What Is “Provably Fair”, And How Do I Use It?

Creepybits
5 min readJul 31, 2022

--

If you have spent any time at online casinos, you have most likely come across the term “Provably Fair”. Maybe you have randomly checked a few bets with the casino’s own verify checker. You might have wondered how it works but thought it was too complicated to look up or decided just to trust the casino.

I will briefly explain Provably Fair and show a few examples of how to manually check the fairness of bets made in some popular games.

What is “Provably Fair”?

Provably fair is an algorithm that checks and verifies an online casino’s fairness towards its players. The algorithm uses three variables to decide the outcome of any one bet.

  • Server Seed: This is provided by the casino, and often the player can see a hashed version of this before making a bet.
  • Client Seed: This is a random seed set by the browser. Some casinos allow you to manually put in your seed, which should contain between 10 and 32 numbers or letters.
  • Nonce: This is a number starting at zero and adding +1 for every bet you make. This is reset to zero once a new server- and client seed are set.

The casino cannot make any changes to the server seed; since it’s recorded before any bet is made, the casino can’t manipulate the outcome unnoticed.

How is it calculated?

The server seed, client seed, and nonce together form a string of hexadecimal numbers. This string is called hmac_sha256. It all could look like this, for example.

Client Seed (set by us): ProvablyFair

Unhashed Server Seed (set by the casino): f06bd1b00e831aaf823c25ec60cff3ff2a25b5113d9ab8126bc11dc751b76137

Hashed Server Seed (same as above but hashed to be secret until after bet): 6e67f1eadc4a3f68c52c9865ee853913544db8c433e963f1e5a1b1cca95abbf3

Nonce (the third bet using these seeds): 3

hmac_sha256 (client seed + unhashed server seed + nonce): 23 aa 04 66 91 ab 93 d5 a7 97 31 92 c2 c7 90 fd e0 9a 5c ce 23 b5 88 bb b5 80 3a 33 b6 72 5e e8

Check out my site filled with online betting and casino guides!

creepybits.bet

For BC Game

The result from the game is calculated from the hmac_sha256 string. Using the above when playing a classic dice game, for example, the calculation would look like this.

The first eight characters from the hmac_sha256 string are converted from hexadecimal to a decimal using a hexadecimal converter.

23 = 35, aa = 170, 04 = 4, 66 = 102

Each of these numbers is then calculated as follows: (number)/(256¹), (number)/(256²), (number)/(256³) and (number)/(256⁴)
(35/(256¹)) = 0.136718750
(170/(256²)) = 0.002593994
(4/(256³)) = 0.002593994
(102/(256⁴)) = 0.000000024

Add the results together and we get: 0.139313006
Multiply by 10001 for: 1393.269
Divide by 100: 13.93

The result we should get from the dice is 13.93.

This example is using the Classic Dice game at BC.game.

For Stake

Using the same nonce, server- and client seed at Stake Casino will not generate the same result.

Screenshot from Stake Casino

How come the same seeds and nonce generate a different result? If I’m completely honest, I’m not sure. It might be because, at Stake Casino, the order of the seeds and nonce that converts to hmac_sha256 is server seed, client seed, and nonce, while at BC Game, The order is client seed, server seed, and nonce. Maybe the casinos are using different algorithms for generating the hmac_sha256 string. Either way, both casinos are consistent, which is what’s important.

Other than that, they calculate the results the same way. For Stake Casino, the calculations will look like this.

hmac_sha256: e5 16 36 ed 20 a3 b8 5b e6 d3 ab 18 a0 90 9b f5 4e 35 ad dc e7 10 97 c7 fa 98 74 21 d6 a6 86 48

The first eight characters from the hmac_sha256 string are converted from hexadecimal to a decimal using a hexadecimal converter.

e5 = 229, 16 = 22, 36 = 54, ed = 237

(229 / (256¹)) = 0.894531250000
(022 / (256²)) = 0.000335693359
(054 / (256³)) = 0.000003218651
(237 / (256⁴)) = 0.000000055181

Add the results together and we get: 0.894870217191
Multiply by 10001 for: 8949 (rounded up)
Divide by 100: 89.49

The result we should get from the dice is 89.49

For Trustdice

The site Trustdice uses to verify bets doesn’t allow us to change the nonce. However, we can use another site to check what the result would be with the same nonce, server- and client seed.

Once again, a different result, but Trustdice is also consistent. What Trustdice isn’t doing is sharing the hmac_sha256, which makes it hard to do a manual calculation to check if the result is correct.

For BetFury

BetFury has, in my opinion, the worst system for provably fair. They don’t let the user change the client seed, for example. That doesn’t mean that they are being dishonest by any means. When you click “Verify” on a previous bet at BetFury, you are sent to a third-party website, which isn’t strange since that’s what most casinos will do. This one doesn’t provide much information, so let’s see what happens if we write the client seed in their verifier.

As far as I can see, verifying a bet made at BetFury will only confirm that the client seed and server seed are compatible. We will not get the unhashed server seed, the hmac_sha256 or an explanation on how they calculate the result.

Again, this does not mean that BetFury is being dishonest. But I must admit that I feel safer when the casino is more transparent.

I think this will have to be enough. Now we have verified (or tried to verify) a bet using the same seeds and nonce at four different casinos. Feel free to send me a message should you notice any errors.

If you like what you’ve read, you are most welcome to show your support by any of the options below.

Anyone can show their support at my PayPal or send cryptocurrency to any of the addresses below.

Bitcoin address: bc1q3yweqw6dvdrdj999prmuxzuw6y6c3sam3e2pac

Litecoin address: ltc1qqdex5w4tsy5kua47u8nke0r3ufu4cpe8y37xn2

ETH/BSC address: 0x662bd246Ebb857F1AB368500527C54ef0b864bd8

Contact: jobb.zanno@gmail.com

--

--