“Provably fair” gives players a way to independently verify that an online casino’s game round wasn’t secretly changed after the fact. This guide explains the basic cryptography in plain English (server seed, client seed, nonce, HMAC/SHA), walks through how to verify a real round step-by-step, shows a worked example you can follow, and lists common red flags. No deep crypto math required — just follow the steps.
1) The core idea — seeds, hashes and transparency (plain)
Provably fair works by forcing the casino to commit to a secret (the server seed) before a bet is played, but only showing a cryptographic hash of that secret to players. After the round, the casino reveals the original secret so anyone can:
- Confirm the revealed server seed hashes to the previously published hash, and
- Recompute the game outcome deterministically from:
- the revealed server seed (secret),
- the client seed (you supply or the site supplies), and
- the nonce (a counter that changes each bet).
Because the server seed was committed to earlier via its hash, the casino cannot change the secret after you placed the bet without detection.
2) Typical formula & cryptography used (simple explanation)
Most popular implementations use a standard cryptographic HMAC or hash function such as HMAC-SHA256 (some sites use SHA-512 or variants). The exact formula varies between sites, but the usual pattern is:
hmac = HMAC_SHA256(key = server_seed, message = client_seed + ":" + nonce)
The resulting hmac (a long hex string) is then converted into a number and mapped into the game’s outcome space (for example, a dice roll 0.00–99.99, or a crash multiplier). Important: exact ordering and mapping rules differ by implementation — always check the casino’s “provably fair” page for the precise formula.
3) Step-by-step: how to verify a single round (practical)
Follow this checklist to verify a round you played:
- Before you play: copy the server seed hash that the site publishes for the next round (this is the casino’s commitment).
- Record your client seed & nonce: your client seed is either supplied by you or auto-generated (record it). The nonce is usually 0 for your first bet with that seed and increments each bet.
- Play the round and save the round result and the round ID shown by the casino.
- After the round: the casino will reveal the server seed (the secret).
- Confirm the commitment: compute
SHA256(server_seed)(or the site’s specified hash) and check it equals the original server seed hash you saved. If it doesn’t match — the casino cheated or misconfigured. - Recompute the outcome: run the casino’s specified algorithm (often HMAC-SHA256 using server_seed as key and client_seed+nonce as message). Convert the HMAC hex to an integer and apply the site’s mapping rule (e.g.,
% 10000 / 100for a 0.00–99.99 number). The number you compute should match the casino’s published round result.
Most casinos provide a built-in verifier on the game page — you can also use an external HMAC/SHA256 tool to reproduce the steps if you prefer manual verification.
4) Worked example (fake seeds — follow along)
Note: these are illustrative test values — never share real seeds.
- Server seed (revealed after round):
server_seed = "s3cr3tServerSeedExample" - Server seed hash (published before bet):
server_seed_hash = SHA256("s3cr3tServerSeedExample") = e3b0c...(casino shows this before betting) - Client seed (you or site provides):
client_seed = "playerAliceSeed" - Nonce (first bet):
nonce = 0
Step A — verify commitment
Compute SHA256(server_seed) and confirm it equals the server_seed_hash the casino published earlier. If yes, move on.
Step B — compute HMAC
Compute: hmac = HMAC_SHA256(key = server_seed, message = client_seed + ":" + nonce). The output is a hex string like 7f9c2....
Step C — map to outcome
Convert the first 8 hex characters of hmac to an integer, e.g. 0x7f9c2... -> 213912345. Map to dice 0.00–99.99 by:(integer % 10000) / 100 = e.g., 37.12 → this should equal the casino’s reported result.
If everything matches, the round was generated exactly as proved. If not, raise a support ticket and save screenshots. (Remember: actual mapping rules vary — use the casino’s exact spec.)
5) Common variants & implementation differences
- HMAC vs plain hash: some games use
HMAC_SHA256, others useSHA256mixing seeds differently. Casinos should document their exact function. - Byte selection & mapping rules differ: some implementations take the first n bits of the HMAC, others use a modular reduction. That’s why always follow the site’s verifier instructions.
- Nonce indexing: some sites start nonces at 0, others at 1. Using the wrong nonce will produce the wrong result during verification.
Because of these differences, a round that doesn’t verify usually means you used the wrong algorithm, nonce, or mapping — not necessarily that the casino cheated. Still, if the server seed hash doesn’t match the revealed seed, that’s a definite red flag.
6) Tools you can use (fast & safe)
- Casino’s built-in verifier: most provably fair sites include a “Verify” button that runs these steps for you — start there.
- Online HMAC/SHA256 generators: use if you want to recompute manually (only use trusted tools; don’t enter real seeds on random web pages).
- Open-source provably-fair verifiers: some communities publish small scripts to verify common casino algorithms — check the casino’s pages, GitHub repos, or community guides.
Safety note: never paste a live private server seed into a third-party site unless it’s after the round and you trust the tool — the server seed is secret until the casino reveals it post-round for verification.
7) Red flags — when to stop and question the site
- The server seed hash published before play does not equal the hash of the revealed server seed.
- The casino refuses to reveal the server seed for a round (or changes the published server seed hash).
- The site’s provably fair instructions are vague or missing — a transparent implementation explains exact algorithms and mapping rules.
- The same server seed is reused for many rounds without rotation (seeds should change to avoid replay risks).
- The “built-in verifier” gives inconsistent results compared to independent tools.
If you find a red flag, take screenshots, save round IDs, and contact support — and consider reporting to community forums if you suspect fraud.
8) Limits of provably fair — what it does and does not prove
- What it proves: that a specific round was generated from the published seeds and algorithm — and therefore that the operator couldn’t change that round after committing to the server seed. (Webopedia)
- What it doesn’t prove: that the overall platform is trustworthy (e.g., fair terms, proper payout behavior, account handling). Provably fair verifies round fairness, not business integrity — you still need to check licensing, payout history, and reputation.
9) Quick FAQ (short & clear)
Q: Do all crypto casinos use provably fair?
A: No — many do, but some licensed (traditional) casinos rely on independent labs (GLI, eCOGRA) instead. Provably fair is most common in crypto-native sites.
Q: If a website uses HMAC-SHA512 instead of SHA256, does that matter?
A: Not really — both are cryptographic hash functions. The key is that the casino documents which function it uses and you follow that exact method during verification.
Q: Can the casino still cheat even with provably fair?
A: They can’t change the outcome of a given round after committing to the server seed hash. But they could mis-implement the algorithm, publish misleading instructions, or have off-chain business malpractice — so verify both the math and the operator’s reputation.
10) Short checklist — verify a round in under 5 minutes
- Copy the server seed hash before betting.
- Note your client seed and nonce used for the round.
- Play and record the result + round ID.
- After the round, get the revealed server seed from the site.
- Confirm
hash(revealed server seed)= published hash. - Recompute the HMAC/hash using the site’s formula and map to the outcome.
- If any step fails, save evidence and contact support.
