There seems to be some server side issue (error 502). But, can you clarify your method for picking the ``3 winning tickets at random'' ? I didn't see it written in the page or in your post.
Sorry about the server error, that should be resolved now.
Each deposit address is added to an array according to however many deposits that address has made. We use the standard random python library to pick the first place winner, then remove that one instance of the address from the array. We then run the array against the python library for the second place winner and the same process for the third place winner.
while we may revise this process over time, we have not found any issues operating in this fashion. Users with multiple deposits have a chance to keep winning.
There are two issues: 1) it is not provably fair. 2) if you are using everything standard, then the PRNG is being seeded with the current time. The second issue makes it a lot easier for an attacker to determine what will be the outcome of your lottery.
The lottery is happening once all deposits reach 1 confirmation, which varies depending on network speed. So a timing attack is impossible.
We are currently working on a method to show the lottery is provably fair. How would you suggest doing this with a random drawing?
"impossible" is too strong. The attack can happen by analysis of the previous games, supposing there is a good amount of them a person can estimate how long it takes for all tickets to be sold. Suppose it takes N minutes at average, and since 1 confirmation is relatively fast with Litecoins, the total time required for a draw is just a bit more than N (2 to 5 minutes, lets say). Then, to simplify things, suppose your drawing happens like this one (the seeds you are using are exactly the ones in the following code, it is the standard one used in case you don't give other one):
import time
import random
seed = time.time()
random.seed(seed)
print random.randint(1, 100), random.randint(1, 100), random.randint(1, 100)
print seed
If the person estimated N well enough, then he can do the following:
import time
now = time.time() - 1
for i in xrange(1, 2000000):
test = now + i/1000000.
if test != seed:
continue
random.seed(test)
for j in xrange(3):
print random.randint(1, 100)
break
Note that this is a "relatively" theoretical attack, since it is checking against the unknown seed. For the purposes of this test, for the first piece of code I got the numbers 38 88 12. Which I managed to replicate in the bottom code by brute forcing the seed. If you run this code, it is not guaranteed that it will always find the correct seed, although it does very often in my machine (copy & paste both pieces to the same .py and run). The important thing to take from this is that using the current time as the seed is too weak.
Now your question regarding the provably fair part: you could use the very own blockchain for that. Consider the hash of m blocks; apply simple operations like XORing the hashes, and finally pick the winners from there. The XOR is to make it harder for the case where mining pools discard blocks on purpose to change the outcome of the lottery in their favour (this another "relatively" theoretical attack, but doable). I figure this might require a longer and more detailed explanation, but I'm not sure if you even plan on using a method based on this so I'm saving my time
