Provably fair is a cryptographic protocol that lets a player verify, after the fact, that a single spin or hand was generated from a seed the casino committed to before the round started. It is a transparency mechanism that prevents one specific kind of cheating (the operator changing the outcome after seeing the bet) and does nothing about every other kind. This entry explains what the verification mechanism does, what it does not do, and where the badge actually matters on a casino verdict.
Snapshot. Provably fair binds the round outcome to a seed pair (server seed, client seed) committed in advance via SHA-256 hash. After the round, the seeds are revealed and any player can re-hash to confirm the outcome was not altered. It does not prove the RTP. It does not audit the slot provider. It is one signal on the brand vibe axis, useful where it is real and uninformative where the brand uses the term loosely.
What provably fair means in three commit-reveal steps
The cryptographic fairness protocol works on a commit-reveal pattern that has been part of cryptography for forty years and has been used by crypto-first casinos since around 2014. Three steps cover the entire procedure.
1. Commit. Before any round is played, the casino generates a server seed (a random string) and publishes the SHA-256 hash of that seed to your account. The hash is a one-way function: it is computationally infeasible to derive the original seed from the hash alone. You also choose or are assigned a client seed, which goes into the same calculation.
2. Play. You place bets while the seed pair is active. The outcome of each round is computed deterministically from the seed pair plus a counter (the nonce) that increments by one per round. The casino cannot change the seed mid-session without you noticing, because the SHA-256 hash you saw at commit time would no longer match the revealed seed.
3. Reveal and verify. When you rotate the seed pair (manually, or automatically at a set interval), the casino reveals the server seed. You take the revealed server seed, the client seed, and the nonces from your bet history, hash them yourself, and confirm the outcomes match what was paid out. Tools like the casino's own verification page, or third-party scripts on GitHub, do this for you.
Overall, the whole protocol is one paragraph of cryptographic logic. There is no proprietary technology, no audit committee, no certificate body involved.
How a spin is verified from commit to reveal, end to end
The walkthrough is concrete enough to do by hand if you want to. Most players never do, which is fine, because the existence of the verification mechanism disciplines the casino more than the actual cryptographic verification by any single player.
| Phase | Player sees | Casino does |
|---|---|---|
| Account setup | SHA-256 hash of server seed displayed in cashier | Generates server seed, stores it, publishes hash only |
| Bet placed | Spin or hand plays normally with payout | Computes outcome from HMAC-SHA256(server_seed, client_seed:nonce) |
| Multiple bets | Bet history accumulates with nonces 1, 2, 3, ... | Continues using same seed pair, incrementing nonce |
| Seed rotation | Player clicks "rotate" or system auto-rotates | Reveals current server seed, generates a new one, publishes new hash |
| Verification | Hashes revealed seed, compares to original commit hash | Provides verification tool, but cannot interfere |
| Outcome check | Re-runs the same HMAC formula offline, confirms each round's outcome | Cannot change historical outcomes |
In short, the verification confirms one specific thing: the casino did not alter the outcome of any round after the bet was placed. That is the whole guarantee.
What provably fair verification does not actually guarantee
However, the badge is widely abused. Five things provably-fair does not prove, and brands that imply otherwise are doing brand-vibe damage on the scorecard.
The list of things provably-fair leaves untouched.
- It does not prove the RTP is fair. The casino can set the house edge inside the formula at any level it wants, and the protocol just confirms the level was honoured.
- It does not prove the slot was honest. Third-party slot games from Pragmatic, NetEnt, Hacksaw, and others are not provably-fair in this sense; their RNG is audited separately. The badge applies only to in-house games (Stake Originals, BC Originals, Shuffle Originals).
- It does not audit the casino. A provably-fair casino can still freeze withdrawals, run hostile KYC, or close accounts on a winning streak. See the KYC entry and the curacao vs mga entry.
- It does not prove the player got a fair seed. If the client seed is auto-generated by the casino instead of chosen by the player, the casino retains enough degrees of freedom in the seed pair to bias short-term outcomes within statistical noise.
- It does not prevent collusion in poker or other multi-player games. The protocol confirms card distribution was deterministic from the seed; it does not detect bot accounts at the same table.
A casino with a provably-fair page that explains all five of these limitations is doing transparency right. In contrast, a casino that markets "provably fair" as a generic trust badge across its whole platform is doing transparency-theatre.
Where this transparency protocol lands on the six-axis scorecard
Provably fair shows up on the brand-vibe axis of my editorial scorecard, not on a separate axis. Indeed, it is a marketing signal about how the casino positions itself, not a separate guarantee that maps to any of the other five axes.
- Brands with a clean provably-fair page, in-house games that are genuinely commit-reveal, and clear disclaimers about what this commit-reveal mechanism does not prove → score up on brand vibe.
- Brands that print "provably fair" on the homepage but route every game through a third-party slot integration with no actual seed mechanism → score down on brand vibe.
- Brands with provably-fair on Originals only, surfaced transparently → neutral. This is the modal pattern across the crypto-first brands on the feedbacks index.
