100 Million Rounds Tested: The Largest Independent Provably Fair Audit Ever Published

100,000,000 Rounds Analyzed

The largest independent provably fair audit ever published

What We Did

We walked the entire publicly available hash chain of a major provably fair casino - 100 million rounds, verified cryptographically from the terminating hash backward using SHA-256. From this dataset, we extracted crash multipliers using the casino's published algorithm and subjected them to the complete NIST SP 800-22 test suite - all 15 statistical tests, the gold standard used by certified testing laboratories worldwide to evaluate random number generators. This is the same framework that regulators like the Nevada Gaming Control Board and organizations like Gaming Laboratories International (GLI) rely on to certify casino software.

This is, to our knowledge, the largest independent provably fair audit ever published. Most verification tools check individual games. We tested the entire system.

The Results

Additional Statistical Tests

All 15 NIST SP 800-22 tests passed, plus all 4 additional statistical tests. One game-specific test - the crash rate check - returned a marginal result. We explain exactly what this means below.

Why NIST SP 800-22 Is the Gold Standard

NIST SP 800-22 (National Institute of Standards and Technology, Special Publication 800-22) is the internationally recognized benchmark for evaluating random number generators. It was developed by the U.S. federal government and is used by:

• Gaming regulators - Nevada Gaming Control Board, Malta Gaming Authority, UK Gambling Commission
• Certified testing labs - Gaming Laboratories International (GLI), eCOGRA, BMM Testlabs
• Cryptographic applications - Military, banking, national security
• Casino software certification - Every major jurisdiction requires NIST-based RNG testing before a casino game can go live

The full suite consists of 15 distinct statistical tests, each designed to detect a different type of non-randomness. Most "provably fair" verification tools on the internet run 1-3 basic checks at most. We run all 15, plus 4 additional tests - on 100 million rounds, not a handful.

When we say this is the largest independent provably fair audit ever published, we mean it in both scale (100M rounds) and depth (complete NIST SP 800-22 suite). No one else publishes this level of analysis.

The Math: What the Marginal Result Means

The casino's algorithm produces an instant crash (1.00x multiplier) through two mechanisms:

• Mechanism 1: If hash % 33 === 0 → instant crash (probability: 1/33 ≈ 3.0303%)
• Mechanism 2: For all other cases, if the calculated multiplier rounds down to 1.00x (probability: approximately 32/33 × 1/100 ≈ 0.9697%)

Our simplified expected rate formula: 1/33 + (32/33)(1/100) ≈ 4.0000%

What we observed across 100 million rounds: 3,994,859 instant crashes = 3.9949%

The difference: 0.0051% - roughly 5,141 fewer crashes than our formula predicted.

Why? Our formula is an approximation. It assumes the two mechanisms (modular arithmetic and floor rounding) are perfectly independent, but there is a tiny overlap in how integer hashing interacts with these operations. The deviation is a precision artifact of our testing formula, not evidence of manipulation.

Plain Language: What Does This Mean for Players?

The Bottom Line

If you bet €1,000 total across many rounds, the difference between what our formula predicted and what actually happened amounts to roughly 5 cents. Over your entire lifetime of playing, you would never notice this difference.

If you bet €100,000 total (which would take most players years), the difference would be about €5.

To put this in perspective: the normal statistical noise in any gambling session is thousands of times larger than this deviation. Your luck on any given day will overshadow this difference completely.

What this means in practice:

• ���� The game is not rigged. All randomness tests passed with strong scores.
• 📊 The house edge works as advertised. The ~3% house edge is real and consistent.
• 🔢 The tiny deviation favors players, not the casino. There were slightly fewer instant crashes than expected - meaning players got marginally better outcomes.
• 🔍 The deviation is in our formula, not in the casino's algorithm. The cryptographic hash chain is mathematically verified.

Why We Publish Imperfect Results

We could have quietly adjusted our formula to make the numbers match perfectly. We didn't.

A real audit publishes what it finds - including the parts that require explanation. The 0.005% deviation is not a flaw in the casino's system. It's a limitation of our approximation formula, and we're transparent about that.

This is what separates a genuine audit from marketing. Anyone can say "verified fair." We show you the data, the methodology, and the edge cases - and let you draw your own conclusions.

