[Cryptography] All dice are loaded?

Arnold Reinhold agr at me.com
Fri Aug 8 16:55:59 EDT 2014 

On Fri, 8 Aug 2014 07:21 Dave Horsfall asked

> 
> It's somewhat common to throw a set of dice to generate a "good enough" 
> random number, or at least a seed.  However, they appear to have a slight 
> bias in favour of "6", due to the pattern of the dimples.
> 
> I reported this in the "quirky" column in a respected Australian newspaper 
> (search smh.com.au for "Column 8" and "dice" for 6th August; I couldn't 
> get the URL for the page itself other than an ugly search expression) and 
> today it got followed up.
> 
> It seems that someone actually did the experiment back in 1966, with about 
> 10,000 rolls, and found a "statistically significant" bias in favour of 
> "6" being uppermost.
> 
> Hmmm...  Granted, it probably belongs in the "tin foil" category, but it's 
> interesting nonetheless.
> 

The fact that inexpensive consumer dice are biased towards higher numbers is well known. Casinos employ special "Casino dice" that have the pips painted on instead of dimpled in. They are manufactured to higher tolerances and are transparent to make it easier to detect any "loading". Experimental evidence suggest they are fair, e.g.: http://dicephysics.info/0107.htm  

However biases that might be important to a casino have little effect on using dice to generate random quantities for cryptography.

The entropy of a single dice roll is the sum from k=1 to 6 of -pk log2 (pk), where pk is the probability of k being the top face in a roll. For a perfect die, pk = 1/6 = 0.1666666... for all k, so that sum reduces to -log2 (1/6) = log2 (6) = 2.5849625...

Lets say we have dice where side 6 comes up with a probability of 1/4 or 0.25, and the other five sides have equal probability of 0.15. That is a pretty big bias, much bigger than the biases reported for cheap consumer dice.

For our 1/4 biased dice, the entropy of each roll is -0.25*log2 (0.25) - 5*0.15*log2 (0.15) = 2.552724..., a difference of about 0.03224 bits per roll. For a six word Diceware passphrase, which requires 30 dice roll to generate, the difference is just under one bit. Thus a 6-word passphrase generated using the loaded dice would have an entropy of about 76.4 bits instead of 77.4 bits with perfect dice.

If this effect still concerns you, I list several sources of casino dice on my Diceware FAQ at http://www.diceware.com/dicewarefaq.html#casino. 

Feel free to pass this on the the Australian newspaper.

Arnold Reinhold

More information about the cryptography mailing list