Provably-fair proof

This page reproduces the winner computation from public inputs. You can recompute every step in your browser's DevTools — don't trust our math, verify it.

1. Pre-commit (server_seed_hash)

Published when the lotto went live (2026-04-17T02:14:54.177Z).

ceeded0baaea23af17f0684da4202c3d70f70b8a4b09766a6958b248cc994de3

2. Reveal (server_seed)

Revealed after draw (2026-04-18T03:54:37.271Z).

3535d9e1e08fab8b66a31e48f9ead297a92186c9067a30f72c0f6a302239c648

Hash check: ✓ sha256(server_seed) === published hash

3. Client seed inputs (all sold tickets)

#	Wallet	Winner?
2	did:pr...1fei
8	did:pr...1fei
24	did:pr...1fei
26	did:pr...1fei
28	did:pr...1fei
30	did:pr...1fei
33	did:pr...1fei
35	did:pr...1fei
37	did:pr...1fei
41	did:pr...1fei
45	did:pr...1fei
47	did:pr...1fei
51	did:pr...1fei
55	did:pr...1fei
66	did:pr...1fei
72	did:pr...1fei
73	did:pr...1fei
76	did:pr...1fei
88	did:pr...1fei
89	did:pr...1fei
90	did:pr...1fei
91	did:pr...1fei	🎉
92	did:pr...1fei
94	did:pr...1fei
127	did:pr...1fei
134	did:pr...1fei
136	did:pr...1fei
157	did:pr...1fei
160	did:pr...1fei
169	did:pr...1fei
172	did:pr...1fei
180	did:pr...1fei
184	did:pr...1fei
190	did:pr...1fei
206	did:pr...1fei
209	did:pr...1fei
213	did:pr...1fei
214	did:pr...1fei
233	did:pr...1fei
238	did:pr...1fei
239	did:pr...1fei
242	did:pr...1fei
243	did:pr...1fei
249	did:pr...1fei
258	did:pr...1fei
262	did:pr...1fei
269	did:pr...1fei
274	did:pr...1fei
276	did:pr...1fei
279	did:pr...1fei
285	did:pr...1fei
286	did:pr...1fei
287	did:pr...1fei
294	did:pr...1fei
309	did:pr...1fei
315	did:pr...1fei
317	did:pr...1fei
318	did:pr...1fei
322	did:pr...1fei
329	did:pr...1fei
330	did:pr...1fei
332	did:pr...1fei
347	did:pr...1fei
352	did:pr...1fei
357	did:pr...1fei
361	did:pr...1fei

4. Derived client_seed

client_seed = sha256(sorted by entry_number, joined as "N:wallet" with '|')

dac65d0bba488f884748987ea262d8d09e64aa7d4850ca1974a345b92fee0983

5. External entropy (Bitcoin block)

Mixed into the HMAC input so the draw depends on a value the operator could not have known when the server seed was committed ( 2026-04-17T02:14:54.177Z). Any Bitcoin block mined after the commit works — we take the tip at draw time.

sourcemempool.spaceheight945,561hash000000000000000000005fc0717695a4ceee2033290ab2a847ed225e15ff172eblock time2026-04-18T03:54:07.000Z

Cross-check on mempool.space or blockstream.info.

6. Winner computation

HMAC-SHA256(server_seed, "client_seed:lotto_id:source:height:hash"), first 16 hex chars, mod sold_count (66).

hmac = 0173151fa6b857616abbedb1137d75865d5ccf4419408f063d38850c5f2e2c12

Computed index: 21 → winning entry: #91

7. Independent verification

Show JS snippet (paste into DevTools)

const seed = "3535d9e1e08fab8b66a31e48f9ead297a92186c9067a30f72c0f6a302239c648";
const hashStr = "ceeded0baaea23af17f0684da4202c3d70f70b8a4b09766a6958b248cc994de3";
const clientSeed = "dac65d0bba488f884748987ea262d8d09e64aa7d4850ca1974a345b92fee0983";
const lottoId = "4d140c15-3cdd-432e-ae8f-aa84eb952c2d";
const sold = 66;
const entropy = "mempool.space:945561:000000000000000000005fc0717695a4ceee2033290ab2a847ed225e15ff172e";

async function run() {
  const enc = new TextEncoder();
  const seedBytes = enc.encode(seed);
  const hashed = await crypto.subtle.digest("SHA-256", seedBytes);
  const recomputed = [...new Uint8Array(hashed)]
    .map((b) => b.toString(16).padStart(2, "0")).join("");
  console.log("hashOk:", recomputed === hashStr);

  const key = await crypto.subtle.importKey(
    "raw", seedBytes, { name: "HMAC", hash: "SHA-256" }, false, ["sign"]
  );
  const message = entropy
    ? clientSeed + ":" + lottoId + ":" + entropy
    : clientSeed + ":" + lottoId;
  const sig = await crypto.subtle.sign("HMAC", key, enc.encode(message));
  const hex = [...new Uint8Array(sig)]
    .map((b) => b.toString(16).padStart(2, "0")).join("");
  const idx = Number(BigInt("0x" + hex.slice(0, 16)) % BigInt(sold));
  console.log("hmac:", hex);
  console.log("winnerIndex:", idx);
}
run();