Steem Monsters Tech Talk - Part 3 - Now With More Decentralization!
Scanning the Whole Blockchain
Combining or transfering Steem Monsters cards requires the owner to publish a custom_json transaction to the blockchain using their private posting key in order to authorize the transaction. Prior to today, that had to be done through the Steem Monsters website or else it would not know that the transaction had been published and the cards would not show as being combined or transfered.
This dependency on the Steem Monsters website added an unnecessary additional level of centralization to the app. I'm happy to say that, as of earlier today, the Steem Monsters code was updated to scan every block that is created going forward for these custom_json transactions so it will pick them up and process them whether or not they were submitted through the website.
A confirmation that the transaction was picked up and processed will be posted as an additional custom_json operation on the @steemmonsters account. If there was a problem with the transaction (for example if you try to combine or transfer a card you don't own), then no confirmation will be posted.
This will allow third party sites and services to easily offer card trading / selling or combining without any dependency on the official Steem Monsters website.
Special thanks for @rondras and @blervin for helping to point out this problem and also to test the changes made today!
Verifiable Code Execution
In the last tech talk post I talked about verifiable code execution and said the following:
If we seed our random number generator with a non-predictable value generated by the blockchain, such as the block id of the block containing a Steem Monsters pack purchase transaction, and publish the code for choosing the cards in each pack, then anyone would be able to verify that the pack contents were generated via a pre-published algorithm.
Again, I am happy to say that this has also been implemented as of earlier today. The random number generator used for choosing the cards in each pack is now seeded using the MD5 hash of the transaction id, block id, and previous block id of the payment transaction.
For those who are so inclined, you can check this yourself using this tool on the Steem Monsters website: https://steemmonsters.com/?verify_packs=1 and you can view the page source to see the algorithm in JavaScript. The list of cards and associated details that are used in the algorithm can be obtained from: https://steemmonsters.com/cards/get_details
(note that this will only work for transactions made after the change at around 5 PM ET today, earlier transactions are not verifiable in this manner)
Here is a purchase transaction I made after the change was implemented:
You can see that the "trx_id", "block_id", and "prev_block_id" are published as part of the "generate_packs" transactions for easy retrieval and verification, but you can also pull them from steemd or any other Steem block explorer.
You can put those values into the verify packs page to verify that you get the same results:
You Don't Need Us Anymore...
With the addition of these changes, everything that is needed to run Steem Monsters as it currently exists is openly published and available. This means that, as I mentioned above, third party sites and services can implement all of the available features themselves with absolutely no dependency on the official Steem Monsters site.
There is already http://steemmonstersdb.com/ created by @blervin (you should check it out if you haven't already) and I think I can speak for @aggroed as well when I say that we cannot wait to see what else the Steem community will come up with!
Thanks For Your Support
Although making a game like this is something I have wanted to do since I was a kid, I doubt I would have the motivation to put as much time and effort into it as I have so far without the overwhelming support we have received from the Steem community!
I look at every pack that is purchased as someone putting their trust in us to build something great, and I will do everything I can to ensure that we achieve that goal. So I want to give a big THANK YOU to everyone who has supported and put their trust in us, and I promise that the best is yet to come!
Banner art by @nateaguila ...except I just added the Steem Monsters logo in the middle :-)
Doesn't the now public algorithm have the opportunity to be exploited? Someone with enough skill could find a time to always get a confirmed legendary card?
To do that they would need to control the transaction id, the block id, and the previous block id of their purchase transaction. The transaction id is easy enough to control for a sophisticated developer, but the block id can only be controlled by the block producer (witness) who creates the block.
So in order to exploit the algorithm you would need to have at least two block producers collude when they are scheduled to create sequential blocks. I consider this to be sufficiently secure, but please let me know if you disagree or if you think I've missed something!
Are you sure a single witness cannot exploit the algorithm? It seems to me that adding the previous block hash doesn't actually add anything. In fact, the previous block hash is incorporated already into the current block hash.
An attacking witness would use the following strategy for a block they were slated to mine: cycle through potential transaction IDs until it constructs a flush random seed. I'm not sure exactly how one can grind transaction IDs, but there are probably some fields that are arbitrary or could have multiple possible values.
Is it correct to say that witnesses can know which Steem monsters would be included in their purchase if its in a block they are mining? This would seem like an unacceptable characteristic in the long term.
Check out the links in my comment on my gist. IIRC some of those references attempt to address this issue.
Yes, I suppose you're right that the previous block ID doesn't really add any additional difficulty since it's already known. What do you think about using the next block ID instead of the previous one? It would make purchases take an additional 3 seconds or so to go through but I think that's acceptable.
I've thought about this a bit more and it's a hard problem to address. I also realized witnesses don't need to be grinding their Steem Monster purchase transaction but instead could grind something related to the block composition that is difficult to detect, such as transaction ordering (i.e. the suspected method used for covert AsicBoost).
I think lookahead is probably better than lookbehind, in terms of creating a randomness beacon that cannot be controlled by a single witness. But just a single block lookahead is probably insufficient. For example, a witness could submit their transaction one block before they were scheduled to mine. Then they would be able to engineer the lookahead block to yield a flush Booster Pack.
