The key to understand (and use) ”provably fair games” is to know and understand cryptographic hashes.

### In a nutshell

The process of ”hashing” is one of the most commonly used cryptographic techniques. The principle is quite simple: you take any text-based input and you apply to it a complex algorithm that will transform it into something different. The result is called a ”hash”: the outcome of a hashing function. **But this transformation has two key characteristics:**

- the result will have a fixed size (length), whatever the original input was;
- given any hash, it’s impossible to guess the initial input.

Hashing is therefore a ”one-way” process. A given input will always generate the same hash value. And you can hash anything (a single digit, a few words, a whole book) to get as a result a cryptographic signature of a fixed length (decided by the algorithm you used). But you cannot ”decode” or ”decipher” this signature to reveal what was hashed to generate it.

### Some examples

The hash is usually a long and unintelligible string of numbers and letters, such as:

73475cb40a568e8da8a045ced110137e159f890ac4da883b6b17dc651b3a8049

Even knowing the precise hashing algorithm we used to produce this signature, it would take you thousands of years to figure out which input was used to lead to this particular hash.

The string above is actually the hash of the number ”42”, transformed by the hashing function SHA-256.

Of course, if you knew by advance that the orignal input was a number between 1 and 50, it would have been more easy to guess it from the hash. You would take each number from 1 to 50, one by one, apply the hashing function to it, compare the resulting hash to the one above, and repeat until you get the exact hash we gave you initially.

But if you know nothing about the initial input, there is no way you can guess it by looking at its hash. Hash signatures don’t reveal anything about their original content. See by yourself:

SHA-256 of ”42”:

73475cb40a568e8da8a045ced110137e159f890ac4da883b6b17dc651b3a8049

SHA-256 of ”42.”:

e7f2f01370cad17c7f2f67ced1acd020363b5684976c5aaa97a52a1dd11be59f

SHA-256 of ”forty two”:

15b7fc81acd7f43202e029d3eea86dbe666410f581a07b4336511d1acbbf8dd8

SHA-256 of ”forty-two”:

5cc47001f7c1334db3c568ddbb1c8ee51812aa8e75582ca616b1ec31bf2ddc16

As you can see, changing a single character in the initial input will completely change the resulting hash, in an unpredictable and non-guessable way.

### Main algorithms

Although many hashing functions have been created, the most widely used, especially in the cryptosphere, are SHA-256 and SHA-512.

SHA stands for ”Secure Hash Algorithm” and is developed by the the US National Security Agency (NSA), in association with the National Institute of Standards and Technology (NIST).

SHA-256 generates an (almost) unique 256-bit (32-byte) signature from any textual input. Since a bit has two possible values (0 or 1), the possible number of unique hashes is 2^{256}. Needless to say, that is a huge, colossal number. Some say that this number is bigger than the number of grains of sand on Earth. And that’s the number of possible combinations for all hashes produced with SHA-256.

SHA-256 is used by Bitcoin and many other crypto-currencies to secure and validate the transactions. Another algorithm, SHA-512, is also common and produces, you guessed it, 512-bits signatures.

You can easily find SHA calculators on the Web. They are free to use and you simply have to provide an input to instantly get its hashed signature. For instance, for SHA-256 you can go here or there, and for SHA-512 you can go here or there. Of course, from a given input and with a given hashing function, you will always get the same hash, whatever the website or service you used.

### Simple use-cases

This simple process of hashing texts has plenty of real world applications, for instance for time-stamping content and proving the anteriority of an online publication. Many automatic notary services available today simply create a hash from any documents, and timestamp this hash by recording it on a public blockchain. The documents are therefore ”certified” and their original owner/producer can prove that they owned them or produced them, without having to reveal any of the data in them.

More ambitious, the po.et project intends to generalize the concept to all content distributed online. Although the project is still a work in progress, we use it ourselves: all articles published on ProvablyFair.world are hashed and timestamped on a blockchain (you can access to the proof by clicking on the white sticker with a feather at the bottom of any of our pages).

Of course, hashes are widely used in provably fair gaming. Different mechanisms can be applied, but all provably fair games are provable because, at some point, they provide the hash of the random numbers they use – before any form of betting. The players cannot guess the outcome from the given hash, but they will be able to verify afterwards that the draws were not modified after the betting round.