Skip to content
LootBox Solutions

Fairness & verification

Every settled round is provably fair: LootBox Solutions commits to a secret before the outcome is known, and reveals it afterwards so anyone can reproduce and verify the result. Players (and regulators) never have to trust that the draw wasn’t manipulated — they can check it.

How it works

  1. Commit. A per-player seed pair is created: a random serverSeed and its serverSeedHash. Only the hash is shown up front (in the bootstrap and fairness/state).
  2. Client seed. The player contributes (or accepts a generated) clientSeed.
  3. Nonce. Each draw consumes the next integer nonce in the player’s seed pair — a strictly increasing counter, so every round has a unique input.
  4. Draw. The outcome is derived deterministically from (serverSeed, clientSeed, nonce) via the named algorithm (hmac_sha256_v1). Same inputs ⇒ same outcome, always.
  5. Reveal. When the player rotates their seed pair, the previous serverSeed is revealed. They can then confirm sha256(serverSeed) == serverSeedHash and recompute every round drawn under it.
commit:  serverSeedHash = sha256(serverSeed)         ← shown before play
draw:    outcome = f(serverSeed, clientSeed, nonce)   ← nonce increments per round
reveal:  serverSeed                                   ← shown on rotation; verify the hash

What’s recorded per round

Each settled round snapshots everything needed to verify it: serverSeedHash, clientSeed, nonce, and algorithmKey. These appear on the round in purchase responses and in the game app’s round detail.

Rotating seeds

POST /api/play/fairness/rotate reveals the current server seed and starts a new pair. Pass a clientSeed to set the new pair’s client seed, or omit it to carry the previous one forward. Players typically rotate before a session to set their own seed, then again afterwards to reveal and verify.

Verifying a round

Given a revealed serverSeed and a round’s clientSeed + nonce:

  1. Check the commitment: sha256(serverSeed) equals the serverSeedHash the round recorded.
  2. Re-run the published hmac_sha256_v1 algorithm with (serverSeed, clientSeed, nonce) and confirm it yields the same outcome.

Because the server seed was committed (hashed) before the nonce existed, LootBox Solutions could not have chosen an outcome after the fact.