## Random Number Generator In Slot Machines

The role of Random Number Generators (RNG) in slots is the core principle of determining odds for players. Which, of course, is the whole part of the game for slot players. Understanding the fundamentals of RNG will help reduce losses and will lead to a better playing experience. I talk briefly about random number generators and some of the people I see in the casinos that beat up the slot machines to get those higher payouts or jack.

A random number generator (RNG) is a crucial part of online casino software as it provides complete randomness on the outcome of games. All licensed and reputable gambling sites, including BetMGM, use RNGs that are tested by independent authorities to ensure fair gaming at all times. This article explores how RNGs work and their importance to gambling sites.

## What is a Random Number Generator?

A random number generator is a type of computer program that generates numbers in a random manner, as the name suggests. Every second, RNGs produce vast sequences of numbers that do not follow any pattern. They are responsible for providing a single or a collection of numbers from the series, at any point, when requested. There are many different types of RNGs available. They are used almost everywhere in our everyday lives. Here, we will be discussing casino RNGs.

## How Do Online Casinos Generate Random Numbers Successfully?

Online gambling sites use what’s called the Pseudo Random Number Generator (PRNG), which operates on an algorithm and a seed number. The generator is used for online gambling games where there is no dealer. It can also work as an automated shoe to shuffle cards or other basic activities such as flipping a coin. This system is unique in that it is constantly active. It produces numbers all the time which are then instantly transformed into different elements in the games. For instance, symbols in slot games, numbers spun in roulette, cards dealt in card games, and numbers rolled in dice games.

## How RNGs work in slot machines

In essence, say there is a 3-reel online slot with 10 symbols per reel. The RNG would then assign a value to each symbol. So, with a value of 1 to 10 for each of the 3-reels, the outcome would be three random symbols. If they form a winning combination, the slot game will pay your winnings accordingly.

Land-based gambling destinations also employ this technology on some of their games that are of a virtual nature including jackpot slots and video poker games. This means that gambling games are generated the same way as their online counterparts.

## Can You Beat a Random Number Generator?

Randomness is an integral part of gambling games, whether they’re old or new casino games. This is why they are also known as games of chance. Luck determines whether you win or lose when you play casino online games. No one can ever be certain of the outcome of a game, but you can work out the probability of what’s likely to happen.

For instance, skill-based games such as poker or blackjack may give you a chance to have some effect on the outcome. Following the best strategy to fold, check and raise, or knowing the best starting hands in poker can improve odds in your favor – the same as knowing when to hit or stand in blackjack. However, cards can quickly take a turn as each one dealt is a completely random event.

The whole notion of gambling, or what makes gambling games fun, is wagering on an uncertain outcome. Randomness is also important, as it effectively makes it possible for players to win when they bet on gambling games online and offline.

## Are RNGs Fair?

Legal and trustworthy sites use RNG software that has been and is regularly tested by independent auditors. The third-parties regularly offer consulting and full testing services to both land-based and internet-based sites. This is to ensure that patrons have a fair and fun gambling experience at regulated sites. This includes RNG inspections, live dealers, sportsbook or gambling exchange evaluations, game and mathematics evaluations, game payout verifications and reporting, and lottery and pari-mutuel system inspections. When a betting site is certified as fair, it means that their RNGs are random. Players can simply check this by looking for the certification seal on their chosen gambling website.

More so, gambling operators are not allowed to make any changes to individual machines without following an extensive process and notifying gambling regulators. If a gambling site is found to be in breach of such rules, they could be liable for a hefty fine or even have their license revoked.

### More Fair Gaming Measures

Independent audits are there to ensure that gambling games are not influenced by variables such as the size of the potential payout, number of credits in play, and factors that could mislead players. The payout percentages, on the machines, also need to meet those established by the gaming regulators in the state as rules can differ in each state. The inspectors also do random checks on machines for compliance at brick-and-mortar sites, to ensure that games are not rigged in any way.

Players need to be wary of rogue gambling sites. There are a handful of illegal betting sites online. Such websites usually have misleading information on their bonus offers and tend to manipulate games in their favor, among other things. Although they don’t last long as they usually get found out, it wouldn’t be great finding yourself a victim of such crooked operations.

