Most active commenters
  • alexey-salmin(7)
  • caminante(4)

←back to thread

The math of shuffling cards almost brought down an online poker empire

(www.scientificamerican.com)
97 points indigodaddy | 12 comments | 05 Sep 25 22:50 UTC | HN request time: 1.915s | source | bottom
Show context
ziofill ◴[07 Sep 25 02:40 UTC] No.45154922[source]
“In an ideal world, an algorithm would randomly select an arrangement from the 52! possible decks. But no computer has enough memory to evaluate all of these possibilities, and a perfect random number generator doesn’t yet exist. Therefore, developers generally rely on algorithms that simulate card shuffling.”

You’ve got to be kidding me. What’s wrong with sampling each card independently and uniformly (without replacement)?

replies(2): >>45154979 #>>45155345 #
RainyDayTmrw ◴[07 Sep 25 02:52 UTC] No.45154979[source]
If you do it correctly, you've reinvented Fisher-Yates[1]. If you do it wrong, you've reinvented this unnamed, broken algorithm[2], instead.

But the issue in the article isn't application of pseudorandom numbers. It's seeding the generator.

[1]: https://en.wikipedia.org/wiki/Fisher%E2%80%93Yates_shuffle [2]: https://en.wikipedia.org/wiki/Fisher%E2%80%93Yates_shuffle#N...

replies(2): >>45155261 #>>45155825 #
1. alexey-salmin ◴[07 Sep 25 03:56 UTC] No.45155261[source]
> In the late 1990s the development platform ASF Software supplied several online poker providers, such as Planet Poker, with card-shuffling algorithms. The platform even posted the algorithm on its website as proof that the game was reliably programmed.

What amazes me is the level of overconfidence the developers of the broken algorithm had to post it online. I mean it's not that the probability theory was a novel and unexplored field at the time.

replies(2): >>45156446 #>>45161807 #
2. caminante ◴[07 Sep 25 08:31 UTC] No.45156446[source]
Not sure "overconfidence" applies as you might be stretching the author's unfounded narrative.

This is more impressive than the alternatives:

1. Security through obscurity.

2. Increased financial liability due to #1.

replies(1): >>45157557 #
3. alexey-salmin ◴[07 Sep 25 12:22 UTC] No.45157557[source]
Imagine you proudly present to the public your obviously flawed version of the algorithm even though the correct version is known for decades. If only you've read a single book on the topic.

If that's not overconfidence then it's hard to find what is.

replies(1): >>45157621 #
4. caminante ◴[07 Sep 25 12:34 UTC] No.45157621{3}[source]
You're just restating your initial claim and not addressing the issue I raised with the latter.
replies(1): >>45157747 #
5. alexey-salmin ◴[07 Sep 25 12:51 UTC] No.45157747{4}[source]
What is the issue? Not at all clear from your comment. You're saying above it's better than security by obscurity but it's beside the point.
replies(1): >>45161098 #
6. caminante ◴[07 Sep 25 18:55 UTC] No.45161098{5}[source]
> but it's beside the point

Why is it beside the point?

You haven't established their intent for gross negligence and give no charity to the fact this was 30 years ago (pre-Wikipedia and the search breadth we have today). Since then, people have continued to expose severe RNG design flaws in other systems designed by very smart people. It happens...

replies(1): >>45166849 #
7. 48terry ◴[07 Sep 25 20:25 UTC] No.45161807[source]
...They posted their algorithm as a way to prove it was reliable. Someone pointed out it wasn't reliable. They revised the algorithm. What's the problem here?
replies(1): >>45165436 #
8. alexey-salmin ◴[08 Sep 25 07:15 UTC] No.45165436[source]
They were selling this algorithm for money and evidently didn't use any of that money to hire a single statistician to validate it. The mistake they've made isn't obscure and doesn't require a thousand pairs of eyes to catch, just one.

Imagine paying to a professional plumber, he installs the toilet upside down and then posts the photos online for the community to check his work.

9. alexey-salmin ◴[08 Sep 25 11:04 UTC] No.45166849{6}[source]
30 years ago it wasn't dark ages. Wikipedia didn't exist but books on probability theory and statistics did.

When you do a shuffling algorithm in a sensitive context (money or security), you have prove that it returns all the possible permutations with equal probability plus put lower bounds on the amount of entropy you need from the underlying RNG. If you're unable to prove it, you shouldn't move forward with the algorithm. Any irregularities in the output distribution can be exploited. This is textbook knowledge pioneered in early encryption works and perfected by the time WWII ended. Evidently the effort to prove correctness was never made.

