Worldwide bitcoin lottery

[Snezzy]

Hi all,

I am a fairly new member to the bitcointalk community and is seeking some help from experienced users.

I have been working on a business idea for a couple of months now involving lottery and bitcoins.
However it seems like there in general is a lot of scam (and thereby mistrust) within Bitcoin businesses in general.
This is why I need help. So let me first tell about the business idea.

I want to establish a world wide lottery, where you by transferring a certain amount to a certain bitcoin address will have entered with a ticket.
The idea is that 1 in 10 tickets will win, while one very lucky ticket will win 5.000 Bitcoins (based on 1 ticket cost of 0,01 btc)
So to explain:
Every time 10 tickets are sold, then these 10 tickets enter into a draw for 20% of the total ticket costs.
A random ticket is selected and the winnings are paid back to the winner. If you win in this first round, then you also advance to the second round.

So when 10 x 10 tickets have been sold, then a new draw between the previous 10 advancing tickets will occur for 15% of the total ticket price (of 100 tickets) and the winner will advance to 3rd round.

and so on... until a very lucky winner have won 5000 bitcoin.

Well I am have had a few considerations.

1. The algorithm for selecting the winner in each should be a random algorithm based only on the bitcoin addresses participating.
I believe that it will very important, that this algorithm is public, so everyone can test that the draw is not tampered with in any way. But also must be so complex that nobody can predict any outcomes.
This part I think I have already covered with an algorithm that I have worked on and tested over the past couple of months.

2. Securing the bitcoins
This is where I really hope to get some input from some of the users in here. (The more sceptic, the better)
How should I do to proff to participants, that price money are secured and intact?
First of all I do not like the idea of storing all that bitcoin in an online wallet, since these can be hacked.
Second I do not like to use any "escrow services" as this is just moving the risk of fraud from 1 place to another.
I hope someone can suggest a complete transparent setup where participants at any time can verify that the prize pool is intact and I way where bitcoins can only be paid to winners.
And off course cannot be hacked.
Is this possible ?

Please also mention if you see any potential places for mistrust as my aim will be to make this complete transparent and fair.

Regards Snezzy

[JackpotRacer]

Hi all,

I am a fairly new member to the bitcointalk community and is seeking some help from experienced users.

I have been working on a business idea for a couple of months now involving lottery and bitcoins.
However it seems like there in general is a lot of scam (and thereby mistrust) within Bitcoin businesses in general.
This is why I need help. So let me first tell about the business idea.

I want to establish a world wide lottery, where you by transferring a certain amount to a certain bitcoin address will have entered with a ticket.
The idea is that 1 in 10 tickets will win, while one very lucky ticket will win 5.000 Bitcoins (based on 1 ticket cost of 0,01 btc)
So to explain:
Every time 10 tickets are sold, then these 10 tickets enter into a draw for 20% of the total ticket costs.
A random ticket is selected and the winnings are paid back to the winner. If you win in this first round, then you also advance to the second round.

So when 10 x 10 tickets have been sold, then a new draw between the previous 10 advancing tickets will occur for 15% of the total ticket price (of 100 tickets) and the winner will advance to 3rd round.

and so on... until a very lucky winner have won 5000 bitcoin.

Well I am have had a few considerations.

1. The algorithm for selecting the winner in each should be a random algorithm based only on the bitcoin addresses participating.
I believe that it will very important, that this algorithm is public, so everyone can test that the draw is not tampered with in any way. But also must be so complex that nobody can predict any outcomes.
This part I think I have already covered with an algorithm that I have worked on and tested over the past couple of months.

2. Securing the bitcoins
This is where I really hope to get some input from some of the users in here. (The more sceptic, the better)
How should I do to proff to participants, that price money are secured and intact?
First of all I do not like the idea of storing all that bitcoin in an online wallet, since these can be hacked.
Second I do not like to use any "escrow services" as this is just moving the risk of fraud from 1 place to another.
I hope someone can suggest a complete transparent setup where participants at any time can verify that the prize pool is intact and I way where bitcoins can only be paid to winners.
And off course cannot be hacked.
Is this possible ?

Please also mention if you see any potential places for mistrust as my aim will be to make this complete transparent and fair.

