What an RNG is and why there is so much talk about it
An RNG (Random Number Generator) is an algorithm that produces unpredictable numbers. In the context of Lucky Jet and other crash games, it is the RNG that determines the moment the pilot "crashes" and what the round's final multiplier will be.
Purely technically, computers have no "true" randomness — all algorithms are deterministic. What we call "random" is in fact pseudo-random numbers derived from some seed. If you know the seed and the algorithm, the result becomes predictable. So the key question for an online casino is: who generates the seed and how, and whether it can be controlled or verified.
This is exactly what distrust of online casinos has historically revolved around. If a casino controls the seed entirely and single-handedly, then in theory it can pick seeds that are unfavorable to players. For a long time it was impossible to prove or disprove this publicly. Provably Fair was devised as an answer to exactly this problem.
The old model: "trust the casino and its auditor"
Classic online casinos work on this scheme:
- The casino obtains a license from a regulator (Curaçao, the Malta Gaming Authority, the UK Gambling Commission, etc.).
- The regulator requires the casino to use a certified RNG.
- Certification is done by independent laboratories: eCOGRA, GLI, iTech Labs, BMM Testlabs.
- The lab receives a large sample of results and checks them statistically — for uniformity of distribution, the absence of patterns, and conformity with the stated RTP.
- If everything is in order, a certificate is issued, which the casino shows to players.
This works on average, but the model has a fundamental problem: a player cannot verify a specific round. Only the lab can, only statistically, only after the fact. If in one specific round you lost a large bet and suspect that something is wrong, the only way to "dispute" it runs through the support service of the casino itself, its regulator, and potentially a court. In practice, few people do this.
Provably Fair closes this gap. You can verify any round right now, in the browser, without the help of an auditor or a regulator.
Provably Fair: three ingredients
The Provably Fair approach appeared around 2014 in crypto casinos (SatoshiDice, Bustabit, and the like), and later became standardized across the industry. It uses three key components — all of them visible to the player in a special section of the game settings.
| Component | Who generates it | When the player sees it | What it is for |
|---|---|---|---|
| server_seed | The casino server | SHA-256 hash before the round; the seed itself — after | The basis of randomness. Proves the casino didn't swap the result |
| client_seed | The player (or auto) | At any time in the settings | Guarantees the casino didn't pick the server seed specifically for the client |
| nonce | The server, automatically | Openly; increases by 1 each round | Makes each round of the series unique with the same server_seed |
The idea is simple. Before a series of rounds begins, the server generates a server_seed
(a long random string), computes a SHA-256 hash of it, and
publishes only the hash. The seed itself stays secret until
the end of the series. Because SHA-256 is irreversible, it is impossible to learn the seed
from the hash — but it is locked in.
The player can set any client_seed (their own value). After
the series of rounds ends, the server reveals the server_seed.
The player can then immediately:
- Compute the SHA-256 of the revealed
server_seedand compare it with the hash published in advance — this proves the seed was not changed in the process. - Recalculate the multiplier of each round themselves from
server_seed,client_seed, andnonce, and compare it with what was actually shown.
If both checks match, the round is honest.
How a multiplier is obtained from a hash
This is the technical part. If you just want to understand that "the casino isn't cheating", you can skip ahead to the next section. If you're interested in exactly how the math works, let's continue.
The specific formula for converting a hash into a crash multiplier differs between games and operators. But the general template is almost identical across all crash games:
- Take
HMAC-SHA256(server_seed, client_seed:nonce)— this gives a 64-character hex string. - From its first part (usually 8 or 13 hex characters) an integer is taken.
- This number is divided by the maximum possible value — giving a fraction from 0 to 1.
- The fraction is converted into a crash multiplier by a formula of the form
(1 / (1 − x)) × (1 − house_edge), which gives a Pareto distribution: most rounds get low multipliers, rare ones get very high ones. - If the result is below 1.00, the round counts as an "instant crash" (a 1.00× multiplier). The share of such rounds corresponds to the casino's house edge (around 3%).