Now the original article can indeed misrepresent or omit important facts. I'm definitely open to reconsider my conclusion if more facts become available. However "there was no Wikipedia" isn't one of them, it doesn't count as an excuse not to do your job properly.

If it turned out, for example, that "ASF Software" wasn't even aware that their shuffling algorithm was used to shuffle cards and just shipped it along with 200 other basic algorithms as a some sort of "better standard library", this would change the situation. However from the quick googling it seems that their product wasn't a standard library, it was specifically software for Texas Hold'em. This is a "you had one job" kind of situation.

> Since then, people have continued to expose severe RNG design flaws in other systems designed by very smart people. It happens...

Absolutely, but we're not talking frontiers of Computer Science here.

* If you seed your RNG with at most 86 million unique values, you get at most 86 million unique random sequences out of it.

* If your code should have M possible equiprobable outcomes, it has N equiprobable outcomes, and N doesn't divide M, you're in trouble.

replies(1): >>45170668 #
10. caminante ◴[08 Sep 25 16:54 UTC] No.45170668{7}[source]
> 30 years ago it wasn't dark ages...

I didn't say or imply books didn't exist. You can't credibly say it was as readily available, and I promise you that people are still making these mistakes, today.

> When you do a shuffling algorithm in a sensitive context (money or security), you have prove that it returns all the possible...If you're unable to prove it, you shouldn't move forward with the algorithm.

Ideally, of course! This is a really high standard that I'm afraid isn't enforced in a lot of commercial or even sensitive applications. 86 million permutations is probably good enough and even if someone was clever enough to synch clocks and narrow to 200k permutations, then I'm not convinced there was actually any harm.

Do you have any proof of harm?

And there are plenty of smart people in the 90s and beyond not realizing that relying a system clock to seed values is attackable. These guys, to their credit, patched their system by openly providing their algorithms.

Even if their clients had been harmed, they'd published the algorithm so that their "sophisticated" clients could audit the algorithm.

> I'm definitely open to reconsider my conclusion if more facts become available.

This is circular as you're taking the article's narrative at face value without getting any primary sources confirming gross negligence or "arrogance" as you imply.

replies(2): >>45180573 #>>45181099 #
11. alexey-salmin ◴[09 Sep 25 11:40 UTC] No.45180573{8}[source]
> Ideally, of course! This is a really high standard that I'm afraid isn't enforced in a lot of commercial or even sensitive applications. 86 million permutations is probably good enough and even if someone was clever enough to synch clocks and narrow to 200k permutations, then I'm not convinced there was actually any harm.

Of course not, this is ridiculous. If your job is to shuffle the deck, shuffle it well. It's like doing a 80/20 coinflip and arguing that 50/50 is a "really high standard". And that for a company that sells bet-money-on-coinflips software.

If you don't know how to do it well -- read a book or use std::random_shuffle. Somehow Stepanov was able to do it right (assuming a good RandomNumberGenerator input) from the first try in 1993, without Wikipedia poor guy. And this wasn't even his main job, random_shuffle was one of a dozens of algorithms he envisioned and implemented for the STL.

> This is circular as you're taking the article's narrative at face value without getting any primary sources confirming gross negligence or "arrogance" as you imply.

I did some quick research and it seems that ASF Software had indeed developed the Planet Poker online platform. Which comes down to failing at your main job, I don't really see what other evidence you expect here?

I strongly believe that people in general and software engineers in particular should be held up to high standards. Finding excuses for how school-level math is too hard for them is condescending. It is disrespectful to the very people you're talking about.

If you say they couldn't even understand that N^N is not divisible by N! you basically say that they're mentally challenged. I on the contrary say that they most certainly would've been able to understand it if they made an effort -- which they didn't. So negligence.

12. alexey-salmin ◴[09 Sep 25 12:35 UTC] No.45181099{8}[source]
UPDATE. I think I should also address this:

> if someone was clever enough to synch clocks and narrow to 200k permutations, then I'm not convinced there was actually any harm.

I don't think you understand the situation at all. In Hold'em in the end you see 7 cards: 2 in your hand and 5 on the table. That's 52x51x...x46 = 674B different sequences of open cards.

This means that by the time you see these cards you can know exactly which of the 200k permutations the engine had chosen for this hand. There's only one that precisely matches one of the 674 billions possible open cards combination that you observe.

In fact, by the time you see the flop (2+3 open cards, 311M variants), you know everyone else's cards.