This will reuse the idea posted by Ryan and used for Bustabit v2.

Starting with a secret I've generated a chain of 10,000,000 SHA256 hashes. Each element is the hash of the lowercase, hexadecimal string representation of the previous hash. The hash of the chain's last element is

** f6c4a94c4a2dd2912fbef23fb68aa56488313a343c9cf6c95e52b8ef74230991 **.

Every game maps to a hash in the chain: The 10,000,000th element of the chain is the hash of game #1 and the first element in the chain is the hash of game #10,000,000. To verify that a hash belongs to a game #n, simply hash it n times and compare the result with the terminating hash.

To calculate a game's result from its hash:

const crypto = require("crypto")

function gameResult(seed, salt) {

const nBits = 52 // number of most significant bits to use

// 1. HMAC_SHA256(key=salt, message=seed)

const hmac = crypto.createHmac("sha256", salt)

hmac.update(seed)

seed = hmac.digest("hex")

// 2. r = 52 most significant bits

seed = seed.slice(0, nBits/4)

const r = parseInt(seed, 16)

// 3. X = r / 2^52

let X = r / Math.pow(2, nBits) // uniformly distributed in [0; 1)

// 4. X = 99 / (1-X)

X = 99 / (1 - X)

// 5. return max(trunc(X), 100)

const result = Math.floor(X)

return Math.max(1, result / 100)

Before being used to calculate the corresponding result, each game hash is salted with the lowercase, hexadecimal string representation of the hash of bitcoin block

** 582,678 **.

This block has not been mined yet at the time of starting the provably fair seeding event, proving that I have not deliberately picked a chain that is unfavorable for players.