← Back to lotto

Provably-fair proof

This page reproduces the winner computation from public inputs. You can recompute every step in your browser's DevTools — don't trust our math, verify it.

1. Pre-commit (server_seed_hash)

Published when the lotto went live (2026-04-18T05:19:08.797Z).

fbbe21697f3624a0cd1e291845099db98e49ac93964ec57e12ed03153d394a1b

2. Reveal (server_seed)

Revealed after draw (2026-04-19T05:19:23.530Z).

8df072f186ee9b2c030adace1cec7d5493f2d3c7a3cdab137bf25ecf4b768deb

Hash check: ✓ sha256(server_seed) === published hash

3. Client seed inputs (all sold tickets)

#WalletWinner?
1did:pr...ncqn
3did:pr...ncqn
9did:pr...ncqn
12did:pr...ncqn
13did:pr...ncqn🎉
31did:pr...ncqn
32did:pr...ncqn
35did:pr...ncqn
66did:pr...ncqn
98did:pr...ncqn

4. Derived client_seed

client_seed = sha256(sorted by entry_number, joined as "N:wallet" with '|')

8ca4744c1e37f8f5811d953b9a63a3a5cb54da014d374bdb638cd8c9a7a2166b

5. External entropy (Bitcoin block)

Mixed into the HMAC input so the draw depends on a value the operator could not have known when the server seed was committed ( 2026-04-18T05:19:08.797Z). Any Bitcoin block mined after the commit works — we take the tip at draw time.

sourcemempool.spaceheight945,730hash000000000000000000016f87bf1a75edb720094904700fff3515215b5a1ec054block time2026-04-19T05:12:02.000Z

Cross-check on mempool.space or blockstream.info.

6. Winner computation

HMAC-SHA256(server_seed, "client_seed:lotto_id:source:height:hash"), first 16 hex chars, mod sold_count (10).

hmac = 81d1ba40ea10d5c611605b8f3daff0ad06c7f59e027a8d6efbbb4ddf7a62e22d

Computed index: 4 → winning entry: #13

7. Independent verification

Show JS snippet (paste into DevTools)
const seed = "8df072f186ee9b2c030adace1cec7d5493f2d3c7a3cdab137bf25ecf4b768deb";
const hashStr = "fbbe21697f3624a0cd1e291845099db98e49ac93964ec57e12ed03153d394a1b";
const clientSeed = "8ca4744c1e37f8f5811d953b9a63a3a5cb54da014d374bdb638cd8c9a7a2166b";
const lottoId = "2212f48a-c3e0-4aa0-8bab-295f656a3e53";
const sold = 10;
const entropy = "mempool.space:945730:000000000000000000016f87bf1a75edb720094904700fff3515215b5a1ec054";

async function run() {
  const enc = new TextEncoder();
  const seedBytes = enc.encode(seed);
  const hashed = await crypto.subtle.digest("SHA-256", seedBytes);
  const recomputed = [...new Uint8Array(hashed)]
    .map((b) => b.toString(16).padStart(2, "0")).join("");
  console.log("hashOk:", recomputed === hashStr);

  const key = await crypto.subtle.importKey(
    "raw", seedBytes, { name: "HMAC", hash: "SHA-256" }, false, ["sign"]
  );
  const message = entropy
    ? clientSeed + ":" + lottoId + ":" + entropy
    : clientSeed + ":" + lottoId;
  const sig = await crypto.subtle.sign("HMAC", key, enc.encode(message));
  const hex = [...new Uint8Array(sig)]
    .map((b) => b.toString(16).padStart(2, "0")).join("");
  const idx = Number(BigInt("0x" + hex.slice(0, 16)) % BigInt(sold));
  console.log("hmac:", hex);
  console.log("winnerIndex:", idx);
}
run();