Full transparency
How VeriDraw certifies every draw
From the moment you create a draw to the second an entrant verifies the certificate. Here is exactly what happens at every stage, and why the result is impossible to manipulate.
Before tickets go on sale
Create your draw and lock it in
Set up your draw on VeriDraw. Name it, add your prizes, set the close date. Behind the scenes, VeriDraw generates a secret key and computes its SHA-256 hash. This is your commitment hash, mathematical proof that the draw method was locked in before anyone could buy a ticket.
What the commitment hash proves
The commitment hash is published before tickets go on sale. Once published, neither you nor VeriDraw can change the secret key behind it. It is a one-way function: you can verify the hash matches the key, but you cannot reverse-engineer the key from the hash. This is the foundation of the entire trust chain.
Publish the commitment hash before tickets go on sale. VeriDraw gives you a plain-text hash to copy and paste, ready-made HTML badge snippets, or an embeddable Smart Widget that updates automatically as the draw progresses from "created" through to "certified."
On draw day
Run the draw
Enter the total tickets sold, click "Run draw." VeriDraw fetches the latest Bitcoin block hash from three independent block explorers: mempool.space, blockchain.info, and blockchair.com. This block hash is the external entropy source — a 64-character hexadecimal string that no one on earth could have predicted. For instant-win draws, a Bitcoin block hash is also used at the moment of confirmation, before ticket sales open.
Why Bitcoin?
The Bitcoin blockchain produces a new block roughly every 10 minutes. Each block hash depends on billions of dollars worth of transactions and computational work. No individual, company, or government can influence what the hash will be. It is the most publicly verifiable source of randomness available, and anyone can look it up on any block explorer. VeriDraw uses Bitcoin for both live draws and instant-win draws, so every certified result has an independent external component.
The secret key, the Bitcoin block hash, and the tickets sold are combined using SHA-256. The result is divided by the ticket count to produce the winning ticket number. For multi-winner draws, each prize position is appended to produce a unique winner per prize.
Immediately after
Share the certificate
A certificate is issued instantly at a permanent public URL. It shows the winning ticket, the draw date, your organisation name and logo, and every piece of data needed to independently verify the result. Share it everywhere: social media, your website, email to entrants.
Anyone can verify, in their browser
The certificate reveals the secret key, the Bitcoin block hash, and the formula. An entrant clicks "Verify" and their browser recomputes the entire calculation using the Web Crypto API. No server request, no trust in VeriDraw required. If the numbers match, the draw was fair.
The certificate URL is permanent. It never expires, cannot be edited, and does not require login. Entrants can also use the ticket lookup page to enter their ticket number and instantly see whether they won.
The difference
What draw “proof” looks like today, and what it should look like
Most operators post a screenshot of a random number generator and call it transparency. Here is what that actually proves, and what VeriDraw proves instead.
What this proves
That someone generated the number 847 at some point. Nothing else.
- ✗ No proof the method was decided before tickets sold
- ✗ No proof this was the first and only generation
- ✗ No proof the screenshot was not taken after the result was known
- ✗ No way for anyone to independently verify
- ✗ No audit trail whatsoever
What this proves
That the draw method was locked before tickets went on sale, the entropy came from an unpredictable public source, and the winning number is mathematically inevitable given those inputs.
- ✓ Commitment hash published before first ticket sold
- ✓ Bitcoin block hash = unpredictable, public entropy
- ✓ Formula is deterministic: same inputs always = same winner
- ✓ 6-step verification runs in the entrant’s browser
- ✓ Full audit trail: secret key, block hash, formula, certificate
Open-source maths
The formula behind every draw
Every VeriDraw certificate is produced by this formula. Nothing is hidden, nothing is proprietary. You can verify it yourself with a pen and a SHA-256 calculator.
Single-winner formula
winning_ticket = SHA-256(secret_key : block_hash : tickets_sold) % tickets_sold + 1Multi-winner formula
winning_ticket = SHA-256(secret_key : block_hash : tickets_sold : prize_position) % tickets_sold + 1secret_key
Generated by VeriDraw before draw opens. Kept secret until draw runs. Its SHA-256 hash (the commitment hash) is published in advance.
block_hash
The latest Bitcoin block hash, fetched live from 3 independent explorers at draw time. 64-character hex string. Publicly verifiable.
tickets_sold
Entered by the operator on draw day. Included in the hash input so changing the count produces a completely different result.
% modulo
The SHA-256 output (a huge number) is divided by tickets sold. The remainder + 1 gives a ticket number in range. Deterministic and fair.
The entrant experience
What your entrants see
When you share a VeriDraw certificate, your entrants do not just see a result. They get proof they can check themselves.
They click your certificate link
You share the permanent URL on social media, your draw page, or in an email. No login required, no app to download.
They see the full result
The certificate shows the winning ticket, draw date, your organisation, and the Bitcoin block used. Everything is laid out clearly.
They click "Verify"
The verification widget runs a 6-step check entirely in their browser. It recomputes the SHA-256 hash, checks the commitment, confirms the block hash, and validates the winning number.
They see "Verified" or they don't
If every step passes, the draw is mathematically proven fair. If anything is off, the verification fails publicly. There is no grey area.
Zero trust required
The 6-step verification, explained
Every VeriDraw certificate includes a verification widget that runs these six checks in the entrant’s browser. Zero server requests. Zero faith needed.
Confirm the commitment
Hash the revealed secret key with SHA-256. Does it match the commitment hash published before tickets went on sale?
SHA-256(secret_key) === commitment_hashVerify the block hash
Check the Bitcoin block hash against public block explorers. Is it a real block? Does the timestamp match draw day?
mempool.space / blockchain.infoCombine the inputs
Concatenate the inputs with colon separators, exactly as VeriDraw did. For live draws: secret key, block hash, tickets sold, prize position. For instant-win draws: secret key, block hash, prize ID, instance number.
secret_key + ":" + block_hash + ":" + tickets (live) / prize_id + ":" + instance (instant)Compute the hash
Run SHA-256 on the combined string. This produces a deterministic 256-bit output, the same every time for the same inputs.
SHA-256(combined_input)Calculate the winner
Convert the hash to a number, divide by tickets sold, take the remainder, add 1. This gives a ticket number in range.
hash_as_number % tickets + 1Match the certificate
Does the computed winning ticket match the one on the certificate? If yes, the draw is mathematically proven fair.
computed === certificate ✓Questions