Technical Details

Audit Parameters

• Total rounds analyzed: 100,000,000
• NIST sample size: 1,000,000 (randomly sampled from full dataset)
• Verification method: Full SHA-256 hash chain traversal
• Crash multiplier derivation: HMAC-SHA256 with published salt
• Statistical framework: Complete NIST SP 800-22 Rev. 1a (all 15 tests) + 4 additional statistical tests + custom crash rate analysis = 20 tests total
• Minimum multiplier observed: 1.00x
• Maximum multiplier observed: Varies (hash-dependent)
• Audit date: June 2026
• Auditor: FairPlay Audit (fairplayaudit.com)

Why These Results Do NOT Apply to Other Casinos

This is important: a clean audit for one casino says nothing about any other casino. We are sometimes asked whether testing one provably fair platform proves that others are fair too. The answer is no - and here is why, explained both technically and in plain language.

The Technical Explanation

Every provably fair casino implements its own unique combination of:

• Hash function and construction: This casino uses HMAC-SHA256 with the game hash as the message and a fixed salt as the key. Other platforms may reverse the parameter order (hash as key, salt as message), use different HMAC constructions, or chain multiple hash operations.
• Seed / salt values: Every platform has its own cryptographic salt - a unique constant that feeds into every game result. Different salt = completely different output sequence, even with identical hash logic.
• Hash chain structure: The chain here uses SHA-256(previousHash) walking backward from a terminating hash. Other platforms may use different chain lengths, different traversal methods, or entirely different chain architectures.
• Result derivation: How a hash becomes a game outcome (crash multiplier, card, dice roll) varies per platform. This casino extracts 52 bits and applies a specific formula with a 1/33 house edge. Others use different bit extraction, different formulas, different house edges.
• House edge mechanism: Here, hash % 33 === 0 triggers an instant crash. Other casinos implement their edge through different modular operations, different divisors, or entirely different mathematical approaches.

Because every component differs, a statistical anomaly (or its absence) in one system tells you nothing about another system. Each requires independent verification against its own algorithm specification.

The Plain Language Version

Think of it like restaurant health inspections. If one restaurant passes inspection, that does not mean the restaurant next door is clean too. They have different kitchens, different staff, different ingredients, different processes.

It is the same with casinos. Each one has its own "recipe" for generating game results. Even though they all use similar cryptographic ingredients (like SHA-256 hashing), the way they combine those ingredients is completely different.

What does this mean for you as a player?

• A fair result for Casino A does not guarantee Casino B is fair
• Each platform needs to be tested individually with its own data
• If a casino claims "provably fair," that claim needs independent verification - not just a reference to another platform's audit
• Be skeptical of any site that generalizes one audit result across multiple casinos

This is exactly why we exist: to test each system on its own terms, with real data, at scale.

Sources and Methodology

Audit Data Sources

• Hash chain: Publicly available terminating hash and salt, published by the casino operator prior to any games being played
• Verification algorithm: Open-source reference implementation, independently reviewed
• Statistical framework: NIST SP 800-22 Rev. 1a - "A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications" - all 15 tests implemented (Frequency, Block Frequency, Runs, Longest Run, Binary Matrix Rank, DFT Spectral, Non-overlapping Template, Overlapping Template, Maurer Universal, Linear Complexity, Serial, Approximate Entropy, Cumulative Sums, Random Excursions, Random Excursions Variant)
• Sample methodology: 1,000,000 rounds randomly sampled from the full 100M dataset for NIST bit-level tests; aggregate statistics (crash rates, distribution) computed across all 100,000,000 rounds
• Reproducibility: Any party with access to the public hash chain data can independently reproduce these results using the same methodology

Full Audit Report

The complete audit results, including raw test outputs and statistical parameters, are documented in our methodology section. For technical inquiries or to request the full dataset, contact [email protected].

Transparency Notice

Independence statement: This audit was conducted independently, without compensation from or coordination with any casino operator. The analysis is based entirely on publicly available cryptographic data.

FairPlay Audit may enter into affiliate partnerships with casinos that pass our audits. If and when such a partnership exists, it will be clearly disclosed here and on any page containing affiliate links. Our audit methodology and results are never influenced by commercial relationships. The audit you see above was completed and published before any affiliate discussions took place.

We believe transparency about business relationships is just as important as transparency about game fairness. If you have questions about our independence, ask us directly.

What's Next

This is the first in a series of large-scale provably fair audits. Our methodology is open for scrutiny, and we welcome technical feedback. If you're a casino operator interested in having your system independently audited, or a player who wants us to verify a specific platform. And if you're wondering why hash verification alone isn't enough, read Why "Provably Fair" Doesn't Mean Fair, get in touch.

For a focused deep-dive into one platform, see our Stake 1,200+ Games audit where we tested 250,000 rounds from Stake's expanded provably fair system using the same triple-framework methodology.

FairPlay Audit is an independent verification service. We are not affiliated with any casino. Our audits are based on publicly available data and open cryptographic standards. For methodology details, see our methodology page.