Regards Snezzy

I would propose that you read the following thread  and pay attention to @dooglus answers and explanations

https://bitcointalk.org/index.php?topic=1312679.0

[mrcashking]

Please also mention if you see any potential places for mistrust as my aim will be to make this complete transparent and fair.

To be honest i am not a security developer or an expert in these subject but i am fairly sure that Nico,dooglus and other active guys are going to point it out as soon as they see any flaw or anything which might not be considered fair in some sense.

[bitbaby]

Not going to comment on the flaws of the system but this is my general opinion on Bitcoin lotteries, a lot many have been tried in the past but almost all of them failed because of low/no interest.

Even if you can make it completely fair and trusted, you'd have a hard time getting people to bet, gamblers (BTC gamblers especially) have no patience and prefer instant results and things with less complications, which is why you'll see most of them playing on dice, because it is as easy as 1+1=2 and it is instant, you can bet 100s of times in a minute and results are instant, whether you win or lose.

But if you still think you want to do this then make a test website with your system to start with and then testers can share their views on what is good/bad and what needs to be changed.

[Wusolini]

first thing came up my mind is: another ponzi but this time he gave us the ceiling ... 5000 BTC and he's gone

don't expect much unless you become registered company (provide people legal way to chase you...just in case) or use escrow ... guess there is no other way 

[Snezzy]

first thing came up my mind is: another ponzi but this time he gave us the ceiling ... 5000 BTC and he's gone

don't expect much unless you become registered company (provide people legal way to chase you...just in case) or use escrow ... guess there is no other way 

@wusolini
I know there are many ponzi schemes out there. This is excatly why I do not want to do this before I have checked evertyhing needed to make it complete transparent. Good point with the company. I already have such and the company also have a gambling license. This is just basic stuff. But I want suggestions how to even further ensure that funds are kept save and available for winning tickets. It must be possible in some way.
Also no need to do ponzi scheme on this, since less than 100% percent of revenue goes back to winners, so there is already profit. If you have any suggestions how to make storing of paid in bitcoins transparent, I will be very happy to hear about this.

[futurebit640]

first thing came up my mind is: another ponzi but this time he gave us the ceiling ... 5000 BTC and he's gone

don't expect much unless you become registered company (provide people legal way to chase you...just in case) or use escrow ... guess there is no other way 

@wusolini
I know there are many ponzi schemes out there. This is excatly why I do not want to do this before I have checked evertyhing needed to make it complete transparent. Good point with the company. I already have such and the company also have a gambling license. This is just basic stuff. But I want suggestions how to even further ensure that funds are kept save and available for winning tickets. It must be possible in some way.
Also no need to do ponzi scheme on this, since less than 100% percent of revenue goes back to winners, so there is already profit. If you have any suggestions how to make storing of paid in bitcoins transparent, I will be very happy to hear about this.

Storing btc part comes later but first who will trust and buy lottery from you or your company? Because in lottery quite a big amount will be generated before you distribute to the winner so I don't think any one will trust new company and put money into it.

[debuni]

There isn't any particular interest in general in BTC gambling.

You could check RHavar thread (search it, https://www.pevpot.com/) - he made +EV lottery. I don't think you could compete this. As your will be -EV and have  big reputation here.

[Snezzy]

There isn't any particular interest in general in BTC gambling.

You could check RHavar thread (search it, https://www.pevpot.com/) - he made +EV lottery. I don't think you could compete this. As your will be -EV and have  big reputation here.

Can someone help me with the abbreviation "EV". Not sure what this is.

[Snezzy]

Storing btc part comes later but first who will trust and buy lottery from you or your company? Because in lottery quite a big amount will be generated before you distribute to the winner so I don't think any one will trust new company and put money into it.

I completely agree. If nobody trust it, then no tickets will be sold. A little advantage is that the company is not brand new, but I still agree that some sort of control of funds deposited into the lottery is needed. This is excatle my questiob whether this is possible in some way, or will I have to coorporate with a big accounting firm or similar to hold these funds.

[JackpotRacer]

There isn't any particular interest in general in BTC gambling.

