Skip to content
CryptoGamblingHub.org
Updated April 2026Technical guide

Provably fair gambling, explained

Most guides wave at 'cryptographic verification' without showing how it works. This one walks through server seed, client seed, hash commitment, HMAC, and how you verify a single result end-to-end — plus what the mechanism does and doesn't prove.

Cryptographic flow

The provably fair commit/reveal protocol

Every step happens in a fixed order. The commitment locks the operator in before bets close; the reveal lets anyone verify the round wasn't adjusted afterwards.

  1. Before · Commitment

    1. Server seed hashed

    Operator generates a secret server seed and publishes its SHA-256 hash. You see the hash; the seed itself stays hidden.

  2. Before · Inputs

    2. You provide a client seed

    Your contribution to the round. Operator can't predict it, can't change it. Most UIs let you set this manually for transparency.

  3. Round · Computation

    3. HMAC-SHA256 produces outcome

    The round outcome = HMAC-SHA256(server_seed, client_seed:nonce). Deterministic. Operator commits to this before bet closes.

  4. After · Reveal

    4. Server seed revealed

    On rotation, the operator reveals the previously-hidden server seed. Anyone can now hash it and check it matches the original commitment.

  5. After · Verify

    5. Recompute and compare

    Plug all three values back into HMAC-SHA256. If your computed outcome matches what the operator paid, the round was honest.

SHA-256 + HMAC are the same primitives that secure TLS and bank transfers. Breaking them at scale would be a generational cryptographic discovery — not an app sold for $30 on Telegram.

What the term actually promises

'Provably fair' is a specific cryptographic protocol, not a marketing slogan. What it commits to is this: the casino cannot change the outcome of a round after you see the inputs, and you can prove this was the case for any given round, after the fact.

That is a narrower claim than 'the casino is honest'. Provably fair does not prove that the casino's odds are advertised correctly. It does not prove the RNG is unbiased. It proves exactly one thing: the result was determined before your bet was placed, and the operator did not pick the result to make you lose.

It's useful. It's not a panacea.

The core mechanism — server seed, client seed, nonce

Before you place a bet, the casino generates a secret value called the server seed. They immediately publish a cryptographic hash of that secret — typically SHA-256. You see the hash; you don't see the secret itself yet. This is the commitment.

You provide a client seed. Most interfaces let you set this explicitly — your username, a random number, anything you choose. The point is that the casino can't predict it because you chose it independently.

Each round uses a nonce — just a counter. Round one has nonce zero. Round two, nonce one. And so on.

The result of any given round is a deterministic function of these three inputs: HMAC-SHA256(server_seed, client_seed:nonce). The casino can't know the result until all three values exist, and the server seed is the only part they control.

The commitment is what makes it fair

Here's the critical point. The casino commits to their server seed before you know what it is. Once committed, they cannot change it without changing the hash — which is cryptographically impossible for SHA-256 within any reasonable computational budget.

After your session ends — or whenever you rotate your seed — the casino reveals the server seed. You can then compute SHA-256 of the revealed seed and compare to the hash they committed before. If it matches, they didn't swap seeds mid-session.

With the revealed server seed plus your client seed and the nonce sequence, you can recompute every single bet result. If what you computed matches what actually happened in the game, the round was honest.

Walking through a single bet verification

Stake Originals Dice, as a concrete example. Before your session: casino publishes hash H = SHA-256(server_seed). You set client_seed = 'mysession123'. You place bet on nonce = 0, betting under 50.

The result is determined by computing HMAC-SHA256(server_seed, 'mysession123:0'), taking the first 4 bytes of output, mod 10001, dividing by 100. That gives you a number between 0.00 and 100.00 — the 'dice roll'.

If your dice roll comes up 37.45, you win (under 50). After you rotate your seed, Stake reveals server_seed. You compute SHA-256(server_seed) and verify it matches the committed H. You compute HMAC-SHA256(server_seed, 'mysession123:0') and check the roll calculation produces 37.45. All three checks pass — the round was honest.

Tools exist to do this verification automatically — Stake's own dashboard has a verifier built in. You can also verify externally with a standard cryptographic library if you want complete independence.

What provably fair does NOT prove

The odds. If a dice game claims a 1% house edge but actually runs 3%, provably fair verification doesn't catch that. The math distribution of outcomes is correct, but the payout on those outcomes is a separate operator-controlled parameter.

The RNG quality. A malicious operator could use a weak server seed source. Provably fair proves they committed to the seed, not that the seed was cryptographically strong.

Third-party slots. Almost no third-party slots (Pragmatic Play, Hacksaw, Nolimit City) use provably fair seeds. They use provider-level RNG certification audited by third parties. Different trust mechanism, same goal, not interoperable.

The platform's overall honesty. An operator could run every game provably fair, freeze your withdrawal, and the provably fair mechanic would tell you nothing about the withdrawal freeze. Separate concerns.

Which operators implement it cleanly

Stake's implementation is the industry reference. Seed commitment before the session, reveal after rotation, automatic verifier in the dashboard, documented algorithm for every original. Every Stake Original uses it.

BC.Game's implementation is similar but less well-surfaced. The mechanism exists; finding the verifier takes more clicks.

Rollbit and Duelbits publish seed-reveal on their originals but the UX is less polished.

Some smaller operators claim 'provably fair' but don't publish hash commitments or seed-reveal tools. Claim without mechanism. Don't trust these.

Frequently asked questions

Can I trust provably fair without verifying myself?+

Partially. The fact that an operator publishes the mechanism is some signal — it means they've committed to a specific, verifiable protocol, and shortcuts like swapping seeds would be caught by anyone who does verify. In practice almost nobody verifies individual rounds, but the possibility of verification constrains operator behaviour. It's useful as a credible commitment even without personal verification.

Should I change my client seed often?+

Not required for fairness, but good practice. Changing your client seed rotates the deterministic sequence you're playing — useful if you want to psychologically reset after a losing streak or if you suspect the operator might have predicted your input somehow (they can't, but the habit is cheap).

Does provably fair work for live dealer games?+

No. Live dealer games use physical cards, wheels, dice operated by humans. The randomness comes from the physical process, not cryptographic seeds. Integrity here is guaranteed through regulated provider oversight (Evolution, Pragmatic Live) rather than provable math. Different trust model.

Is provably fair the same as blockchain-based betting?+

No. Provably fair is a cryptographic commitment protocol. It doesn't require a blockchain — Stake, BC.Game and others implement it on traditional centralised servers with no on-chain component for the game results. Some true on-chain casinos exist (smart contract dice, etc.) but those are a different and much smaller category.

What should I actually do with this information?+

When picking a crypto casino, provably fair on originals is a meaningful signal of operator trustworthiness even if you never verify a single round yourself. When playing third-party slots, remember that provably fair doesn't apply — you're relying on provider RNG certification instead. And if you want to verify a suspicious session, the tooling exists and is worth using once to understand how it feels.

Related reading