I am not sure if there is a perfect solution, but raising the bar to require two colluding witnesses most of the time would be a start. Perhaps this could be done by having each block hash following a transaction delay the settlement by 0, 1, 2, or 3 blocks. Perhaps the following pseudo-algorithm:
This seems overly complicated and only partially effective. Maybe there is a way to get a randomness oracle on Steem, that say posts the NIST Randomness Beacon for the timestamp of the previous block. Then you could do a lookahead that takes transaction id, transaction block id, and randomness beacon from the oracle for a lookahead block.
I'll look a bit into some existing literature such ast Proofs-of-delay and randomness beacons in Ethereum.
Another thing to consider is that a "flush booster pack" would have to be "mined". You would need to add some type of nonce into the block and then generate the hash, run the card pack generation code, check the results, update the nonce and repeat until you find a pack that is good enough for you.
You have at most 3 seconds to do this or you will miss your block. The more packs that are purchased the more computation this would take. The whole idea behind DPoS is that we trust the top witnesses not to do things like this. If it's found that a top witness is doing this, then they would lose their votes (at least in theory), and then not be able to produce more blocks.
So from that perspective I think what is implemented now is probably sufficient.
I'm guessing you could probably evaluate 1000s of booster packs by grinding transaction order within a 3 second window. However, this also brings up another potential solution: using a key derivation function that takes 3+ seconds of computational work to generate a random seed from transaction & block info. This would make it impossible to evaluate booster pack outcomes within the 3 second interval. airBitz / Edge uses a similar approach to slow down brute force attempts to break into a wallet.
That's an interesting point about how DPoS does provide some protection because witnesses have their future earning ability at stake via their reputation. In a proof of work system, there is a large cost to forgoing a PoW solution because it doesn't generate the proper random seed. However, with PoW there is no reputation cost since blocks can be mined anonymously. In Steem there is no immediate cost to picking a block with the right block hash. However, there is a longterm reputational risk if you get caught.
It will be interesting to see if good cards start occurring more than would be expected by chance!
Dear @yabapmatt
I tried to contact you via discord... There are a lot of bots out of control without upvoting due to a bug in the steem blockchain. Please, have a look at the post:
https://steemit.com/witness-category/@mahdiyari/why-steem-was-down-blockchain-bugs-and-problems-witness-and-seed-nodes
I guess you should change the nodes on which the bots have being connected.
Regards
3 seconds doesn't sound too bad, it could be "hid away" with some animation.
This is amazing for giving the community assurance to confirm its decentralized network. Thanks for making this possible and proving that Steem Monster is really a decentralized game with no central authority to manipulate it. It is kind of frustration to hear other blockchain are turning in to scam and an update like this is what we really need. Thanks guys 😁😁😁
that is it @hiroyamagishi its true what you are telling these scame have taken away $100 of millions of dollars well I just saw some of your posts truly amazing . Keep up the good work brother.
Thanks a lot for this! What I like most about you guys is the fact that you are not just developing a game but that you listen closely to your community and react quickly to wishes and suggestions if they are reasonable. This makes me even more excited about Steem Monsters!
Since I previously walked through the processes to publish these operations to the blockchain and then also to your endpoint, I can say firsthand how beautiful this is now.
To a large degree you've moved these steemmonsters operations directly into the blockchain. Now, we can publish our own
custom_json
operations which are immediately recognized and reflected in steemmonsters.I'm not sure it's easy to see how cool this really is so I'm working on something I'll be excited to release very soon!
I admire that you've decentralized features of the game even further. As it currently exists, of course. It will be interesting to see how third-party sites will now exploit this new capability of combining and trading cards. You've just opened up the opportunity for a marketplace on here, independent of the official steemmonsters website. Thanks for the technical details!
I debated commenting because it would simply be a spammy comment since I'm not very techy. However, I decided to leave my short comment afterall. :)
I have been playing this game for sometime now.The decentralisation of this game will surely help new users who will be joining this as soon as they get info about.
The work that you and your team have put into this is really commendable.I can't wait to see what else you have got in store for us.
SO EXCITING! I can't wait to see more updates on trading and fighting.
You got a 25.00% Upvote and Resteem from @ebargains, as well as upvotes from our curation trail followers!
If you are looking to earn a passive no hassle return on your Steem Power, delegate your SP to @ebargains by clicking on one of the ready to delegate links:
50SP | 100SP | 250SP | 500SP | 1000SP | 5000SP | Custom Amount
You will earn 90% of the voting service's earnings based on your delegated SP's prorated share of the service's SP pool daily! That is up to 38.5% APR! You can also undelegate at anytime.
We are also a very profitable curation trail leader on https://steemauto.com/. Follow @ebargains today and earn more on curation rewards!
so you were the creator of steem bot tracker thank you soo much for helping us.
Every update you guys provide continues to impress. . . I have never even played s game like this before but I’m already hooked on the cards. Can’t wait for the tourneys to start.