You could check RHavar thread (search it, https://www.pevpot.com/) - he made +EV lottery. I don't think you could compete this. As your will be -EV and have  big reputation here.

could you please read this again There isn't any particular interest in general in BTC gambling. and explain why there is no interest in BTC gambling? or are you only showing us your nice signature?

just for info....all casinos are -EV and all fiat and BTC lotteries are -EV

[Snezzy]

There isn't any particular interest in general in BTC gambling.

You could check RHavar thread (search it, https://www.pevpot.com/) - he made +EV lottery. I don't think you could compete this. As your will be -EV and have  big reputation here.

If "EV" means "Expected Value"?
Normally I would not trust anyone claiming EV+ in lottery as this is not sutainable business model.

[marioantonini]

generally, i play more in lottery (italian lottery, superenalotto and lotto), i don't have understand why the bitcoin user like play a dice game and not a lottery, with big bonus.
i think a good idea can is associate a bitcoin lottery with a normal lottery ? Example, the number of winner is the same of italian lottery

[Snezzy]

So now I can post the algorithm, that is developed

The following has been taken into consideration:
1. Must be random
2. Must be provably fair
3. Organiser must not be able to tamper with result (Or take any advantage of knowing secret token / salt)

Please let me know, if you see any problems (at all)
# LOTTERY
# A secret token and secret salt is made for every lottery block of 10 tickets
# When someone enters lottery, then the following is made public
# - BTC Address
# - The time when ticket was bought
# - Lottery HASH - getLotteryHash()

$secret_token   = "some-secret-token";
$salt         = "some-salt";

function getLotteryHash($address,$salt,$secret_token) {
   return hash_hmac("sha256",$address.$salt,$secret_token);
}


When a block of 10 lottery tickets are filled, then the lottery block will be locked
The following will be displayed online
- Timestamp (UTC) of when the block was locked
Selecting random beacon
This we will select from https://blockchain.info/
The value selected will be the "Total number of Bitcoin transactions" for the date when the Lottery block was locked
(If the lottery block is locked less than 2 minutes before midnight, then the following day will be used)
The drawWinner($address_arr) function is run every hour until a winner is found
- $address_arr is ordered by time of enter
When winner is published, then $secret_token and $salt will also be published

function drawWinner($address_arr, $secret_token, $lottery_block_lock_time){
   
   if(is_null($random_beacon = getRandomBeacon($lottery_block_lock_time))) {
      return false;
   }
   
   mt_srand(calculateSeed($address_arr, $secret_token, $random_beacon));
   
   $idx = mt_rand(0, count($address_arr) - 1);
   
   return $address_arr[$idx];
}

function calculateSeed($lottery_bet_address_arr, $secret_token, $random_beacon){
   
   $hashed_addresses = '';
   
   foreach ($lottery_btc_address_arr as $address){
      $hashed_addresses .= hash_hmac('sha256', $address, $secret_token.$random_beacon);
   }
   
   return crc32($hashed_addresses);
}


function getRandomBeacon($lottery_block_lock_time) {
   
   $date = date('Y-m-d', strtotime($lottery_block_lock_time) + 60 * 2);
   
   $time = strtotime($date.' 18:15:05');
   
   $json = file_get_contents('https://blockchain.info/da/charts/n-transactions?format=json&timespan=30days');
   
   $data = json_decode($json);
   
   foreach ($data->values as $info) {
      if($info->x == $time) {
         return $info->y;
      }
   }
   return null;
}

Again, please point out any problems with this method.

[dooglus]

1. The algorithm for selecting the winner in each should be a random algorithm based only on the bitcoin addresses participating.
I believe that it will very important, that this algorithm is public, so everyone can test that the draw is not tampered with in any way. But also must be so complex that nobody can predict any outcomes.
This part I think I have already covered with an algorithm that I have worked on and tested over the past couple of months.

I don't think this is as easy as you think it is to get right. I'll respond further when you post the algorithm, below.

I hope someone can suggest a complete transparent setup where participants at any time can verify that the prize pool is intact and I way where bitcoins can only be paid to winners.
And off course cannot be hacked.
Is this possible ?

I don't think it's possible using Bitcoin. Maybe using an Ethereum smart contact you could do something like this, where the contract takes care of paying out the winner and only the winner. As I understand it, if you have access to the bitcoins to send them to the winner, you also have access to the bitcoins to send them to yourself, or to someone who blackmails you, etc.

