Provably Fair Verifier

01

Inputs

From a settled game in the FiftyFifty app, open the Provably Fair panel and copy each value here. Or follow a "Verify this game" link to prefill these fields automatically.

Game ID

Game Type

Server Seed Hash committed at game start

Server Seed revealed at settlement

Creator Client Seed

Opponent Client Seed

Game-specific configuration defaults match FiftyFifty's launch ruleset

Number-Guess range

min max

Tile-Reveal grid

rows cols bombs

Plinko

slots balls sudden

02

Result

03

Specification

Every FiftyFifty prediction game commits a 32-byte server seed at creation. The SHA-256 of that seed is published immediately so the server can't change the seed afterwards. Both players also contribute a 64-character hex client seed. The game outcome is then derived deterministically from these inputs:

HMAC-SHA256 byte stream

1HMAC_SHA256(
2  key   = serverSeed,
3  data  = `${fairnessVersion}|${gameId}|${creatorSeed}|${opponentSeed}|${purposeTag}:${counter}`
4)

The counter starts at 0 and increments per 32-byte block. Bytes from the stream are read big-endian and reduced to uniform integers via mask-and-reject sampling — no modulo bias. Each game type uses a distinct purpose tag so streams never collide:

At settlement, the server seed is revealed — the same 32 bytes whose hash was published before play began. Anyone can then re-run the algorithm and confirm the outcome wasn't altered after the fact.

04

Trust Model

Don't trust this page. The whole point is that you don't have to.

A
Read the source. View Source on this page, or open verify.js in the repo. Around 100 lines wrap crypto.subtle — the rest is form handling.
B
Re-implement the algorithm in your favorite language. HMAC-SHA256 plus mask-and-reject sampling is small enough to write in an afternoon. Run a settled game's seeds through your version.
C
Compare. If your independent derivation disagrees with what FiftyFifty stored for the game, that's a critical bug — please report with the Game ID.