This will reuse the idea posted by Ryan and used for Bustabit v2.
Starting with a secret I've generated a chain of 10,000,000 SHA256 hashes. Each element is the hash of the lowercase, hexadecimal string representation of the previous hash. The hash of the chain's last element is
f6c4a94c4a2dd2912fbef23fb68aa56488313a343c9cf6c95e52b8ef74230991 .
Every game maps to a hash in the chain: The 10,000,000th element of the chain is the hash of game #1 and the first element in the chain is the hash of game #10,000,000. To verify that a hash belongs to a game #n, simply hash it n times and compare the result with the terminating hash.
To calculate a game's result from its hash:
const crypto = require("crypto")
function gameResult(seed, salt) {
const nBits = 52 // number of most significant bits to use
// 1. HMAC_SHA256(key=salt, message=seed)
const hmac = crypto.createHmac("sha256", salt)
hmac.update(seed)
seed = hmac.digest("hex")
// 2. r = 52 most significant bits
seed = seed.slice(0, nBits/4)
const r = parseInt(seed, 16)
// 3. X = r / 2^52
let X = r / Math.pow(2, nBits) // uniformly distributed in [0; 1)
// 4. X = 99 / (1-X)
X = 99 / (1 - X)
// 5. return max(trunc(X), 100)
const result = Math.floor(X)
return Math.max(1, result / 100)
Before being used to calculate the corresponding result, each game hash is salted with the lowercase, hexadecimal string representation of the hash of bitcoin block
582,678 .
This block has not been mined yet at the time of starting the provably fair seeding event, proving that I have not deliberately picked a chain that is unfavorable for players.