You could check RHavar thread (search it, https://www.pevpot.com/) - he made +EV lottery. I don't think you could compete this. As your will be -EV and have  big reputation here.

just for info....all casinos are -EV and all fiat and BTC lotteries are -EV

pevpot.com is a +EV BTC lottery. The site pays out more in prizes than it takes from players. The difference comes from sponsors who advertise on the site.

"EV" means "expected value" by the way.

You should really take a look at the pevpot thread since it is a great example of how to make a provably fair lottery, and the thread is a decent example of how to work with the forum community to improve the site.

Ultimately, however, we are left having to trust RHavar to pay out the correct winner each week, and not to steal the coins for himself. But at least we can be confident that the winner was fairly selected - we can verify the result for ourselves, and know that nobody was able to manipulate the result. (Well, everyone is able to manipulate the result, but it takes so long to calculate the effect of each manipulation that by the time your calculation finishes it is too late).

Normally I would not trust anyone claiming EV+ in lottery as this is not sutainable business model.

The idea is that players will flock to the site to play the +EV game, which will make the site attractive for advertisers, who will fund the +EV-ness of the site. I'm not sure how well it's working out, since I'm pretty much the only sponsor, and that's mostly only because I was given 1 BTC by the guy who won the first draw, and asked to use it to sponsor future draws.

So now I can post the algorithm, that is developed

[...]

# A secret token and secret salt is made for every lottery block of 10 tickets

[...]

Again, please point out any problems with this method.

If the aim is to make it impossible for you to cheat by buying tickets, why are there any secrets?

If knowing the secret seeds would help a player cheat then knowing them would also help you cheat.

And if knowing the secret seeds would not help a player cheat then they don't need to be secret.

I didn't look much deeper into your algorithm, but I see you are using timestamps, which is usually problematic. Who decides the time at which a ticket was purchased. Transactions don't have timestamps, and different peers on the Bitcoin network will see transactions at different times. Are we going to take blockchain.info's word for when they first saw the transaction? If so, that's a point of trust. Or are we using the timestamp of the block containing the transaction? Then we're relying on the miner of that block. When there's 5000 BTC at stake it might be worth discarding a few 25 BTC blocks if their timestamp means we lose the raffle. And so on... But the 'secret' thing stands out as a bigger concern first.

[Snezzy]

So now I can post the algorithm, that is developed

[...]

# A secret token and secret salt is made for every lottery block of 10 tickets

[...]

Again, please point out any problems with this method.

If the aim is to make it impossible for you to cheat by buying tickets, why are there any secrets?

If knowing the secret seeds would help a player cheat then knowing them would also help you cheat.

And if knowing the secret seeds would not help a player cheat then they don't need to be secret.

I didn't look much deeper into your algorithm, but I see you are using timestamps, which is usually problematic. Who decides the time at which a ticket was purchased. Transactions don't have timestamps, and different peers on the Bitcoin network will see transactions at different times. Are we going to take blockchain.info's word for when they first saw the transaction? If so, that's a point of trust. Or are we using the timestamp of the block containing the transaction? Then we're relying on the miner of that block. When there's 5000 BTC at stake it might be worth discarding a few 25 BTC blocks if their timestamp means we lose the raffle. And so on... But the 'secret' thing stands out as a bigger concern first.

Hi dooglus,

First of all, thank you for taking your time to reply on this.

I will try to address your points below:
"If the aim is to make it impossible for you to cheat by buying tickets, why are there any secrets?"
The secret token and secret salt is not put there to prevent organiser from cheating, but this is put there in order for participants not to cheat.
Please notice, that the secret token and salt is made public right after the draw and then participants can reverse engineer to verify that nothing has been altered since they purchased their ticket.
Upon receiving the the payment for at ticket, then the getLotteryHash() is made public along with the timestamp of entry.

"And if knowing the secret seeds would not help a player cheat then they don't need to be secret."
Thats actually a very good point. I guess the random beacon applied after the block is locked would would remove the need for any secret.
I will update algorithm. Thanks.