The distribution of multipliers is not uniform, but heavily skewed to the right (a Pareto distribution). This means: most crash rounds happen before 2.00×, while multipliers of 100×+ occur in thousandths of a percent of rounds. This is not "unfair" — it is a mathematical consequence of the formula, and it is what ensures a 97% RTP.
How to verify a round yourself
Suppose you played a series of rounds. After the series ends (or after
changing the client seed — which usually automatically closes the series),
the casino reveals the server_seed. You have on hand:
published_hash— the SHA-256 hash you saw BEFORE the seriesserver_seed— revealed by the server after the seriesclient_seed— your client seednonce— the number of the specific round in the seriesactual_multiplier— the actual multiplier of this round (visible in the history)
Here is a minimal Python script that checks both conditions. Save it to a
file named verify.py, fill in the values, and run
python3 verify.py:
# verify.py — verification of a single Provably Fair round
import hashlib, hmac, math
# 1. What we received from the casino:
published_hash = "a3f5...e91d" # SHA-256 of server_seed, published before the series
server_seed = "7b2c...43a8" # revealed by the casino after the series
client_seed = "my_random_seed"
nonce = 42 # round number in the series
actual_multiplier = 2.47 # from the round history
# 2. Check #1: the casino did not swap server_seed
recalculated = hashlib.sha256(server_seed.encode()).hexdigest()
assert recalculated == published_hash, "❌ Hash mismatch — the casino changed the seed!"
print("✓ Hash matches: server_seed was not swapped")
# 3. Check #2: recalculate the multiplier
message = f"{client_seed}:{nonce}".encode()
key = server_seed.encode()
h = hmac.new(key, message, hashlib.sha256).hexdigest()
# Take the first 13 hex characters (52 bits), convert to a number
x = int(h[:13], 16)
e = 2**52
# Multiplier formula (typical for crash games)
if x == 0:
multiplier = 1.00
else:
multiplier = math.floor((100 * e - x) / (e - x)) / 100
print(f"Recalculated multiplier: {multiplier}×")
print(f"Actual multiplier: {actual_multiplier}×")
If both asserts pass and the recalculated multiplier matches the actual one, the round is honest. If something differs, that is a serious reason not to play at this casino and to publish the fact of the discrepancy.
An important caveat about the formula: the exact algorithm for converting a hash into a multiplier differs between games. Lucky Jet by Gaming Corps does not publish its formula publicly — it can be reconstructed by reverse-engineering the client code or from operator documentation. Most crash games follow the template shown above, but the specific constants (the length of the hex slice, the conversion formula, the house edge) may differ.
What Provably Fair does not guarantee
Provably Fair is a powerful defense against one specific type of fraud: rigging a round's result after the fact. But it is not a cure-all. Here is what this system does not do.
It does not reduce the house edge
The RTP stays at 97%; on average the player loses 3% of every bet. Provably Fair guarantees the honesty of the process, not the profitability of the result. If you play a thousand honestly generated rounds with a negative expected value, you will lose money. Just like in an honest lottery with a 50% RTP.
It does not protect against the choice of a "bad" server seed
Technically, before a series the casino can generate a thousand candidate
server_seed values, see what multiplier distributions
they give, and choose the least favorable for the player. The hash will be of the chosen
seed — formally everything is "honest", but in reality the casino used
foreknowledge. This attack is called a selection attack.
The defense against this is to set your own client_seed manually.
If the client seed is set by the player (and not the server), the casino
does not know in advance what the resulting multiplier will be, and cannot "pick" it.
It does not replace a regulator's license
Provably Fair solves only one task — the mathematical verification of a round. All other aspects of an online casino (payouts, data protection, addiction prevention, KYC, AML) lie in the domain of regulators and licenses. You can have Provably Fair and still refuse to pay out winnings on far-fetched grounds — these are different things.
It does not make the game "smarter"
The fact that you can verify a round's result after it ends
does not help you predict the next round in any way. To
predict it you would need the server_seed, and it is revealed
only after the series. Any "signals", "predictions", and "algorithms"
that claim to predict Provably Fair rounds are a scam.
More on this in the article
"The truth about signals".