DEV Community: Rake The latest articles on DEV Community by Rake (@r4ke). https://dev.to/r4ke https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3858273%2Fc767ac70-8178-4356-be66-14c1261ac138.png DEV Community: Rake https://dev.to/r4ke en HMAC-SHA256 in Practice: How Crypto Casinos Generate Provably Fair Game Outcomes Rake Thu, 02 Apr 2026 19:58:15 +0000 https://dev.to/r4ke/hmac-sha256-in-practice-how-crypto-casinos-generate-provably-fair-game-outcomes-3hgn https://dev.to/r4ke/hmac-sha256-in-practice-how-crypto-casinos-generate-provably-fair-game-outcomes-3hgn <p>If you've ever used JWT tokens or API authentication, you've used HMAC-SHA256. But there's a fascinating real-world application of this algorithm that most developers don't know about: <strong>provably fair gambling</strong>.</p> <p>Crypto casinos use HMAC-SHA256 to generate game outcomes in a way that's mathematically verifiable by players. The system is elegant, and the implementation teaches important concepts about commitment schemes and deterministic randomness.</p> <h2> The Commitment Scheme </h2> <p>The security model is simple:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Phase 1 (Before bet): Casino: serverSeed = random() Casino: publishes SHA256(serverSeed) → commitment hash Player: sets clientSeed Phase 2 (During bet): result = Algorithm(HMAC-SHA256(serverSeed, clientSeed:nonce)) Phase 3 (After bet): Casino: reveals serverSeed Player: verifies SHA256(revealed) === commitment ✓ Player: verifies Algorithm(HMAC(revealed, clientSeed:nonce)) === result ✓ </code></pre> </div> <p>The commitment hash ensures the casino can't change the server seed after seeing the player's bet. The client seed ensures the casino can't predict the player's input. Together, they produce deterministic but unpredictable outcomes.</p> <h2> Implementation: Dice </h2> <p>The simplest game. Convert an HMAC hash to a number between 0.00 and 100.00:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">crypto</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">crypto</span><span class="dl">'</span><span class="p">);</span> <span class="kd">function</span> <span class="nf">verifyDice</span><span class="p">(</span><span class="nx">serverSeed</span><span class="p">,</span> <span class="nx">clientSeed</span><span class="p">,</span> <span class="nx">nonce</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">hash</span> <span class="o">=</span> <span class="nx">crypto</span> <span class="p">.</span><span class="nf">createHmac</span><span class="p">(</span><span class="dl">'</span><span class="s1">sha256</span><span class="dl">'</span><span class="p">,</span> <span class="nx">serverSeed</span><span class="p">)</span> <span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">clientSeed</span><span class="p">}</span><span class="s2">:</span><span class="p">${</span><span class="nx">nonce</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="p">.</span><span class="nf">digest</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Take first 8 hex chars (32 bits)</span> <span class="kd">const</span> <span class="nx">int</span> <span class="o">=</span> <span class="nf">parseInt</span><span class="p">(</span><span class="nx">hash</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">8</span><span class="p">),</span> <span class="mi">16</span><span class="p">);</span> <span class="c1">// Map to 0.00 - 100.00</span> <span class="k">return </span><span class="p">(</span><span class="nx">int</span> <span class="o">%</span> <span class="mi">10001</span><span class="p">)</span> <span class="o">/</span> <span class="mi">100</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>The player bets on whether the result will be above or below a target number. The house edge is baked into the payout calculation, not the roll itself.</p> <h2> Implementation: Crash/Limbo </h2> <p>This one's more interesting. Convert a hash into a crash multiplier:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">verifyCrash</span><span class="p">(</span><span class="nx">serverSeed</span><span class="p">,</span> <span class="nx">clientSeed</span><span class="p">,</span> <span class="nx">nonce</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">hash</span> <span class="o">=</span> <span class="nx">crypto</span> <span class="p">.</span><span class="nf">createHmac</span><span class="p">(</span><span class="dl">'</span><span class="s1">sha256</span><span class="dl">'</span><span class="p">,</span> <span class="nx">serverSeed</span><span class="p">)</span> <span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">clientSeed</span><span class="p">}</span><span class="s2">:</span><span class="p">${</span><span class="nx">nonce</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="p">.