GrailDrop
Provably fair

Anyone can verify any opening.

Every drop is derived from a committed server seed, a client seed you control and an incrementing nonce. Re-derive any result yourself — the checks below run entirely in your browser.

How it works
  1. 1
    Server seed hash
    Before any opening, we publish the SHA-256 hash of the active server seed. The hash is committed — it cannot be changed after the fact.
  2. 2
    Client seed
    You set or randomize your own client seed. We can never predict or override it, so we can't steer your results.
  3. 3
    Nonce
    Each of your openings increments a nonce. Combined with the seeds it guarantees every open is unique and reproducible.
  4. 4
    Derive result
    We compute HMAC-SHA256(server_seed, client_seed:nonce). The first 8 hex digits map to a [0,1) roll, which selects your prize from the recorded odds.
  5. 5
    Reveal
    When the server seed rotates, the old seed is revealed. Anyone can re-hash it to confirm the original commit, then re-derive every opening that used it — right here in their browser.
Active server seed
Committed
SHA-256 hash (published — the seed itself stays secret)
Loading…
Your client seed

Sign in to view and control your client seed.

Your recent openings

Sign in to verify your openings.

Manual verifier

Paste any revealed server seed, a client seed and a nonce to re-derive the HMAC and roll. Runs locally in your browser.