"I didn't look much deeper into your algorithm, but I see you are using timestamps, which is usually problematic"
I agree that timestamps are usually problematic. But here the timestamp of the ticket only serves as to put ticket into a position and the position is public shown instantly, then I am not sure how this could be problematic. The timestamp of the last ticket is off course also used to determine which date to get the random beacon from, but this is again not known a the time of last purchase.
I am think that off course "swapping positions" could be possible, if not external timestamp is used? But you alreayd know your position upon purchase.
I am not sure why timestamps would be an issue here. But if they are, then this off course needs to be fixed.

So timestamp of your purchase (Which currently is through to be internal server time, UTC) gives you the position in the lottery block (which will be a number between 0 and 9)
This is public the second we receive this.

The timestamp of the last ticket purchased (position 9) will be used as the timestamp for "locking" the lottery block.
The point however is that the random beacon is unknown at this point in time, so it makes no sense to alter with this.

I am more concerned, whether the random beacon is random enough or whether somebody knowing all the factors could manipulate this?

I will revert later with updated algorithm.

[Snezzy]

So an updated algorithm and flow:

1. Points of trust
In order to make something provably fair we need one or more points of trust.
For this lottery algorithm the following 2 places are used:
- blockcypher.com
- https://beacon.nist.gov

blockcypher.com is used to determine the receiving time of payment for a ticket
https://beacon.nist.gov is used to select a random beacon

2. Lottery blocks
We referring to a "lottery block", then I refer to a draw with 10 participants.

2. The flow
2.1 - Buying the ticket
A participant will buy a ticket by sending a fixed amount to a certain bitcoin address
Upon receiving this payment, then users bitcoin address will appear public in the lottery block.

2.2 Completing the lottery block
When payment is received for 10 tickets, then the lottery block is considered complete and a proces will start to determine the various tickets postions in the block as well as "lottery block lock time".
At this time the ticket information will look something like this

$ticket_info_arr = array(
   0   => array('address' => '149PWxjK2Qhk8dstLM1dj1xjK3vMFAqYAQ'),
   1   => array('address' => '1DSWekGtets5FGEDM9sMn8FriRwF5oRoKv'),
   ...
   9   => array('address' => '12jhjtTgCiobesqqXvFuZbePqVKppbyw8Q')
);

2.2.1 - Adding information to tickets
For each of the tickets purchased a call will be made to the API of blockcypher.com to dertermine the their timestamp. (See function getTimeTicketReceivedfor reference)
Tickets are now ordered according to their timestamp from blockcypher.com (in case of equal timestamp down to the millisecond, then algorithm is used to sort, see ticketArraySorter() for reference)

Once this information is collected, then it will all be display public and the draw will start approximately 10 minutes later.

2.2.2 - Get lottery block lock time
The "lottery block lock time" which later will be used to dertermine the url to call for the random beacon is found as the latest timestamp of any transaction in the lottery block.

3. The draw
The draw is based on mt_rand with a seed.

3.1 - Getting the seed
The seed is a combination of the bitcoin addresses in the ordered ticket_info_array and a random beacon found at https://beacon.nist.gov. The timestamp used for calling their API will be lottery block lock time + 10 minutes. Since these random beacon are calculated each minute, then this ensures that no one knows this until after the lottery block is locked. See calculateSeed() as getRandomBeacon() for reference.

So with this approach I belive it will be provably fair.

Here are the functionality:


function getSortedTicketInfoArray($ticket_info_arr) {
   
   foreach ($ticket_info_arr as $key => $ticket_info) {
      $ticket_info_arr[$key]['received'] = getTimeTicketReceived($ticket_info['tx_hash']);
   }
   
   usort($ticket_info_arr, 'ticketArraySorter');
}

function ticketArraySorter($a, $b) {
   $date_time_a = new DateTime($a['received']);
   $date_time_b = new DateTime($b['received']);
   
   if($date_time_a->getTimestamp() == $date_time_b->getTimestamp()) {
      
      if($date_time_a->format('u') == $date_time_b->format('u')) {
         
         $sorter_a = crc32($a['tx_hash']);
         $sorter_b = crc32($b['tx_hash']);
         
         if($sorter_a == $sorter_b) {
            
            $append = 0;
            
            while ($sorter_a == $sorter_b) {
               $sorter_a = crc32($a['tx_hash'].''.$append);
               
