Secret Keys

In order to ensure that there is no way for us to change the outcome of a bet the secret keys we use in the hash are decided ahead of time. We don't release them right away, since they could be used to submit selective transactions and win bets unfairly. However, we do release the hash of the secrets so that users can verify that we haven't changed them.

Days

Each bet transaction that comes in is assigned to the secret key of the current day when it is first processed. In most cases this will be as soon as the transaction is broadcast on the bitcoin network. However it could be later if we have some problems processing or have an outage. All times are in GMT.

Hash File

We have a file of all the hash keys for the next 10 years: hash.keys This file can be verified in several ways. The simplest is to simply download and keep a copy of that file. If ever your copy and the copy we are distributing disagree there is something awry. The other way is to use a package called BitcoinTimestamp. This is something I wrote which stores a sha256 sum in the bitcoin network as a transaction. Since this transaction goes into the block chain, it is impossible for anyone to tamper with after the fact.
$ sha256sum hash.keys
f42d0aac06f4695f821c97b948839b7f620308132e84f840c89e1e75ed8a7dad  hash.keys
$ java -jar jar/BitcoinTimestamp-1.0.1.jar decode 486701730763b29af62eec31dfefa4f26178cf11456a85b9501ac57991743f27
url: http://blockexplorer.com/rawtx/486701730763b29af62eec31dfefa4f26178cf11456a85b9501ac57991743f27
Account: OP_DUP OP_HASH160 00d1cd2e5ec984226c98f85a69852ee9e6c659bd OP_EQUALVERIFY OP_CHECKSIG: 62509
Account: OP_DUP OP_HASH160 11ffd426374b71a2b59463d9130030a1eac84586 OP_EQUALVERIFY OP_CHECKSIG: 2732
Account: OP_DUP OP_HASH160 1f6bd9aeba05706f90797c955aa63ea89b0f7b35 OP_EQUALVERIFY OP_CHECKSIG: 1780
Account: OP_DUP OP_HASH160 20906f06c0e979a1c9e91c1562cd437a0b033c06 OP_EQUALVERIFY OP_CHECKSIG: 26975
Account: OP_DUP OP_HASH160 24deb4c6d8a5069f226af98a9d96d1cda2af0c95 OP_EQUALVERIFY OP_CHECKSIG: 33308
Account: OP_DUP OP_HASH160 271fb5f58b3f33a2793b1106f921082d977715a1 OP_EQUALVERIFY OP_CHECKSIG: 38841
Account: OP_DUP OP_HASH160 372c92a1184f8bd7b43cfd35f4a6300af9575bba OP_EQUALVERIFY OP_CHECKSIG: 18563
Account: OP_DUP OP_HASH160 3b7496c38f98607860aeb8681a0f278c80131001 OP_EQUALVERIFY OP_CHECKSIG: 39807
Account: OP_DUP OP_HASH160 533a0c569ba6e3a17a09c5897740c151fcb08039 OP_EQUALVERIFY OP_CHECKSIG: 25091
Account: OP_DUP OP_HASH160 5b90be81a48a38fca725b8ce2c0b2bb860eb597c OP_EQUALVERIFY OP_CHECKSIG: 2067
Account: OP_DUP OP_HASH160 68f734b27adff98dd6d6fae2d9ab43865e31e997 OP_EQUALVERIFY OP_CHECKSIG: 11908
Account: OP_DUP OP_HASH160 6dc7dbaa82777cc38dd2805c34cb6127676b1e9a OP_EQUALVERIFY OP_CHECKSIG: 63552
Account: OP_DUP OP_HASH160 6f64ed1e6ea10028151b4c957c8d2b693b282e44 OP_EQUALVERIFY OP_CHECKSIG: 51358
Account: OP_DUP OP_HASH160 7912dbde98ac3e8a6923e4443e3c4d1db67609ac OP_EQUALVERIFY OP_CHECKSIG: 7797
Account: OP_DUP OP_HASH160 7ed45bd66f3390e03c0bf30263dd2e53ec9a9f5a OP_EQUALVERIFY OP_CHECKSIG: 60810
Account: OP_DUP OP_HASH160 81740eeee552dafdb5ae1c546a654a9cc337b6a2 OP_EQUALVERIFY OP_CHECKSIG: 32173
Account: OP_DUP OP_HASH160 389d7748574d12f3ef01d519cc3c252596d49dfd OP_EQUALVERIFY OP_CHECKSIG: 59072116
Account: OP_DUP OP_HASH160 83fdafd7a1a8f7c06ab46ce2095adf28a4d6797d OP_EQUALVERIFY OP_CHECKSIG: 6077
[f42d0aac06f4695f821c97b948839b7f620308132e84f840c89e1e75ed8a7dad]

There the sha256 sum of the file stored in S3 and the sha256 sum stored in transaction 486701730763b29af62eec31dfefa4f26178cf11456a85b9501ac57991743f27 match. This shows the file has existed since the time of the transaction on 2012-03-28.

In case you just want the hash of the file without validation:

$ sha256sum hash.keys
f42d0aac06f4695f821c97b948839b7f620308132e84f840c89e1e75ed8a7dad  hash.keys
$ sha1sum hash.keys
dffc9967e06db22bc64b3fbaa8ed317c0f22b54d  hash.keys
$ md5sum hash.keys
db2a943b598d2996ef839445f75eeb0c  hash.keys

Secrets

So that is all well and good for the hashes but those are just hashes, not the actual secrets used. After a day has been over for at least 24 hours we will release the secret used. Then you can verify that the hash of the secret matches the published hash in the hash file. This demonstrates that we used the secret we planned on using.

Lucky Number

Then the lucky number used to determine the winner of cames is simple. It is simply the first bytes of hmac_sha512(secert,txid). That would be the secret string as the key and the transaction id of your bet transaction as the data.

You can see all of this on the full details page for your transaction.