Provably Fair System

Every single box open on MysteryBoxAU uses cryptographic proof to ensure outcomes are fair, unpredictable, and independently verifiable by anyone.

What is Provably Fair?

A provably fair system is a method of generating random outcomes where neither the platform nor the player can influence or predict the result. The outcome is determined by a cryptographic hash function that combines inputs from both parties.

Because the server seed hash is published before you open a box, we have mathematically committed to a specific server seed. We cannot change it after the fact — you can verify this by checking that the hash of the revealed seed matches what was shown beforehand.

This is the same technique used by leading crypto gaming platforms worldwide, adapted for Australian prize box entertainment.

How It Works

1. Server Seed Hash Published

Before you open any box, our server generates a random serverSeed and publishes its SHA-256 hash. This commits us to that seed — we cannot change it without you knowing.

2. Your Client Seed Combines With It

Your clientSeed is a random value you set (and can change at any time). It ensures that even if our server seed had a bias, your input makes the combined outcome unpredictable to us.

3. HMAC-SHA256 Generates the Roll

We compute the following to produce your roll (0–9999):

# Message

message = "{clientSeed}:{nonce}"

# Signature

hmac = HMAC-SHA256(serverSeed, message)

# Extract roll from first 8 hex chars

roll = int(hmac[0:8], 16) % 10000

4. Nonce Increments — Seeds Rotate

Each box open increments the nonce by 1. When you rotate seeds, the old server seed is revealed so you can verify every historical roll. A new seed pair begins.

5. Roll Maps to an Item

The roll (0–9999) is mapped against each item's probability weight. Items with higher odds occupy a larger slice of the 10,000-point range. Each box's item page shows exact probability percentages.

Verify a Roll

Enter the seeds and nonce from any box open record to independently compute the roll using your browser's built-in Web Crypto API. No data leaves your device.

Roll Verification Tool

Independently verify any box open result

Frequently Asked Questions

What does 'provably fair' mean?

It means every roll outcome can be independently verified using publicly available cryptographic tools. We cannot manipulate results after you've committed your client seed — the math proves it.

What is a server seed?

A server seed is a random string generated by our server before you open a box. We show you its SHA-256 hash upfront so you know it was committed in advance. The actual seed is revealed when you rotate seeds.

What is a client seed?

A client seed is a random string you provide. It's combined with the server seed so neither party alone can determine the outcome. You can change your client seed at any time from your account settings.

What is a nonce?

A nonce (number used once) is a sequential counter that increments with each box open using the same seed pair. This ensures each roll is unique even with the same seeds.

How is the roll number calculated?

We compute HMAC-SHA256(serverSeed, 'clientSeed:nonce'), take the first 8 hex characters, convert to a 32-bit integer, then apply modulo 10000. This gives a uniform distribution from 0 to 9999.

Can I use a third-party tool to verify?

Yes. Any HMAC-SHA256 calculator will produce the same result. You can use OpenSSL, Python's hmac library, or our built-in tool above.