of some musicians :)
Nowadays, however, it seems you wouldn't even need a PRNG provided it cycled thru the sequence of outcomes fast enough. A simple counter could suffice, I would think (not factoring in the abilities of some musicians :)
