█
// you SSH'd into a casino. place your bets.
$ ls /casino
BIT FLIP
guess the bit. win pays 1.98× your wager.
?
/dev/slots
spin three reels from /dev/urandom.
?
?
?
$ cat paytable.txt
loading…
BUFFER OVERFLOW
multiplier climbs. cash out before it segfaults.
1.00×
idle
$ ./verify --provably-fair
server_seed_hash
—client_seed
—nonce
—revealed_server_seed
—old_server_seed_hash
—verify: sha256(revealed_server_seed) == old_server_seed_hash
// how to verify
Every settled bet returns a proof:
{server_seed_hash, client_seed, nonce}.
Outcome bytes are derived as:
HMAC_SHA256( key = server_seed, msg = "client_seed:nonce:cursor" )
The server commits to server_seed up front by publishing
its sha256. After you rotate, the old seed is
revealed: confirm sha256(revealed) == server_seed_hash,
then replay each nonce through the HMAC to reproduce every result.
No trust required.
$ ./cashout
Cash out your entire balance to your card via the bank.
payout: ₿0.00
paid ₿0.00 to your card.