← Back to lotto

Provably-fair proof

This page reproduces the winner computation from public inputs. You can recompute every step in your browser's DevTools — don't trust our math, verify it.

1. Pre-commit (server_seed_hash)

Published when the draw went live (2026-05-12T04:22:06.308Z).

53c8f6893304e0b988435d904b3438ece9e036d2db48c1074398f0343e9c6ebe

2. Reveal (server_seed)

Revealed after draw (2026-05-13T04:22:45.810Z).

b1a49ce4543af13054bac4a4ef14510d55bbeca3191c0d0a4c43ce633345d4c8

Hash check: ✓ sha256(server_seed) === published hash

3. Client seed inputs (all sold eggs)

#WalletWinner?
1BGDKeT...iukC
26BGDKeT...iukC🎉
43BGDKeT...iukC

4. Derived client_seed

client_seed = sha256(sorted by entry_number, joined as "N:wallet" with '|')

35bf2a30eb070bf251f9635e2072893998768f000ffd3b82fe2d32fc9370b415

5. External entropy (Bitcoin block)

Mixed into the HMAC input so the draw depends on a value the operator could not have known when the server seed was committed ( 2026-05-12T04:22:06.308Z). Any Bitcoin block mined after the commit works — we take the tip at draw time.

sourcemempool.spaceheight949,169hash00000000000000000001f57b9c1096f40f487185607cc9fc57cfb8d491951331block time2026-05-13T04:20:20.000Z

Cross-check on mempool.space or blockstream.info.

6. Winner computation

HMAC-SHA256(server_seed, "client_seed:lotto_id:source:height:hash"), first 16 hex chars, mod sold_count (3).

hmac = c1ee0b962cb8432f84481ea3cd7ea513f3c68c788ba32c96e9e43fed3249c4e4

Computed index: 1 → winning egg: #26

7. Independent verification

Show JS snippet (paste into DevTools)
const seed = "b1a49ce4543af13054bac4a4ef14510d55bbeca3191c0d0a4c43ce633345d4c8";
const hashStr = "53c8f6893304e0b988435d904b3438ece9e036d2db48c1074398f0343e9c6ebe";
const clientSeed = "35bf2a30eb070bf251f9635e2072893998768f000ffd3b82fe2d32fc9370b415";
const lottoId = "938d4c79-b2d3-4081-983f-6103da134700";
const sold = 3;
const entropy = "mempool.space:949169:00000000000000000001f57b9c1096f40f487185607cc9fc57cfb8d491951331";

async function run() {
  const enc = new TextEncoder();
  const seedBytes = enc.encode(seed);
  const hashed = await crypto.subtle.digest("SHA-256", seedBytes);
  const recomputed = [...new Uint8Array(hashed)]
    .map((b) => b.toString(16).padStart(2, "0")).join("");
  console.log("hashOk:", recomputed === hashStr);

  const key = await crypto.subtle.importKey(
    "raw", seedBytes, { name: "HMAC", hash: "SHA-256" }, false, ["sign"]
  );
  const message = entropy
    ? clientSeed + ":" + lottoId + ":" + entropy
    : clientSeed + ":" + lottoId;
  const sig = await crypto.subtle.sign("HMAC", key, enc.encode(message));
  const hex = [...new Uint8Array(sig)]
    .map((b) => b.toString(16).padStart(2, "0")).join("");
  const idx = Number(BigInt("0x" + hex.slice(0, 16)) % BigInt(sold));
  console.log("hmac:", hex);
  console.log("winnerIndex:", idx);
}
run();