This lottery is provably fair. What that means is that there is no way the site can cheat you by picking a lottery winner who we favour. All winners are picked randomly and the method for picking the winners is described below.
- At the beginning of each round, we generate a server seed for that round and show you the SHA256 hash of this seed.
- When a lottery round has concluded, we make a list of all user id's and their lottery tickets and sort it in ascending order of the user id's.
- We then use this list to assign ticket numbers for all tickets. For example if user id 1 has 10 tickets and user id 2 has 20 tickets, then user id 1 will have ticket numbers 0 to 9 and user id 2 will have ticket numbers from 10 to 29. This is done for all users.
- Then the list containing the user id's, tickets held by each user and their ticket numbers is published in a text file. This file also contains the total number of tickets issued in the round and the server seed for that round.
- A MD5 hash of this text file is calculated.
- Then the current bitcoin block number is recorded and a block number that is 6 blocks into the future is decided on. The block hash of this future block is used as a "client seed" ie. a seed that we are not aware of when the list in step 4 has been published.
- Then a tweet is made via our twitter account (twitter.com/freebitco) containing the link to the file generated in step 4, the MD5 hash of the file and the future bitcoin block number as determined in step 6. Since tweets cannot be edited, only deleted, this will provide a timestamp for when the list in step 4 was made, which can be compared to check that the bitcoin block determined in step 6 is in the future ie. we do not know the block hash of this block when the list is generated.
- The winning ticket numbers will be calculated as described below:
- A string (STRING1) is created - "[SERVER SEED]:[BLOCK HASH]:[WINNING POSITION]".
- The SHA256 hash of STRING1 is calculated and the first 8 characters of this hash are taken (STRING2).
- STRING2 is converted to a decimal which gives us a number between 0 and 4,294,967,295 (NUM1).
- NUM1 is then multiplied by the (total number of tickets minus 1) and divided by 4,294,967,295 to get a number (NUM2) between 0 and the total number of tickets less 1.
- NUM2 is then rounded off to the nearest whole number which is the winning ticket number.
- The [WINNING POSITION] starts at 1 and is increased by 1 for picking the 10 winners. The user having the ticket with the lowest [WINNING POSITION] wins the first prize and so on.
- If a user wins more than 1 prize, the number is discarded and [WINNING POSITION] is increased by 1 and the calculations are run again to pick a new user. This is to ensure that a user cannot win more than 1 prize in a round.
HOW IS THE SYSTEM FAIR?
The system described above that is used for picking the winners is provably fair because it has multiple safeguards in place to ensure that winners are picked randomly and fairly.
- We provide a SHA256 hash of the server seed when a lottery round starts. If we change the server seed at any time, the SHA256 hash of the new seed will not match the hash we provided earlier. After a round has ended and we provide the server seed that will be used to pick winners, the hash of the seed we provide can be checked against the hash we provided originally and both should match.
- We use a future bitcoin block hash as the "client seed" ie. a seed that we do not know of. All bitcoin block hashes are unique and nobody knows what the block hash of a future block will be until the block has been mined.
- We use twitter to publish the future bitcoin block number, the list of users and their ticket numbers and the MD5 hash of the user list. It provides a timestamp to check if the block hash that we use is indeed in the future. Since tweets cannot be edited, only deleted - if we delete the tweet after the future block has been mined and publish a new one, it would be easy to catch us cheating by comparing the timestamp of the tweet and that of the bitcoin block. The timestamp of the tweet should always be lesser than the time timestamp of the bitcoin block whose hash is used as the client seed.
- We provide a MD5 hash of the text file containing the list of users and their ticket numbers. If even a single character in the text file is changed after the MD5 hash in the tweet is published, the MD5 hash of the edited file will not match the MD5 hash provided in the tweet.