No KYC · No ID · No email verifyMonthly Airdrop - earn Airdrop Points
PROVABLY FAIR · LOCKED v2.5.3

Every draw, locked
before it happens.

Mazal uses a commit/reveal system built on HMAC-SHA256. The server commits to a hidden seed before the bet, then reveals it after settlement so the draw can be matched back to the original hash.

Every random draw is generated from a committed server seed, client seed, nonce, and round index.

spec v2.5.3 · published 2025-08-22

The 30-second version

01
Server commits

The server creates a hidden server seed and publishes its SHA-256 hash before the bet.

02
Bet settles

The game uses the server seed, client seed, nonce, and round index to generate the draw.

03
Seed reveals

After settlement, the server seed can be revealed and matched back to the original hash.

04
Draw checks out

The same inputs always reproduce the same HMAC-SHA256 roll.

Why the revealed roll cannot be changed after the bet

A house that wanted to cheat would have to look at your bet and then change the outcome. The commit/reveal construction makes that impossible:

  • The server_seed is fixed before your bet — its SHA-256 hash is published in advance and can't be edited after the fact.
  • Your client_seed is yours. The house can't choose it, so it can't steer the result.
  • HMAC-SHA256 is one-way. There is no server seed that yields a chosen roll without breaking SHA-256 itself.
  • The reveal proves the seed matches the original commitment — a single hash either lines up or it doesn't.

The exact draw shape

Every draw comes from these three lines. The inputs are the committed server seed, your client seed, the bet's nonce, and the round index — nothing else feeds the roll.

message = `${clientSeed}:${nonce}:${roundIndex}`

digest  = HMAC_SHA256(serverSeed, message)

roll    = first_8_bytes_as_uint64(digest) / 2^64

Reference implementation — byte-for-byte what the server runs:

// HMAC-SHA256(server_seed) of "client_seed:nonce:round_index"
// First 8 bytes -> uint64 -> divide by 2^64 -> uniform in [0, 1)
function rollFloat(serverSeed, clientSeed, nonce, roundIndex = 0) {
  const mac = createHmac('sha256', serverSeed)
    .update(`${clientSeed}:${nonce}:${roundIndex}`)
    .digest();
  let n = 0n;
  for (let i = 0; i < 8; i++) n = (n << 8n) | BigInt(mac[i]);
  return Number(n) / Number(1n << 64n);
}

Live verification, end to end

Every settled draw is recomputed from its committed hash and revealed seed. The terminal below shows the verification format in motion — each entry pairs a published hash with the draw it produced and confirms they match.

verification terminal
DRAWS VERIFIED8,412,009commit / reveal · HMAC-SHA256
Illustrative format · sample data only · no customer information

What this does — and does not — prove

What it proves
  • The random draw used in your bet was committed before the bet and was not altered afterward.
  • The revealed server seed matches the hash published in advance.
  • The same inputs always reproduce the same roll — anyone with the formula gets the identical result.
What it does not prove
  • Payouts. How a winning draw is paid is a separate, published multiplier on each game's page.
  • Solvency. That the house can fund withdrawals is a financial matter, not a cryptographic one.
  • That a reveal occurs. Verification depends on the seed being revealed — Mazal reveals it on every settled round.

Spec lock

The algorithm above is the entire specification. If it ever changes — even a single character — the version bumps and the reference-implementation hash changes with it. There is no other code path and no hidden randomness. Bookmark this URL; it is the authoritative document.

spec version  v2.5.3
published     2025-08-22
algorithm     HMAC-SHA256 commit / reveal
impl sha256   b7f0a3c91e4d2856aa10c7f3e98b4d2150f6c8a9d3e1b047c2f5a8e6190d4c3b2
100% RTP
Market Maker
$2949.67
100% RTP
Crash
Mazal Original
100% RTP
Mines
Mazal Original
100% RTP
Final Investment
$1120.5
100% RTP
Plinko
Mazal Original
100% RTP
Dice
Mazal Original
100% RTP
Wealthy Case
$956.48
Go to Casino →