The other five axes (cashier behaviour, bonus math, support quality, KYC handling, wallet timeline) are independent. A provably-fair brand can still fail any of them.
Tools for independent seed re-hashing and verification
Manual verification is not the usual flow. Most players use the casino's own verification tool, which is a one-click button next to the bet history. For independent verification, the tools below cover most game types.
Casino's own page. Every reputable provably-fair brand offers a verification page in the cashier or account settings. Stake's is at /provably-fair; Shuffle's is in the bet history flyout. Use it as a first pass.
Independent JS calculator. Several open-source HTML calculators on GitHub let you paste in the server seed, client seed, and nonce range, and they print the outcomes. Useful when you want to confirm the casino's own tool against an outside implementation.
Hash check. Take the revealed server seed and run it through any SHA-256 hash function (echo -n "seed" | sha256sum on a Linux terminal). Compare the output to the hash you were shown at commit time. They must match exactly.
Bet history export. Download the CSV export of your bet history (most provably-fair brands offer this) and re-run the verification on the full nonce range, not just spot checks.
The cryptography is open. The implementations are open. Moreover, the verification path is the same on every brand that runs the protocol genuinely.
Brands across my index that ship PF verification correctly
Of the brands on my current verdicts index, five run provably-fair on their Originals or in-house section: Stake, Shuffle, Gamdom, BetFury, and Duel. The other five (Vavada, Vodka, Fairspin, 1xSlots, and the rotating tenth slot) either do not ship in-house games or do not surface a provably-fair page.
Cross-reference. The Stake verdict carries a clear provably-fair page with a published seed-rotation interface and a documented HMAC formula. The Shuffle verdict ships a similar page for its Originals. The Gamdom verdict ships provably-fair for its slot-like Originals but with a less detailed disclaimer about what the protocol does not prove. The brand-vibe score reflects the difference, not the protocol itself.
For the deeper take on what crypto-first transparency means beyond provably-fair, see the crypto vs traditional essay on the blog.
FAQ on provably fair RNG transparency
The questions below are the most common reader queries on this topic over the testing window.
Is provably-fair safer than a regular casino RNG?
Not exactly. A traditional RNG with a third-party audit certificate (iTech Labs, eCOGRA, GLI) is statistically tested across millions of rounds to confirm randomness. Provably-fair lets you verify individual rounds yourself but does not test randomness across the population. Both are valid; they protect against different attack vectors. A brand with both an audited RNG and a provably-fair Originals section is stronger than one with either alone.
Why are third-party slots not provably-fair?
The provably-fair protocol requires the casino to control seed generation, which is not possible when the slot is rendered inside a Pragmatic, Hacksaw, or NetEnt iframe with the provider's own RNG. The provider audits its RNG separately with a regulator-approved testing lab; the casino does not have the seed access required to commit-reveal. Both models can be honest; they are just different mechanisms.
Can a casino fake provably-fair?
It can fake the marketing, not the mathematics. If a brand publishes a verification page and the SHA-256 hash matches the revealed seed for every rotation, the cryptography holds. What a brand can fake is the cashier UX: a page that talks about provably-fair without an actual verify button, a verify button that always returns "valid" without computing anything, or a seed-rotation flow that never actually exposes the server seed. All three are catchable by manual verification or by an independent tool.
Technical verification questions
What if I rotate the seed and the hash does not match?
That is the single failure mode the protocol is designed to detect. If you can demonstrate a hash mismatch on a brand that claims provably-fair, the brand has committed fraud and you have provable evidence. In practice, hash mismatches at reputable provably-fair brands are in practice never reported, because the cryptography is hard to fake. Mismatches at brands that market the term loosely are more common, and they are usually a sign the brand never implemented the protocol at all.
Does provably-fair affect my withdrawal speed?
No. Provably-fair is a game-level guarantee about individual rounds. Withdrawal speed is determined by the cashier, the [KYC pipeline](/glossary/kyc-explained/), and the [licence regime](/glossary/curacao-vs-mga/). The protocol does not interact with the cashier flow.
How do I check if a casino's provably-fair claim is real?
Three quick checks. First, find the verification page on the brand's own site (it should be in the cashier or footer; if it is not, the claim is marketing-only). Second, rotate the seed and confirm the verification page shows the previous server seed and lets you re-hash it. Third, on a single rotated round, take the seed pair and nonce, run them through an open-source script offline, and confirm the outcome matches what the casino paid. If all three pass, the protocol is real.
Related entries on Casino Feedback
- RTP vs hit frequency covers what provably-fair specifically does not prove about return to player.
- Rakeback explained covers the loyalty math the same crypto-first brands lean on.
- Curaçao vs MGA covers the licence regime that decides what happens outside the round itself.
- The crypto vs traditional essay on the blog goes deeper on the crypto-first model around the protocol.
Questions on a specific brand's implementation go to smartseokings@gmail.com. Replied within twenty-four hours.
Verify the provably fair hash before the session ends, not after a disputed outcome. The seed and nonce are available in the game history. Verifying two or three outcomes per session establishes the audit habit and confirms the RNG is running the published algorithm.