 |
Shufflix: Frequently Asked Questions
|
How does Shufflix prevent that the same hands are used twice?
Every once in a while, hands from one tournament show up in another tournament. This is always embarrassing to
the tournament organizers. Such a mishap occurred at the Junior Teams World Championships in Brazil in August
2001. At this event, the same hands were accidentally used for two different sessions.
This mishap usually does not happen because the software in use has generated the same sequence of hands in two
different runs. Instead, the accident is invariably caused after the hands have been generated by the
dealing software. This can happen in several ways, e.g.:
- A file with a sequence of hands generated for one session is accidentally reused in another session.
- The boards form another session are reused for a later session, but the duplication of the hands into the
boards was accidentally skipped.
The dealing software in itself cannot guarantee against mishaps like these, but it can incorporate features that
support administrative procedures that make these accidents unlikely.
This is the procedure used at the DBf (Danish Bridge Federation) to guard against using a sequence of hands for a
session where it was not intended:
- When the hands are dealt, the operator has explicitly named the tournament, session, and planned playing date
as part of the input to the dealing process.
- This tournament identification appears on printed hand records.
- As part of the process of distributing boards to the playing table, the director verifies a board from each
set of boards against the hand records.
- The tournament director also verifies that the session listed on the hand records is actually the session
about to be played.
If a set of boards accidentally has been delivered to a session without being properly duplicated, this problem
is expected to be discovered at step (3). And if a set of boards has accidentally been reused for a session
that it was not intended for, this problem is expected to be discovered at step (4).
Like all procedures for human work, this procedure is not infallible. In practice, however, it reduces the
frequency of the mishaps considerably.
Well, Shufflix could have generated the same run of boards twice anyway, right?
Wrong. There are two ways that Shufflix can generate the same sequence of boards.
- Because it got into a rut, e.g. initialized the dealing with the same seed.
- By pure chance - since there is always a chance that each board is identical to some other board dealt
earlier.
Shufflix cannot get into a rut like that. For Shufflix to generate the same boards in the same way on two
different runs, the following start conditions have to be identical:
- All information entered by the user, along with additional information about the user connection. (This is the
personalization string).
- The date and time of the run of Shufflix (measured in seconds) along with the process number of the server
process handling the deal. (This is a nonce, i.e. information that can be used only once).
- The 128 random bits used to make the result unpredictable. (This is the entropy input).
The concepts in italics above correspond to the recommendation in NIST
Special Publication 800-90A Revision 1: Recommendation for Random Number Generation Using Deterministic RBGs
(June 2015).
These start conditions guarantee that the same board sequence will not be generated except by pure chance.
So what happens if the operator always gives the same identification string?
Well, in this case the operator is making himself vulnerable to human error in the subsequent handling of the
boards, as described in another question above. Experience shows that within 10 years of operation - often
much sooner - some human error is going to cause the same boards to be reused by accident.
However, two different runs of Shufflix will always generate different sequences, as described above.
So the conclusion would have to be that if the same Shufflix sequence shows up twice, this really is because the
result of the same run of Shufflix has been used twice by accident.
Is human error also the cause of reuse of sequences for other dealing programs?
Almost certainly. Other dealing programs used for serious tournaments have huge numbers of different possible
sequences that they can generate. Hans van Staverens Bigdeal generates 2160 equally probable
sequences for each installation.
Can the operator guess the hand sequence produced by Shufflix in advance?
No. To do so, he would initially have to guess 128 unpredictable random bits. That is infeasible.
Can the Shufflix programmer guess the hand sequence produced by Shufflix in advance?
No. To do so, he would initially have to guess 128 unpredictable random bits. That is infeasible.
But the Shufflix programmer can cheat in the code, right?
Presumably. However, the code is provided on request for all sceptics to read. And, the
code is not very complicated nor very voluminous. That should give some kind of assurance that the programmer did
not cheat.
Can the operator rig the cards?
Yes, in several ways:
- He can alter the output of the Shufflix run.
- He can mock up a sequence of hands that looks as if it was produced by Shufflix.
- He can run thousands of deals and select the most interesting one for the event.
Shufflix supports an audit process that makes it possible to reveal whether anyone has rigged the cards. Shufflix
provides a checksum (cryptographic hash) along with each deal sequence produced, and a web
application to verify the checksum later. The audit process is as follows:
- Representatives for the participants are present when Shufflix is used to create the deals for the event.
- The representatives note the checksums of all the deals made. The checksums can be published too.
- After the event, the checksums of the actual deals used are verified.
Note that this procedure does not affect the basic integrity of Shufflix: The sequence of deals are as unbiased and
unpredictable as ever, and it is cryptographically infeasible to determine the contents of the deals from the
checksums.
This procedure is probably mostly of theoretical interest. In practice, the operator is going to part of a trusted
organization with internal mutual checks.
How does Shufflix guard against snoopers on the Internet?
Shufflix uses the HTTPS protocol, which protects the transmission by means of encryption. This is the same mechanism
that is used to protect bankning transactions on the internet.
Why can't someone else read my deals directly on the Shufflix server?
You yourself can access the deals because an access code for the deals is embedded in the encrypted response you
get from Shufflix when your boards are dealt.
- No one else knows the access code (128 unpredictable random bits), and they need several months of computer
time to guess it correctly.
- Once you are done with your deals, you can press the red delete button for your deals. The
files with the deals are then removed from the server using a secure
delete function. At this stage, it is no longer helpful to guess the random code correctly.
Even the system administrator for the Shufflix server can no longer retrieve the deals.
Shufflix cleans up old deals continually. Therefore, even if you don't press the delete button, Shufflix
will eventually remove the files that contain your deals.
Is every different bridge board possible in every sequence generated?
Certainly. There are around 296 different ways a bridge board can be dealt. And there are 2128
different ways that Shufflix can generate a sequence of boards for any given input. Since 2128 / 296
= 232, that yields an average of around 232 different ways that any sequence for a session can
start with any deal. 232 is around 4 billion.
Version 2017-10-30 / jbc