What is a provably fair casino game?
Provably fair uses HMAC-SHA256 commit-reveal so every roll, card, and spin is cryptographically verifiable. Here is how it works — and how to audit it yourself.
Traditional online casinos ask you to trust the house. A “provably fair” casino flips that: every round is produced by a cryptographic function that you can re-compute at home and confirm the result was not tampered with. The maths is not exotic — it is the same HMAC-SHA256 primitive that secures every HTTPS request on the web.
The commit-reveal scheme
A provably fair game runs in three phases:
- Commit: the server generates a random seed (
serverSeed) and publishesSHA256(serverSeed)before any round is played. That hash is a commitment — it cannot be changed afterwards without everyone noticing. - Play: each round uses
HMAC_SHA256(serverSeed, clientSeed:nonce). The client seed is yours; the nonce counts up per round. The output — 64 hex characters — is the raw randomness. - Reveal: when the session rotates (or on demand), the server publishes
serverSeed. Anyone can now recompute every round from that session and confirm the outcomes match.
Because the server committed to the seed before the rounds, it cannot pick a seed after seeing your bets. And because the client seed is yours, the server cannot frontrun a nonce it does not control.
From 64 hex chars to a game outcome
Every game just needs a deterministic way to turn that 64-char output into its own result:
- Crash: take 8 hex chars → cast to uniform
[0, 1)→ feed intocrashPoint = (1 - houseEdge) / (1 - r). A house edge of 1% produces 1% instacrashes at 1.00x. - Dice: same 8 hex chars → multiply by 10 000 → divide by 100. You get a number 0.00–99.99.
- Mines: use the bytes as input to a Fisher-Yates shuffle over 25 positions. First N of the shuffled array are the mine locations.
- Plinko: read one bit per row.
0means the ball goes left,1means right. 12 rows → 13 possible slots.
How to verify a round yourself
You do not need trust: you need sha256sum and a one-liner. After a session ends:
- Copy the revealed
serverSeed, yourclientSeed, and thenonceof the round you want to check. - Run
echo -n "clientSeed:nonce" | openssl dgst -sha256 -hmac "serverSeed". - Apply the game formula to those 64 hex chars. The result should match what you saw in the UI.
If it does not, the casino cheated — and you have the cryptographic proof. That is the entire point.
What provably fair does not guarantee
Provably fair ensures randomness integrity. It does not change the house edge, the RTP, or the variance of a game. A 99% RTP Dice is still 99% RTP Dice. What you get is the assurance that the casino did not nudge the outcome against you after you placed the bet.
That is worth a lot. In a traditional casino, your only recourse against manipulation is regulatory audit. In a provably fair casino, every player is an auditor.
Is provably fair the same as open source?▾
No. Open source shows the code; provably fair shows the math of each round. A casino can be provably fair without open-sourcing its backend, and vice versa.
Can the casino still rig the RTP?▾
No, because the multiplier is derived deterministically from the hash — not chosen by the casino. The only honest way to lose money is the house edge baked into the formula, and that edge is public.
What is the server seed rotation for?▾
Once the server seed is revealed, it cannot be used for new rounds because a malicious operator could pre-compute outcomes. Rotation invalidates the old seed and commits to a new one.