LootedVault

Provably Fair System

Every case opening is cryptographically verifiable. No trust required. The server seed is hashed before your roll and only revealed afterward โ€” making pre-determination impossible.

How It Works

1

Server Seed (Hidden)

The server generates a 256-bit random seed for each open. Only its SHA-256 hash is shown to you beforehand โ€” the seed itself stays secret until after the roll, making it impossible to pre-determine outcomes.

2

Client Seed + Nonce

You control a client seed (rotatable any time) and an auto-incrementing nonce. This ensures every open produces a unique result, even if the same server seed were reused.

3

HMAC-SHA256 Roll

The server computes HMAC-SHA256(serverSeed, clientSeed:nonce). The first 8 hex chars of the output are interpreted as a 32-bit integer, taken mod 10,000 to produce a roll between 0 and 9,999.

4

Card Mapping + Reveal

The roll selects a card via cumulative weighted odds. After the result, click "Reveal Server Seed" โ€” the raw seed is returned and you can verify the hash matches the commitment shown before the roll.

Security Guarantee

The raw server seed is never sent to the client before the roll. All seed generation and roll computation happens in a server-side API endpoint. The client receives only: the SHA-256 hash of the server seed (pre-roll commitment), the roll result, and an opaque reveal token redeemable after the round settles.

Your Current Seeds

Client Seed YbM5MIiuIwmSF06R
Current Nonce 0

Verify a Roll

After revealing your server seed from the History page, paste all values here to independently reproduce the result.

Algorithm Reference

// Reproducible in any browser โ€” no libraries needed
async function verify(serverSeed, clientSeed, nonce) {
  const key = new TextEncoder().encode(serverSeed);
  const msg = new TextEncoder().encode(`${clientSeed}:${nonce}`);
  const k   = await crypto.subtle.importKey(
    'raw', key, { name: 'HMAC', hash: 'SHA-256' }, false, ['sign']
  );
  const sig = await crypto.subtle.sign('HMAC', k, msg);
  const hex = [...new Uint8Array(sig)]
    .map(b => b.toString(16).padStart(2, '0')).join('');
  return parseInt(hex.slice(0, 8), 16) % 10000; // 0โ€“9999
}