## Play Safely and Securely at BetMGM

RNGs are complex computer programs responsible for ensuring that the outcome in gambling games are as random as possible. They make it possible for punters to win when playing their favorite games.

BetMGM is a safe and secure gambling site that provides players with fair gaming. Our games are regularly audited and they provide players with the best payouts online. We offer exciting new slots and your favorite classic table games such as blackjack, baccarat, poker and roulette, to name a few. These are also available to play at our live casino online. Browse through and start playing at BetMGM to enjoy real money games online!

## TL;DR

An Austrian casino company used a predictable pseudorandom number generator, rather than a cryptographically secure one, and people are taking advantage of it, and cashing out big.

## The Story

Wired reported on an article about an amazing operation at beating electronic slot machines, by holding your phone to the slot machine screen for a time while playing, leaving the slot machine, then coming back an additional time, and cashing in big.

Americas cardroom login. Unlike most slots cheats, he didn’t appear to tinker with any of the machines he targeted, all of which were older models manufactured by Aristocrat Leisure of Australia. Instead he’d simply play, pushing the buttons on a game like Star Drifter or Pelican Pete while furtively holding his iPhone close to the screen.

He’d walk away after a few minutes, then return a bit later to give the game a second chance. That’s when he’d get lucky. The man would parlay a \$20 to \$60 investment into as much as \$1,300 before cashing out and moving on to another machine, where he’d start the cycle anew.

These machines were made by Austrian company Novomatic, and when Novomatic engineers learned of the problem, after a deep investigation, the best thing they could come up with, was that the random number generator in the machine was predictable:

Novomatic’s engineers could find no evidence that the machines in question had been tampered with, leading them to theorize that the cheaters had figured out how to predict the slots’ behavior. “Through targeted and prolonged observation of the individual game sequences as well as possibly recording individual games, it might be possible to allegedly identify a kind of ‘pattern’ in the game results,” the company admitted in a February 2011 notice to its customers.

The article, focused on a single incident in Missouri, mentions that the state vets the machines before they go into production:

Recognizing those patterns would require remarkable effort. Slot machine outcomes are controlled by programs called pseudorandom number generators that produce baffling results by design. Government regulators, such as the Missouri Gaming Commission, vet the integrity of each algorithm before casinos can deploy it.

## On random number generators

I'll leave you to read the rest of the article. Suffice it to say, the Novomatic machines were using a predictable pseudorandom number generator after observing its output for a period of time. This poses some questions that should immediately start popping up in your head:

1. What is the vetting process by states to verify the quality of the pseudorandom number generators in solt machines?
2. Who is on that vetting commission? Is it made up of mathematicians and cryptographers? Or just a board of executives and politicians?
3. Why aren't casino manufacturers using cryptographically secure pseudorandom number generators?

For me, that third item is the most important. No doubt, as the Wired article states, older machines just cannot be fixed. They need to be taken out of production. So long as they occupy casinos, convenience stores, and gas stations, they'll be attacked, and the owner will lose money. So let's talk about random number generators for a second, and see what the gambling industry can do to address this problem.

You can categorize random number generators into four categories:

1. Nonsecure pseudorandom
2. Cryptographically secure pseudorandom
3. Chaotic true random
4. Quantum true random

What I would be willing to bet, is that most electronic machines out there are of the 'nonsecure pseudorandom' type of random number generator, and Novomatic just happened to pick a very poor one. Again, there likely isn't anything they can do about existing machines in production now, but what can they do moving forward? They should start using cryptographically secure pseudorandom number generators (CSPRNGs).

In reality, this is trivial. There are plenty of CSPRNGs to choose from. CSPRNGs can be broken down further into three subcategories:

1. Designs based on cryptographic primitives.
2. Number theoretic designs.
3. Special-purpose designs.

Let's look at each of these in turn.

