Provably-fair proof

This page reproduces the winner computation from public inputs. You can recompute every step in your browser's DevTools — don't trust our math, verify it.

1. Pre-commit (server_seed_hash)

Published when the draw went live (2026-05-28T23:16:11.706Z).

64d52210459ca52b852b4a94c4ce2534d89066bbe217353229d4f1b507d245fb

2. Reveal (server_seed)

Revealed after draw (2026-05-31T23:15:15.491Z).

59a333470c93da10576fa3aa6249704ab30e9273495d44ce57670110c0ce631b

Hash check: ✓ sha256(server_seed) === published hash

3. Client seed inputs (all sold eggs)

#	Wallet	Winner?
1	A3nRd6...Fbvt
2	Ano4Dm...chSw
3	7MvYxZ...1dXP
4	71dfGd...SS6g
5	3TDBsG...ovyE
6	AQmp7N...Eatz
7	BsCuxX...F9UY
8	2ird6n...86mv
9	kUS5Sy...dovw
10	ARVJ9G...icGE
11	7Y8vNk...Ddyt
12	did:pr...mmq2
13	JBstPD...Zir9
14	E1VVNK...Ba9E	🎉
15	9UU1p3...teVt
16	4UVZsH...RXQH
17	3YBqQc...qsXu
18	2ABhMj...WC8a
19	BeXDWz...ww2V
20	Bao3UY...qPvx
21	B9g8Cu...NiEn
22	3XuN7X...aiMT
23	E5vC3a...XFPg
24	EFwazu...HwWA
25	7f8q7a...W1mW
26	Ghhwya...UsoP
27	Es5494...p7bs
28	4ZbXXe...uNHz
29	3tf26E...YGoi
30	26LURR...6wte
31	5CKeAq...mwcm
32	2wHMMg...HiGw
33	HpwH4R...51xh
34	CoVhCT...D6Cn
35	D2mrbs...2VPQ
36	4CSfrx...w9TX
37	5DcAQv...r45E
38	J17RXt...Wma5
39	GbmNiL...xp1Y
40	HnnL3K...zJUJ
41	HqEtjN...yheB
42	BEAq6S...fLtK
43	FDA2E7...FPbJ
44	3Wsr1K...EMmZ
45	EzfMVi...2QC6
46	GNCYQN...uvhg
47	6X4AS1...nQww
48	B5ywNJ...iHwX
49	9eXWfv...S3j8
51	B5MHQQ...xyP3
52	8nRfsK...BicL
53	CyLwMe...zQZ8
60	ApeP8q...euwV
63	BgecHp...Pk6P
67	Eh5paK...jcm6
69	98nEKr...vxCb
70	3JmzWh...J9vP
71	2jcazK...iEey
74	6JwQFt...s1Rg
77	FHm4sR...gjWh
88	FbDEGb...BY5V
98	did:pr...ypmv
112	GLZh4h...Vamj
135	BGDKeT...iukC
142	8x4sSX...Tt9Q
198	9kw8KB...Jas6
203	43y2Hn...8yuJ
211	98c5iR...yeJv
237	BYqn3m...WNE3
250	4vdwQd...KDfW

4. Derived client_seed

client_seed = sha256(sorted by entry_number, joined as "N:wallet" with '|')

bc12c403ec6033f816f94b0e28dff0c8a0e298fbeb45a7350a85041d11a4aede

5. External entropy (Bitcoin block)

Mixed into the HMAC input so the draw depends on a value the operator could not have known when the server seed was committed ( 2026-05-28T23:16:11.706Z). Any Bitcoin block mined after the commit works — we take the tip at draw time.

sourcemempool.spaceheight951,909hash00000000000000000000efc192f4efd050945f391e9cde8845fc4139ce29b9f8block time2026-05-31T22:57:42.000Z

Cross-check on mempool.space or blockstream.info.

6. Winner computation

HMAC-SHA256(server_seed, "client_seed:lotto_id:source:height:hash"), first 16 hex chars, mod sold_count (70).

hmac = c0cf1f3a72194a1bfda75a2286bbd0337c10a569ea49a72aea16faa6eca9a74a

Computed index: 13 → winning egg: #14

7. Independent verification

Show JS snippet (paste into DevTools)

const seed = "59a333470c93da10576fa3aa6249704ab30e9273495d44ce57670110c0ce631b";
const hashStr = "64d52210459ca52b852b4a94c4ce2534d89066bbe217353229d4f1b507d245fb";
const clientSeed = "bc12c403ec6033f816f94b0e28dff0c8a0e298fbeb45a7350a85041d11a4aede";
const lottoId = "1c44903a-2c46-4745-9891-0bda998d898e";
const sold = 70;
const entropy = "mempool.space:951909:00000000000000000000efc192f4efd050945f391e9cde8845fc4139ce29b9f8";

async function run() {
  const enc = new TextEncoder();
  const seedBytes = enc.encode(seed);
  const hashed = await crypto.subtle.digest("SHA-256", seedBytes);
  const recomputed = [...new Uint8Array(hashed)]
    .map((b) => b.toString(16).padStart(2, "0")).join("");
  console.log("hashOk:", recomputed === hashStr);

  const key = await crypto.subtle.importKey(
    "raw", seedBytes, { name: "HMAC", hash: "SHA-256" }, false, ["sign"]
  );
  const message = entropy
    ? clientSeed + ":" + lottoId + ":" + entropy
    : clientSeed + ":" + lottoId;
  const sig = await crypto.subtle.sign("HMAC", key, enc.encode(message));
  const hex = [...new Uint8Array(sig)]
    .map((b) => b.toString(16).padStart(2, "0")).join("");
  const idx = Number(BigInt("0x" + hex.slice(0, 16)) % BigInt(sold));
  console.log("hmac:", hex);
  console.log("winnerIndex:", idx);
}
run();