</span><span class="nf">digest</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">int</span> <span class="o">=</span> <span class="nf">parseInt</span><span class="p">(</span><span class="nx">hash</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">8</span><span class="p">),</span> <span class="mi">16</span><span class="p">);</span> <span class="c1">// House edge: 1 in 101 games crash at 1.00x</span> <span class="k">if </span><span class="p">(</span><span class="nx">int</span> <span class="o">%</span> <span class="mi">101</span> <span class="o">===</span> <span class="mi">0</span><span class="p">)</span> <span class="k">return</span> <span class="mf">1.00</span><span class="p">;</span> <span class="c1">// Inverse distribution: higher multipliers are rarer</span> <span class="kd">const</span> <span class="nx">e</span> <span class="o">=</span> <span class="mi">2</span> <span class="o">**</span> <span class="mi">32</span><span class="p">;</span> <span class="k">return</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">max</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="nb">Math</span><span class="p">.</span><span class="nf">floor</span><span class="p">((</span><span class="nx">e</span> <span class="o">/</span> <span class="p">(</span><span class="nx">int</span> <span class="o">+</span> <span class="mi">1</span><span class="p">))</span> <span class="o">*</span> <span class="mf">0.99</span><span class="p">)</span> <span class="o">/</span> <span class="mi">100</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The probability of reaching multiplier <code>m</code> is approximately <code>1/m</code>. So 2x has ~49.5% chance, 10x has ~9.9%, 100x has ~0.99%. This creates the characteristic exponential distribution that makes Crash exciting.</p> <h2> Implementation: Keno </h2> <p>Keno requires generating 10 unique numbers from a pool of 40:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">verifyKeno</span><span class="p">(</span><span class="nx">serverSeed</span><span class="p">,</span> <span class="nx">clientSeed</span><span class="p">,</span> <span class="nx">nonce</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">picks</span> <span class="o">=</span> <span class="p">[];</span> <span class="kd">let</span> <span class="nx">cursor</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="k">while </span><span class="p">(</span><span class="nx">picks</span><span class="p">.</span><span class="nx">length</span> <span class="o">&lt;</span> <span class="mi">10</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">hash</span> <span class="o">=</span> <span class="nx">crypto</span> <span class="p">.</span><span class="nf">createHmac</span><span class="p">(</span><span class="dl">'</span><span class="s1">sha256</span><span class="dl">'</span><span class="p">,</span> <span class="nx">serverSeed</span><span class="p">)</span> <span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">clientSeed</span><span class="p">}</span><span class="s2">:</span><span class="p">${</span><span class="nx">cursor</span><span class="p">}</span><span class="s2">:</span><span class="p">${</span><span class="nx">nonce</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="p">.</span><span class="nf">digest</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="k">for </span><span class="p">(</span><span class="kd">let</span> <span class="nx">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nx">i</span> <span class="o">&lt;</span> <span class="nx">hash</span><span class="p">.</span><span class="nx">length</span> <span class="o">&amp;&amp;</span> <span class="nx">picks</span><span class="p">.</span><span class="nx">length</span> <span class="o">&lt;</span> <span class="mi">10</span><span class="p">;</span> <span class="nx">i</span> <span class="o">+=</span> <span class="mi">8</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">value</span> <span class="o">=</span> <span class="nf">parseInt</span><span class="p">(</span><span class="nx">hash</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="nx">i</span><span class="p">,</span> <span class="nx">i</span> <span class="o">+</span> <span class="mi">8</span><span class="p">),</span> <span class="mi">16</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">tile</span> <span class="o">=</span> <span class="p">(</span><span class="nx">value</span> <span class="o">%</span> <span class="mi">40</span><span class="p">)</span> <span class="o">+</span> <span class="mi">1</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">picks</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">tile</span><span class="p">))</span> <span class="nx">picks</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">tile</span><span class="p">);</span> <span class="p">}</span> <span class="nx">cursor</span><span class="o">++</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">picks</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>The interesting part is collision handling — if the modulo operation produces a number already picked, it's skipped and the next chunk of the hash is used. If the hash runs out, a new one is generated with an incremented cursor.