Provably-fair proof
This page reproduces the winner computation from public inputs. You can recompute every step in your browser's DevTools — don't trust our math, verify it.
1. Pre-commit (server_seed_hash)
Published when the lotto went live (2026-04-16T07:35:29.485Z).
7e44cec0fcd6ae1208006fd18f143b9c4afcee53fd7d9bbb43632c171c1e31b72. Reveal (server_seed)
Revealed after draw (2026-04-17T17:53:49.818Z).
46d091271b37fbdc8fc259bf976e378beb42de15bba4041b8aeb923970cf031cHash check: ✓ sha256(server_seed) === published hash
3. Client seed inputs (all sold tickets)
| # | Wallet | Winner? |
|---|---|---|
| 10 | did:pr...1fei | |
| 11 | did:pr...1fei | |
| 12 | did:pr...1fei | |
| 13 | did:pr...1fei | 🎉 |
| 18 | did:pr...1fei | |
| 21 | did:pr...1fei | |
| 26 | did:pr...1fei | |
| 27 | did:pr...1fei | |
| 28 | did:pr...1fei | |
| 29 | did:pr...1fei | |
| 34 | did:pr...1fei | |
| 42 | did:pr...1fei | |
| 50 | did:pr...1fei |
4. Derived client_seed
client_seed = sha256(sorted by entry_number, joined as "N:wallet" with '|')
421c6992c7503ea0939ea4eab276ad142943d26bf716ad3d088a7b4901b6ea0d5. External entropy (Bitcoin block)
Mixed into the HMAC input so the draw depends on a value the operator could not have known when the server seed was committed ( 2026-04-16T07:35:29.485Z). Any Bitcoin block mined after the commit works — we take the tip at draw time.
000000000000000000013b92be651a8dacc65df22e940c9c7efbfbf22289a287block time2026-04-17T17:50:09.000ZCross-check on mempool.space or blockstream.info.
6. Winner computation
HMAC-SHA256(server_seed, "client_seed:lotto_id:source:height:hash"), first 16 hex chars, mod sold_count (13).
hmac = 164f9229c59e06356a2fd932623c9f520fecc13ed991220728e9bce66346f468Computed index: 3 → winning entry: #13
7. Independent verification
Show JS snippet (paste into DevTools)
const seed = "46d091271b37fbdc8fc259bf976e378beb42de15bba4041b8aeb923970cf031c";
const hashStr = "7e44cec0fcd6ae1208006fd18f143b9c4afcee53fd7d9bbb43632c171c1e31b7";
const clientSeed = "421c6992c7503ea0939ea4eab276ad142943d26bf716ad3d088a7b4901b6ea0d";
const lottoId = "b085d3d3-7051-4d67-a341-5600892bf490";
const sold = 13;
const entropy = "mempool.space:945503:000000000000000000013b92be651a8dacc65df22e940c9c7efbfbf22289a287";
async function run() {
const enc = new TextEncoder();
const seedBytes = enc.encode(seed);
const hashed = await crypto.subtle.digest("SHA-256", seedBytes);
const recomputed = [...new Uint8Array(hashed)]
.map((b) => b.toString(16).padStart(2, "0")).join("");
console.log("hashOk:", recomputed === hashStr);
const key = await crypto.subtle.importKey(
"raw", seedBytes, { name: "HMAC", hash: "SHA-256" }, false, ["sign"]
);
const message = entropy
? clientSeed + ":" + lottoId + ":" + entropy
: clientSeed + ":" + lottoId;
const sig = await crypto.subtle.sign("HMAC", key, enc.encode(message));
const hex = [...new Uint8Array(sig)]
.map((b) => b.toString(16).padStart(2, "0")).join("");
const idx = Number(BigInt("0x" + hex.slice(0, 16)) % BigInt(sold));
console.log("hmac:", hex);
console.log("winnerIndex:", idx);
}
run();