Provably fair Gambling

Each bet result is derived from the final seed, named fseed. fseed is generated from 2 parts:

  • sseed (server seed) is under OUR control, it is generated each time a bet is placed.
  • cseed (client seed) is under YOUR control, and taken from the input box above

All seeds are binary strings, 32 bytes long.

sseed is different for every bet, and is generated in a deterministic but pseudorandom fashion. You can see the sha256(sseed) for your next bet. This enables you to verify that we did not change the sseed in response to your updated cseed. There is also a daily seed (dseed) which will be used to generate sseed, you can use it to verify fairness retroactively. At the starting of each UTC day (subject to accuracy of crond) we will publish the previous days dseed, and sha256 (todays dseed) Each time we change dseed it is logged along with the the id of the last bet made with that seed.

How is everything calculated?

  • fseed = hmac_sha256(cseed, sseed)
  • sseed = hmac_sha256("your name:betctr", dseed)

sha256(sseed) for betctr+1 and sha256(current dseed) are displayed above. If you want to be confident that we are not cheating, you should note them down and use them later for verification. dseed is generated in a hashchain fashion, i.e. yesterdays dseed is sha256(todays dseed), which assures you that every server side secret was known in advance since day zero. fseed determines the outcome of a game differently, depending on what game you are playing.

Wheel Spin

Landing segment is determined by first nibble (4 bits) of fseed. The wheel segment positions are numbered as shown in this image:

Coin Drop

Landing slot is determined by the first nibble (4 bits) of hmac_sha256(starting slot, fseed) valued 8 or less. If there is no such nibble then the result is ×3. It is possible the coin animation can land in the "wrong" slot, but it will always be one with the correct multiplier. If by some chance (a very very small chance) the animation displays incorrectly please inform an admin. If this happens the bet will be correct and verifiable, only the animation can display incorrectly.

Dice

To determine dice outcome, we take first 5 nibbles of fseed (20 bits, 5 hex digits) and interpret it like a simple number. If it is greater than 999999 then we take next 5 nibbles, and so on. If every group of 5 nibbles gives a number greater than 999999, then you win.
Your bet is processed in the following way:

  • Bet looks like ">X" or "<X"
  • First we append two zeros to X (we are doing exact math, not floating point), lets call that Y
  • Then if your bet was "<X" your target is Y
  • Or, if your bet was ">X" we then your target is 1000000-Y
  • Next step is to calculate your outcome from fseed as described above
  • You win if your outcome is less than target

Can I verify your claims independently?

Yes! 100%. We are called CryptoBetFair for a reason. We encourage everyone to verify their bets. In order for you to be absolutely sure we are not cheating, you must understand the different ways we could cheat. Lets discuss the different possibilities here.

The simplest way for us to cheat would be to change server seed at the time of the bet. We publish the sha256(sseed) in advance, so you can verify that it stays the same.

The next thing we could do is generate the next server seed with a low outcome, under assumption that you will not change your client seed. That would work most of time. You can be sure that we do not do this, because our server seeds are generated deterministicaly. You can confirm after the daily seed (used for generating server seeds) expires. Moreover, daily seeds are known in advance since day zero, and this is verifiable. Every daily seed is sha256 of the next one, forming a hashchain which proves that every new value was known in advance.

Another way to cheat would be to use global “bet id” as a part of the calculation. We would be able to skip ids (easily observable), or to do so called frontrunning, which would be harder to confirm. You are protected from this kind of cheating because we do not use a global bet id. Instead we use your bet counter. It is possible to easily and undoubtedly identify any attempt at cheating.

And finally, we could generate a bad default cseed when you sign up, and then hope that you will not change it. You can know that we do not do this because everyone has the same default cseed which is all zeros. Using username as a part of the calculation combined with daily seeds that are known long in advance, we make sure that bets depend on server secret as well as on your input even if you do not ever change your cseed.

All past daily seeds can be found at https://cryptobetfair.com/seeds.txt.

At this point, we can say that we have done our best to ensure demonstrable fairness even if you take no action to help us to make it demonstrable.

Ok, but how can I verify all of the above?

You can find php code to verify everything at
https://cryptobetfair.com/d/i/verifybet.php?showyourself=plain
or
https://cryptobetfair.com/d/i/verifybet.php?showyourself=pygmentize.

Former is better if you want to copy and run it yourself, which you can do on apache or php5-fpm based web server as well as from command line, and later is good if you just want to read the code.

Since we could run a rigged code but show a correct code to you, we encourage you to run verifybet.php on your own machine. This way you will be sure that we do what we say, or you will catch us in trying to defraud you.