Hash Chain vs. Per-User Seeds - Why Some Casinos Are Easier to Audit Than Others
Not all provably fair works the same way. Hash chains let anyone audit millions of rounds. Per-user seeds protect individual privacy but make system-wide verification harder.
When a crypto casino says provably fair, most players assume that means the same thing everywhere. It doesn't. There are two fundamentally different architectures behind that label - and they have very different implications for independent verification.
One lets anyone on earth audit 100 million rounds without asking permission. The other requires the casino's cooperation - or thousands of individual players sharing their data. Neither architecture is inherently unfair. But one is significantly easier to verify from the outside.
Here's what every player should understand about the difference.
Architecture 1: The Public Hash Chain
Casinos like Bustabit, Roobet, and BC.Game use a system called a hash chain. Here's how it works in plain English:
Before a single round is played, the casino generates millions of game results in advance. These results are linked together like a chain - each one is mathematically derived from the one before it. The starting point of this chain is published publicly, often tied to a Bitcoin block hash that nobody could have predicted.
The key point: every player sees the same game result. In a crash game, when the multiplier hits 2.37x, that's the same 2.37x for everyone at the table. One seed, one chain, one result per round.
This means anyone - a player, a researcher, a journalist, or an auditor like us - can take that public chain and reconstruct every single round. We did exactly that with Bustabit: 100 million rounds, verified against the NIST SP 800-22 statistical test suite. No permission needed. No cooperation required. The data is simply public.
How it works technically
The casino publishes a terminating hash and a public salt (usually a Bitcoin block hash). Starting from the terminating hash, each previous game hash is derived by applying SHA-256. The crash multiplier for each round is then calculated using HMAC-SHA256 with the public salt as the key and the game hash as the message.
Because the salt comes from a Bitcoin block that didn't exist when the chain was created, the casino couldn't have manipulated the results after the fact. And because the entire chain is public, anyone can verify every single round.
Architecture 2: Per-User Seeds
Casinos like Stake.com use a different approach. Instead of one chain for everyone, each player gets their own set of cryptographic seeds:
- Server seed - generated by the casino, kept secret until you rotate it
- Client seed - chosen by you (or auto-generated)
- Nonce - a counter that increments with each bet
Your game result is calculated from all three: HMAC-SHA256(server_seed, client_seed:nonce:cursor). This means every player gets different results, even in the same game at the same time.
You can verify your own bets after you rotate your server seed (which reveals it). This is genuine provably fair - for your individual session.
The verification challenge
Here's where the two architectures diverge in terms of auditability:
With a hash chain, we can test the entire system - millions of rounds, the full statistical picture. We can detect patterns, biases, or anomalies that only become visible at scale.
With per-user seeds, each player can only verify their own bets. To audit the overall system, you would need seed data from thousands of players - and that data is private. It belongs to each individual player. The casino has access to all of it, of course, but sharing it would raise privacy concerns.
This isn't a design flaw. It's a trade-off. Per-user seeds give players individual control over their randomness input (the client seed). Hash chains give the public full transparency over the entire game history. Both approaches have legitimate reasons to exist.
What this means for players
| Hash Chain | Per-User Seeds | |
|---|---|---|
| Examples | Bustabit, Roobet, BC.Game | Stake.com, Duelbits, Gamdom |
| Verify your own bets | Yes | Yes |
| Verify all rounds (system-wide) | Yes - public data | Requires aggregated seed data |
| Independent statistical audit | Fully possible from outside | Limited without cooperation |
| Player input on randomness | No (salt is fixed) | Yes (client seed) |
| Same result for all players | Yes | No (individualized) |
Neither system is better in absolute terms. Hash chains maximize public transparency. Per-user seeds maximize individual player control. A casino using per-user seeds isn't hiding anything - it's using an architecture that prioritizes different values.
How we handle this at FairPlay Audit
Our approach is straightforward: we audit what the data allows us to audit.
For hash chain casinos, we run the full battery - up to 100 million rounds through 15 NIST SP 800-22 statistical tests. The data is public, the methodology is reproducible, and anyone can verify our results.
For per-user seed casinos, a full system-wide audit would require access to aggregated, anonymized seed data. We've reached out to several casinos to explore this possibility. Some conversations are ongoing. We won't publish an audit score without sufficient data to support it - that would be dishonest.
On our tracker, casinos where we haven't been able to run a complete statistical audit are listed as Pending. That's not a judgment - it's a statement about data availability.
Could per-user seed casinos be audited?
Yes - in theory and in practice. There are several paths:
- Casino cooperation: The casino shares anonymized, aggregated seed data with an independent auditor. Player privacy is preserved because individual seeds are stripped of identifying information. The auditor runs the same NIST tests on the aggregated dataset.
- Community seed collection: Players voluntarily share their revealed server seeds after rotation. With enough data points from enough players, a meaningful statistical picture emerges. Some open-source projects are already working on this.
- Hybrid approach: The casino publishes periodic statistical summaries (distribution of outcomes, chi-square results) that anyone can cross-reference against their own play history.
We would welcome any of these approaches. The more data available for independent verification, the better it is for players - regardless of the underlying architecture.
The bottom line
When you see provably fair, ask one question: can someone outside the casino verify the entire system, or only individual bets?
Both architectures can produce genuinely fair outcomes. But if independent, large-scale statistical verification matters to you - and we believe it should - then the underlying architecture determines what's possible.
We'll keep auditing every casino where the data allows it. And we'll keep talking to casinos where it doesn't - because more transparency is always better for players.
Next Step
Verify Your Casino Bets Yourself
Our step-by-step guide walks you through the exact verification process. No tools needed, no trust required. If the casino is honest, the math will prove it.
How to Verify Provably Fair Games →Want to verify your own bets? Visit the FairPlay Audit Tracker for full audit reports and methodology details.