Draw Sessions
Complete transparency in our draws. Every session uses cryptographically secure randomness from drand (Distributed Randomness Beacon operated by the League of Entropy) combined with HKDF-SHA256 and commit-reveal protocol for provably fair winner selection without replacement.
Select a Pool
Browse completed pools by type and explore the draw session audit details.
Loading pools...
Understanding the Draw & How to Verify
What is this draw system?
Our draw system uses a cryptographically secure, transparent, and verifiable random number generation system. Every step is mathematically provable, and anyone can independently verify that the draw was fair and winners were selected randomly.
Technical Terms Explained
HKDF-SHA256 (Key Derivation Function)
HKDF is a cryptographic algorithm that takes input randomness and produces high-quality random bytes. Think of it as a "randomness extractor" that ensures the final seed used for winner selection is unpredictable and uniformly random. SHA256 is the underlying hash function.
drand (Distributed Randomness Beacon)
drand is a publicly verifiable randomness service run by the League of Entropy — a global network of independent organizations including Cloudflare, Protocol Labs, and universities. It provides randomness that cannot be predicted before it's published, cannot be manipulated by any single party, is publicly verifiable, and is timestamped to a specific "round".
Merkle Tree & Participant Snapshot
A Merkle tree cryptographically commits to the exact participant list at pool close time. Each participant's entry ID is hashed, pairs are combined and hashed again until we have one Merkle root. This allows anyone to verify a specific participant was included without revealing all participants.
Rejection Sampling (Unbiased Selection)
Standard modulo operations (value % N) create bias when N is not a power of 2. Our cryptoRandomInt function eliminates bias using rejection sampling: if the random value falls outside the acceptable range, we retry with new random bytes.
Commitment-Reveal Protocol
Before the draw starts, we publish a "commitment" (a cryptographic hash of a secret value). After all participants join, we "reveal" the secret. Anyone can verify that the revealed value matches the commitment, proving we couldn't have changed it after seeing who participated.
How to Verify This Draw
Step 1: Verify the drand Randomness
Visit the drand API for the session's round. Verify that "randomness" and "signature" match the values shown in the draw session. The BLS signature proves this was published by the League of Entropy.
Step 2: Verify the Commitment
Compute SHA256(commitment_reveal) and verify it matches the commitment hash. This proves we committed to a value before knowing the drand randomness or participants.
Step 3: Verify the Seed Derivation
Use HKDF-SHA256 with IKM = commitment_reveal + drand_signature + drand_randomness + participant_snapshot_hash + pool_id + draw_timestamp, Salt = drand round, Info = "lottery-winner-selection-v1", Length = 32 bytes. The output should match the finalSeed.
Step 4: Verify Winner Selection
For each winner, use HKDF to derive random bytes from the seed, then use cryptoRandomInt(randomBytes, availableEntries) to get the unbiased selection index using rejection sampling.
Why This Matters
Traditional lotteries require you to trust the operator. Our system is different:
- Don't trust, verify: You can independently verify every draw using publicly available data
- Tamper-proof: The commitment prevents us from changing our randomness after seeing participants
- Unpredictable: Using drand (League of Entropy) ensures no one (including us) can predict the outcome before the beacon is published
- Mathematically fair: Every participant has an equal, provable chance of winning
How Our Draw System Works
1. Commitment Phase (At Pool Creation)
A cryptographic commitment hash is generated and stored when the pool is created, before any participants enter. This prevents any manipulation after participants join.
2. Participant Snapshot (At Pool Close)
When the pool closes, all eligible entries are frozen into a Merkle tree and composite hash. This cryptographically commits to the exact participant list at close time.
3. Randomness Source (drand Beacon)
We fetch fresh randomness from drand, a distributed randomness beacon operated by the League of Entropy, ensuring no single party can predict or influence the outcome.
4. Winner Selection (HKDF-SHA256)
All randomness sources are combined using HKDF-SHA256 to generate a cryptographic seed. Winners are selected without replacement using rejection sampling to ensure each participant has equal probability.
5. Verification
Complete cryptographic proofs are stored for every draw, including commitment reveals, drand signatures, participant snapshots, and winner selection proofs. Anyone can verify past draws independently.