The Problem with Traditional Online Casinos
Traditional online casinos use Random Number Generators (RNGs) that run on their servers. You can't see the code, you can't verify the output, and you can't prove the results weren't manipulated. Third-party audits help, but they're periodic, not per-bet. Provably fair solves this by making every single outcome independently verifiable.
The Three Components
Provably fair uses three inputs: (1) A server seed — a random string generated by the casino, kept secret during play. (2) A client seed — a string you control, which you can change anytime. (3) A nonce — a counter that increments with each bet, preventing replay. Together, these three values are fed into HMAC-SHA256 to produce the game outcome.
The Commitment Scheme
Before you play, the casino hashes the server seed (SHA-256) and shows you the hash. This is the commitment — the casino has locked in a seed but hasn't revealed it. After you're done (or rotate seeds), the raw server seed is revealed. You hash it yourself and verify it matches the commitment. This proves the casino didn't change the seed mid-play.
How Results Are Derived
The outcome is: HMAC-SHA256(server_seed, client_seed:nonce). This produces a 256-bit hash. The first 4 bytes are converted to a float between 0 and 1. For games needing multiple random values (like slot reels or card shuffles), additional floats are generated by appending a cursor: HMAC-SHA256(server_seed, client_seed:nonce:0), HMAC-SHA256(server_seed, client_seed:nonce:1), etc.
Verification in Practice
On Rookie's Fairness page, enter any past round's server seed, client seed, nonce, and game parameters. The page recalculates the result using the exact same algorithm and shows the step-by-step derivation. If the result matches what you experienced in-game, the round was fair. It always will be — that's the beauty of cryptographic verification.