Online gaming, particularly poker, is a multi-billion dollar industry. The market’s financial boom allowed many of the more successful companies to become publicly traded.
Large amounts of money also attract the corrupted segments of the population, in this case hackers, cheaters, and phishers. The technology behind online gaming has been forced to advance to protect against these attacks, both for itself and its players. Nevertheless, well-known casino sites have been victims of cheating during the last two years. For example, in 2008, employees of a popular online gambling platform hacked the site’s software and created “super-user” accounts that allowed them to cheat players out of 150 millions of dollars over a two-year period before other players caught them and the site was forced by public pressure to return the money to the players.
Detecting online cheating is hard. Cheating can be done in very elaborate ways so it might go on inadvertently for years. It is likely that some of the online casinos have been hacked in the past, leaving back-doors for cheating.
Online casino players generally don't underestimate this problem. A survey reflect that the levels of mistrust and cynicism are epitomized by the fact that only half of respondents felt that online gambling software was fair and random, and in fact, over a third of respondents thought there was an “on/off switch that could turn the software in favour of the operator”. So player always prefer gaming sites which give better security guarantees. On the other side, online casino operators have recognize the importance of its security and potential to boost or damp the profits. Nevertheless, until now, there was no solution in the market that could provide the privacy and security guarantees for both the player and the casino site.
Certimix has developed an
unique technology based on firm mathematical grounds. Using this
technology, Certimix has created a gamut products for the protection
of online card gaming sites: CertifiedPlay. The innovation can be
very simple stated: nobody,
not even the casino operator, knows your cards.
Yet, no casino site or casino software provider has been able
to achieve such a simple privacy guarantee.
Certimix offers the following products/services:
- Patent licensing CertifiedPlay technology.
- CertifiedPlay-API (a programming a library)
- CertifiedPlay-Platform (a security platform)
- CertifiedPlay-Infrastructure (a complete gaming infrastructure).
CertifiedPlay technology is based on new cryptographic protocols that provide privacy of cards dealt to players through an insecure digital network (like Internet), achieving cryptographic security and real-time performance. These “Mental Poker” protocols are TDSP and MPF. TDSP is patent pending.
Mental Poker (“MP”)
protocols allow multiple parties to securely play a card game over an
insecure, peer-to-peer or broadcast medium. There are two kind of MP
protocols: the ones who require a trusted third party and the ones
which do not (TTP-Free). In a TTP protocol there is a third party
who deals the cards, so it has knowledge of the cards in each players
hand. It must be trusted and impartial. On the other hand, in
TTP-free protocols, only each player knows his hand, and cards are
CertifiedPlay technology combines a state of the art MP protocol, with a complete and proven infrastructure for online game play, including an time-stamping service (to assure accurate times on messages), a broadcasting service (to forward messages to all other players), a logging service (to keep a log of all the game actions to allow ruling on a dispute), auditing entities (to rule on a dispute), network connection providers (like ISPs), online banks (to hold the bets and pay the pot), payment gateways (to transfer money from the player to the online bank), open-source client applications (to connect to the infrastructure), game servers (to direct the game with rules and actions) and game tracker servers (to search for an open table or create a new table to play in).
products can be fully interfaced with current casino operators
server and client softwares, minimizing porting effort.
If the e-casino already
provides some of these services, then CertifiedPlay can use them, and
there is no need for additional modules.
benefits of the gaming technology
How CertifiedPlay works
Shamir, Rivest and Adleman proposed the first TTP-Free protocol [SRA81] that achieved some of the properties desired for card games, but forced the players to reveal their hands and their strategy at the end of the game. In [Cr86] the requirements for a MP protocol were established. If a protocol satisfied these requirement, it would be as secure as a “real” card game. [Cr86] also presents the first protocol that satisfies them. However the protocol is not practical, since an implementation is reported to take 8 hours to shuffle a poker deck [E94].
New protocols were later
developed [KKO90], [BS03] [CDRB03][CR05]. Some of these protocols
are difficult to verify because they lack a formal and abstract
layer, with abstract data types, and a simple set of operations on
cards. In addition to the MP requirements previously defined, in
[CDRB03] an additional requirement is proposed. TDSP/MPF satisfies
all previously required properties along with four additional
requirements for a protocol to withstand real-world scenarios.
Key TDSP/MPF properties
CertifiedPlay can be deployed in 4 security levels, been level 4 the most secure. Each level implies a security certification that the e-casino can exhibit.
[BS03] A. Barnett and N. Smart. Mental poker revisited. In Proc. Cryptography and Coding, volume 2898 of Lecture Notes in Computer Science, pages 370--383. Springer-Verlag, December 2003.
[CDRB03] J Castellá-Roca, J. Domingo-Ferrer, A. Riera, and J. Borrell. Practical mental poker without a ttp based on homomorphic encryption. In T. Johansson and S. Maitra, editors, Progress in Cryptology, Indocrypt'2003, number 2904 in Lecture Notes in Computer Science, pages 280--294.
[CR05] Jordi Castellà-Roca, Contributions to Mental Poker. Autonomous University of Barcelona, Doctoral Programme in Computer Science and Artificial Intelligence. Data of public reading: Sep. 9, 2005.
[Cré86] C. Crépeau. A zero-knowledge poker protocol that achieves confidentiality of the players' strategy or how to achieve an electronic poker face. In A. M. Odlyzko, editor, Advances in Cryptology - Crypto '86, volume 263, pages 239--250, Berlin, 1986. Springer-Verlag. Lecture Notes in Computer Science.
[E94]. J. Edwards, Implementing Electronic Poker: A Practical Exercise in Zero-Knowledge Interactive Proofs. Master’s thesis, Department of Computer Science, University of Kentucky, 1994.
[KKO97] K. Kurosawa, Y. Katayama, and W. Ogata. Reshuffable and laziness tolerant mental card game protocol. TIEICE: IEICE Transactions on Communications/Electronics/Information and Systems, E00-A, 1997.
[SRA81] A. Shamir, R.L. Rivest, and L. Adleman. Mental poker. Mathematical Gardner, pages 37--43, 1981.