## Designs based on cryptographic primitives.

These are generators that use things like block ciphers, stream ciphers, or hashing functions for the generator. There are some NIST and FIPS standardized designs:

• NIST SP 800-90A rev. 1 (PDF): CTR_DRBG (a block cipher, such as AES in CTR mode), HMAC_DRBG (hash-based message authentication code), and Hash_DRBG (based on cryptographically secure hashing functions such as SHA-256).
• ANSI X9.31 Appendix A.2.4: This is based on AES, and obsoletes ANSI X9.17 Appendix C, which is based on 3DES. It requires a high-precision clock to initially seed the generator. It was eventually obsoleted by ANSI X9.62-1998 Annex A.4.
• ANSI X9.62-2005 Annex D: This standard is defines an HMAC_DRBG, similar to NIST SP 800-90A, using an HMAC as the cryptographic primitive. It obsoletes ANSI X9.62-1998 Annex A.4, and also requires a high-precision clock to initially seed the generator.

It's important that these designs are backtracking resistant, meaning that if you know the current state of the RNG, you cannot construct all previous states of the generator. The above standards are backtracking resistant.

## Number theoretic designs

There are really only two current designs, that are based on either the factoring problem or the discrete logarithm problem:

• Blum-Blum-Shub: This is generator based on the fact that it is difficult to compute the prime factors of very large composites (on the order of 200 or more digits in length). Due to the size of the prime factors, this is a very slow algorithm, and not practical generally.
• Blum-Micali: This is a generator based on the discrete logarithm problem, when given two known integers 'b' and 'g', it is difficult to find 'k' where 'b^k = g'. Like Blum-Blum-Shub, this generator is also very slow, and not practical generally.

## Special-purpose designs

Thankfully, there are a lot of special purpose designs designed by cryptographers that are either stream ciphers that can be trivially ported to a CSPRNG, or deliberately designed CSPRNGs:

• Yarrow: Created by cryptographer Bruce Schneier (deprecated by Fortuna)
• Fortuna: Also created by Bruce Schneier, and obsoletes Yarrow.
• ISAAC: Designed to address the problems in RC4.
• ChaCha20: Designed by cryptographer Daniel Bernstein, our crypto Lord and Savior.
• HC-256: The 256-bit alternative to HC-128, which is part of the eSTREAM portfolio.
• eSTREAM portfolio: (7 algorithms- 3 hardware, 4 software)
• Random123 suite: Contains four highly parallelizable counter-based algorithms, only two of which are cryptographically secure.

## The solution for slot machines

So now what? Slot machine manufacturers should be using cryptographically secure algorithms in their machines, full stop. To be cryptographically secure, the generator:

• Must past the next-bit test (you cannot predict the next bit any better than 50% probability).
• Must withstand a state compromise (you cannot reconstruct past states of the generator based on the current state).

If those two properties are met in the generator, then the output will be indistinguishable from true random noise, and the generator will be unbiased, not allowing an adversary, such as someone with a cellphone monitoring the slot machine, to get the upperhand on the slot machine, and prematurely cash out.

However, the question should then be raised- 'How do you properly seed the CSPRNG, so it starts in an unpredictable state, before release?' Easy, you have two options here:

• Seed the CSPRNG with a hardware true RNG (HWRNG), such as a USB HWRNG, or..
• Build the machine such that it collects environmental noise as entropy

### Rng Slot Machine

The first point is much easier to achieve than the second. Slot machines likely don't have a lot of interrupts built into the system-on-a-chip (SoC). So aside from a microphone, video camera, or antenna recording external events, you're going to be hard-pressed to get any sort of high-quality entropy into the generator. USB TRNGs are available all over the web, and cheap. When the firmware is ready to be deployed, read 512-bits out of the USB generator, hash it with SHA-256, and save the resulting hash on disk as an 'entropy file'.

Then all that is left is when the slot machine boots up and shuts down:

• On startup, read the 'entropy file' saved from the previous shutdown, to seed the CSPRNG.
• On shutdown, save 256-bits of data out of the generator to disk as an 'entropy file'.

This is how most operating systems have solved the problem with their built-in CSPRNGs. Provided that the very first 'entropy file' was initially seeded with a USB true HWRNG, the state of every slot machine will be always be different, and will always be unpredictable. Also, 256-bits is more than sufficient to make sure the initial state of the generator is unpredictable; physics proves it.

### Random Winner Generator Slot Machine

Of course, the SoC could have a HWRNG onboard, but then you run the risk of hardware failure, and the generator becoming predictable. This risk doesn't exist with software-based CSPRNGs, so provided you can always save the state of the generator on disk at shutdown, and read it on startup, you'll always have an unpredictable slot machine.