               $append++;
            }
         }
         
         return $sorter_a > $sorter_b ? 1 : -1;
         
      } else {
         return $date_time_a->format('u') > $date_time_b->format('u') ? 1 : -1;
      }
      
   } else {
      return $date_time_a->getTimestamp() > $date_time_b->getTimestamp() ? 1 : -1;
   }
}


function getTimeTicketReceived($tx_hash) {
   $url   = 'http://api.blockcypher.com/v1/btc/main/txs/'.$tx_hash;
   $json   = file_get_contents($url);
   $data   = json_decode($json);
   return $data->received;
}

function drawWinner($ticket_info_arr){
   
   $lottery_block_lock_time = getMaxTimeFromTicketInfoArray($ticket_info_arr);
   
   $random_beacon = getRandomBeacon($lottery_block_lock_time);
   
   $seed = calculateSeed($ticket_info_arr, $random_beacon);
   
   mt_srand($seed);
   
   $idx = mt_rand(0, count($address_arr) - 1);
   
   return $address_arr[$idx];
}

function getRandomBeacon($lottery_block_lock_time) {
   $timestamp   = strtotime($lottery_block_lock_time) + 60 * 10;
   
   if($timestamp > time() - 60) {
      return false;
   }
   
   $url      = 'https://beacon.nist.gov/rest/record/'.$timestamp;
   $sxe      = simplexml_load_file($url);
   
   return (string) $sxe->outputValue;
}

function getMaxTimeFromTicketInfoArray($ticket_info_arr) {
   
   $time = null;
   
   foreach ($ticket_info_arr as $ticket) {
      if(is_null($time) || $ticket['time'] > $time) {
         $time = $ticket['time'];
      }
   }
   return $time;
}

function calculateSeed($ticket_info_arr, $random_beacon){
   
   $hashed_addresses = '';
   
   foreach ($ticket_info_arr as $ticket_info){
      $hashed_addresses .= hash_hmac('sha256', $ticket_info->address, $random_beacon);
   }
   
   return crc32($hashed_addresses);
}

- So all secret token and salt is removed.
- Organisers should not be able to gain any advantage.
- Timestamps rely on 3rd party source.

Please feel free to give any comments.

[dooglus]

So an updated algorithm and flow:

1. Points of trust
In order to make something provably fair we need one or more points of trust.
For this lottery algorithm the following 2 places are used:
- blockcypher.com
- https://beacon.nist.gov

I think you are missing the point. Proof and trust are incompatible. We prove the game is fair so that you don't have to trust anyone.

I can tell you that Pythagoras' Theorem is true and show you it stated in a trustworthy publication, or I can prove it to you. Once I have proved it to you, you know it is true even if you don't trust the publication that stated it. Proof removes the need for trust.

blockcypher.com is used to determine the receiving time of payment for a ticket
https://beacon.nist.gov is used to select a random beacon

I would say that you have two holes in your proof. Either one of those two entities could be dishonest - you cannot prove that they aren't.

2. Lottery blocks
We referring to a "lottery block", then I refer to a draw with 10 participants.

2. The flow

It's hard to follow. I think it could use some proofreading and possibly renumbering. What is a "lottery block" exactly?

The seed is a combination of the bitcoin addresses in the ordered ticket_info_array and a random beacon found at https://beacon.nist.gov. The timestamp used for calling their API will be lottery block lock time + 10 minutes. Since these random beacon are calculated each minute, then this ensures that no one knows this until after the lottery block is locked. See calculateSeed() as getRandomBeacon() for reference.

I think you need to specify which version of mt_rand you're using. Its output changes depending on the version of PHP. Better would be to use something more standard so we don't have to install PHP to verify results.

It sounds as if we don't have to trust blockcypher.com at all, because the random beacon has the final say in who wins. In fact why do we even need to use blockcypher.com? What do we lose by simply using the random beacon at block_time + 10 minutes alone to pick the winning ticket? Hash the beacon, divide by 10, and the remainder is the winner. What does simplifying the draw to such an extent take away? I think your currently described system is entirely dependent on the government beacon to decide the winner, so why bother with all the extra complication? If the beacon site is cheating, they can make any ticket win under either system, and if they aren't then both systems are equally "fair".

