打造公平的遊戲轉蛋：在不洩漏原始碼的前提下驗證虛擬轉蛋的機率

Abstract

虛擬轉蛋是一種隨機獲取獎勵的機制，並且已經是近期遊戲產業主要的盈利模式。然而，世界各地發生過許多起針對虛擬轉蛋消費糾紛事件，例如近期台灣發生的「丁特 v.s. 天堂 M」事件，玩家實測出的掉寶機率與遊戲公告的機率明顯不符，後續公平交易委員會也證實遊戲公司確實有廣告不實。面對這些事件，許多國家制定法律，要求遊戲公司需明確揭露虛擬轉蛋中獎機率。然而，目前並沒有一個公認可行的方式來驗證虛擬轉蛋的實際中獎機率，其中一些方法並無法完整驗證資料，一些方法要求將程式碼開源。但考量到現實情況，要求遊戲公司開源是不實際的，因為轉蛋演算法往往是重要的商業機密。於是本篇研究提出在不洩漏原始碼的前提下驗證虛擬轉蛋中獎機率的方法。我們提出的方法包括兩種協定：機率驗證協定以及轉蛋抽獎協定。機率驗證協定使用隨機信標及函數承諾等密碼學工具，提供不可預測的隨機源及執行正確性的驗證，以此獲得測試資料進行機率驗證；轉蛋抽獎協定讓讓玩家及遊戲伺服器共同產生一個隨機參數，使得雙方都不能預測或控制轉蛋的機率，保障玩家在抽獎過程並沒有被降低機率。此外，我們也實作提出的兩種協定，並對於不同參數進行實驗比較。結果顯示我們的系統擁有良好的效能及實用性。

Loot boxes, which have become a predominant revenue model in contemporary mobile games, offer players the opportunity to acquire random rewards. However, there have been numerous incidents of disputes related to loot box consumption around the world. For example, in the recent "Dinter v.s. Lineage M" incident in Taiwan, where players conducted tests and found that the winning probability did not align with the probability stated by the game company. The Fair Trade Commission later confirmed that the game company had engaged in false advertising. Faced with these incidents, some countries have adopted laws mandating the explicit disclosure of probabilities. However, currently, there is no practical method to verify the probability statements. As a result, in this work, we propose an efficient approach for verifying the probability of loot boxes without disclosing the source code. In particular, we propose two protocols: a probability verification protocol and a loot box opening protocol. The probability verification protocol allows players to verify the winning probability of loot boxes using publicly verifiable random sources. On the other hand, the loot box opening protocol establishes a mechanism for the game servers and players to agree on a random input, ensuring that neither party can manipulate the outcome. We also implemented our protocols and conducted experiments to evaluate their performance. The results demonstrate that these protocols are efficient and practical.