</p> <h2> Implementation: Mines </h2> <p>A 5x5 grid where N tiles contain mines. The hash determines mine positions via a Fisher-Yates shuffle:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">function</span> <span class="nf">verifyMines</span><span class="p">(</span><span class="nx">serverSeed</span><span class="p">,</span> <span class="nx">clientSeed</span><span class="p">,</span> <span class="nx">nonce</span><span class="p">,</span> <span class="nx">mineCount</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">hash</span> <span class="o">=</span> <span class="nx">crypto</span> <span class="p">.</span><span class="nf">createHmac</span><span class="p">(</span><span class="dl">'</span><span class="s1">sha256</span><span class="dl">'</span><span class="p">,</span> <span class="nx">serverSeed</span><span class="p">)</span> <span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="s2">`</span><span class="p">${</span><span class="nx">clientSeed</span><span class="p">}</span><span class="s2">:</span><span class="p">${</span><span class="nx">nonce</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="p">.</span><span class="nf">digest</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">tiles</span> <span class="o">=</span> <span class="nb">Array</span><span class="p">.</span><span class="k">from</span><span class="p">({</span> <span class="na">length</span><span class="p">:</span> <span class="mi">25</span> <span class="p">},</span> <span class="p">(</span><span class="nx">_</span><span class="p">,</span> <span class="nx">i</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">i</span><span class="p">);</span> <span class="k">for </span><span class="p">(</span><span class="kd">let</span> <span class="nx">i</span> <span class="o">=</span> <span class="nx">tiles</span><span class="p">.</span><span class="nx">length</span> <span class="o">-</span> <span class="mi">1</span><span class="p">;</span> <span class="nx">i</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">;</span> <span class="nx">i</span><span class="o">--</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">idx</span> <span class="o">=</span> <span class="p">((</span><span class="nx">tiles</span><span class="p">.</span><span class="nx">length</span> <span class="o">-</span> <span class="mi">1</span> <span class="o">-</span> <span class="nx">i</span><span class="p">)</span> <span class="o">*</span> <span class="mi">2</span><span class="p">)</span> <span class="o">%</span> <span class="nx">hash</span><span class="p">.</span><span class="nx">length</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">j</span> <span class="o">=</span> <span class="nf">parseInt</span><span class="p">(</span><span class="nx">hash</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="nx">idx</span><span class="p">,</span> <span class="nx">idx</span> <span class="o">+</span> <span class="mi">2</span><span class="p">),</span> <span class="mi">16</span><span class="p">)</span> <span class="o">%</span> <span class="p">(</span><span class="nx">i</span> <span class="o">+</span> <span class="mi">1</span><span class="p">);</span> <span class="p">[</span><span class="nx">tiles</span><span class="p">[</span><span class="nx">i</span><span class="p">],</span> <span class="nx">tiles</span><span class="p">[</span><span class="nx">j</span><span class="p">]]</span> <span class="o">=</span> <span class="p">[</span><span class="nx">tiles</span><span class="p">[</span><span class="nx">j</span><span class="p">],</span> <span class="nx">tiles</span><span class="p">[</span><span class="nx">i</span><span class="p">]];</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">tiles</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="nx">mineCount</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Key insight: <strong>mine positions are fixed before the player clicks any tile</strong>. The server seed was committed before the bet, so the casino can't react to player choices.</p> <h2> Why This Matters Beyond Gambling </h2> <p>The commitment scheme pattern used here is applicable to:</p> <ul> <li> <strong>Fair coin flips in distributed systems</strong> — two parties contribute randomness</li> <li> <strong>Sealed-bid auctions</strong> — commit to a bid before revealing</li> <li> <strong>Random selection in DAOs</strong> — verifiable random committee selection</li> <li> <strong>Fair NFT minting</strong> — prove rarity was pre-determined</li> </ul> <p>The core principle — "commit, then reveal, then verify" — is one of the most useful patterns in applied cryptography.</p> <h2> Try It </h2> <p>I built a browser-based tool that implements all these algorithms: <a href="https://rakestake.com/verify" rel="noopener noreferrer">rakestake.com/verify</a></p> <p>Select a casino, paste your seeds, and it runs the verification client-side. No backend, no data transmission. The same code shown in this article.</p> <p><em>This is part of <a href="https://rakestake.com" rel="noopener noreferrer">Rakestake</a>, a platform for crypto casino verification tools and rakeback rewards. The verification tools are free and open-source | Also available on <a href="https://github.com/rakestake/provably-fair-verifier" rel="noopener noreferrer">GitHub</a>.</em></p> cryptography javascript webdev security