Or did I miss something?

[Snezzy]

Proof and trust are incompatible

I see and I agree thinking about this. But would that not actually mean, that the use of any random beacon would mean, that it cannot be considered provably fair? This would always rely on some data input from somewhere and no matter whether everybody in the world knows that I (the organizer) would not have any control over this, then it could still be argued that the data source could be dishonest.

On the other hand making something provably fair would (in this case) need some “secret token” or similar as previously mentioned, which then will be public after the draw and user could check this against the hash string they got when purchasing the ticket. But this leaves organizer with edge if he was dishonest as he knows all the factors.
This is a headache.

Question however is, since many point to pevpot, which use provably fair on their site. But there is also some point of trust https://www.pevpot.com/provably-fair to get the “blockHash”. So is this then provably fair?
I am fighting in my head a bit with this term.

It's hard to follow. I think it could use some proofreading and possibly renumbering. What is a "lottery block" exactly?

Yes, this could surely need some explanation, which I will try to do.
Every time 10 lottery tickets are sold, then a draw will happen between these 10 tickets for 20% percent of the combined ticket value. This is what I call a block (in this case a level 1 block).
Let’s say a ticket cost 10 mBTC, then the prize pool in this draw is 20 mBTC.
The winner of a level 1 block will automatically enter into a level 2 block.

A level 2 block is created, when 10 x 10 = 100 tickets are sold (10 level 1 blocks). The 10 winners of their level 1 block will enter into a level 2 block (Which now also holds 10 tickets). Here the prize pool will be 15% of the combined ticket value. (100 x 10 x 15% = 150 mBTC). The winner of a level 2 block draw will automatically enter into a level 3 block.
Level 3 block is created and draw is made when 10 x 10 x 10 = 1000 tickets are sold and so on….
I hope this explains the system a bit better and why I use “lottery block”. Maybe it would be better and more correct to call it a batch instead.
 

It sounds as if we don't have to trust blockcypher.com at all, because the random beacon has the final say in who wins. In fact why do we even need to use blockcypher.com? What do we lose by simply using the random beacon at block_time + 10 minutes alone to pick the winning ticket? Hash the beacon, divide by 10, and the remainder is the winner. What does simplifying the draw to such an extent take away? I think your currently described system is entirely dependent on the government beacon to decide the winner, so why bother with all the extra complication? If the beacon site is cheating, they can make any ticket win under either system, and if they aren't then both systems are equally "fair".
Or did I miss something?

blockcypher.com is used to put the ticket into it’s correct position order by time. So in a lottery batch (block) there are 10 tickets. How would they get their position (0 to 9) if not by at timestamp or some sorting algorithm?
I could rely on when I receive payment internally, but then some API service for receiving money could be down and the participant who should have had position 6, then gets position 8. And then after the draw this person calculates that if he had been in position 6, then he would have won.
So blockcypher.com is for ordering tickets. Also the lastest timestamp in the batch is also used to determine which random beacon to get from government site. One could argue, that organiser could tamper with timestamps internally to get the random beacon that serves his purpose. Am I right ?

I think you need to specify which version of mt_rand you're using. Its output changes depending on the version of PHP. Better would be to use something more standard so we don't have to install PHP to verify results.

Yes, if this is used off course version is needed as I know it has changed during versions. This might be something completely different on live version as long as it produce identical result of identical seeds.

Question:
Since it seems like one has to choose between 100% provably fair and not use any external sources. (As I read your reply then any form of external source, then it is not provably fair)
What system would you prefer:
A provably fair system (where you cannot remove the organiser option to be dishonest)?
Or
A system based on random beacon from some source? (Must rely on external source to be fair, but organiser cannot cheat)

[VTC]

The sources in your example rely on trust.  You need to trust they won't change the data, that their website is up and running, and that they have a complete history of the data (hard drives fail and maybe they didn't make a backup)

The best external source is the blockchain since it's public and unchangeable.  For example, Pevpot uses a blockhash as the external source, and about 2 hours worth of hashing iterations on it.  The blockchain is public and no miner has enough incentive (or power) to undo 2 hours worth of blocks.  

You should look at
https://www.pevpot.com/provably-fair
https://www.pevpot.com/verify
as it is superior to your method.