DailyDeed● Trust & transparency · commit-reveal protocol
Every Daily Deed draw is provably fair.
Not just fair. Provably fair. Here is exactly how it works, why it cannot be manipulated, and how you can verify every result yourself.
Stage 1
SHA-256 committed before entries open.
Stage 2
Deterministic winner selection from seed.
Stage 3
Publicly verifiable by anyone after the draw.
◇ The three stage process
How every draw works, step by step.
Stage 1 · Commitment
Before a single donor can enter, Daily Deed generates a cryptographically secure random seed using 32 bytes of OS level entropy. The SHA-256 hash of that seed is immediately published on the campaign page. This hash is the commitment. It proves the seed existed before any entries were accepted. Daily Deed cannot change the seed after this point without the hash changing, and the change being detectable by anyone.
Stage 2 · Draw
When the campaign closes and entries lock, the draw runs deterministically using the committed seed as its input. The winning entry is selected with a mathematically unbiased algorithm: the seed is expanded through SHA-256 with a counter and fed through a rejection sampler that eliminates modulo bias. Every ticket has exactly equal probability regardless of when it was purchased. The winning position is a pure function of the seed and the total ticket count. No human decision is involved.
Stage 3 · Reveal
After the winner is selected, the original seed is published publicly on the campaign page alongside the winning entry number. Anyone can independently verify two things: (1) SHA-256 of the revealed seed matches the commitment hash that was published before entries opened, and (2) running the same deterministic selection function on the revealed seed and the final entry count produces the same winning entry number. Both checks run in any browser with standard cryptographic tools.
◇ Why this matters
The difference between “trust us” and prove it yourself.
Aspect
Traditional giveaway platforms
Daily Deed
Winner selection
Run after entries close, result announced, no independent verification possible.
Seed committed before entries open. Result is deterministic from seed. Independently verifiable by anyone.
Can the operator manipulate the result?
Theoretically possible after entries close. Opaque to the public.
Mathematically impossible. Changing the winner would require changing the seed, which would change the commitment hash that was published before entries opened.
How to verify
You cannot.
SHA-256 the revealed seed, confirm it matches the published hash, recompute the winning entry number from the seed and entry count. Three browser console lines.
Audit record
Internal logs only.
Immutable audit trail with commitment hash, revealed seed, entry count, and winning position, all recorded and tamper evident.
◇ Verify yourself
Two ways to verify any Daily Deed draw.
Run it on this page in one click, or do the math yourself in your browser console. Both use the exact same algorithm. The interactive verifier just saves you the copy and paste.
◇ Or verify here, without code
Verify a draw on this page.
Same math as the browser console guide. Your browser runs the SHA-256 check and the deterministic winner calculation in front of you. Nothing is sent to Daily Deed’s servers.
Loading completed draws…
Or do it yourself
Find the commitment hash and revealed seed.
Open any completed Daily Deed campaign page. In the Draw Integrity section you’ll see the SHA-256 commitment hash that was published before entries opened, and the revealed seed that was published after the draw. Copy both.
Verify the seed matches the commitment.
Compute SHA-256 of the revealed seed in any browser console. If the result matches the published commitment hash, the seed was not changed after commitment. If they don’t match, something has been tampered with.
// Paste this into your browser console
const seed = 'PASTE_REVEALED_SEED_HERE';
const data = new TextEncoder().encode(seed);
const hashBuffer = await crypto.subtle.digest('SHA-256', data);
const hash = Array.from(new Uint8Array(hashBuffer))
.map(b => b.toString(16).padStart(2, '0'))
.join('');
console.log('Computed hash:', hash);
// Compare to the commitment hash on the campaign page. They must match.Verify the winning entry number.
Using the revealed seed and the published final entry count, run the same deterministic selection algorithm Daily Deed uses. The result should match the published winning entry position.
// Deterministic winner verification. Matches services/api/src/lib/drawCommitment.ts
async function deterministicUniformInt(seed, n, counter = 0) {
if (n === 1) return 0;
const bitLength = Math.ceil(Math.log2(n)) + 1;
const byteLength = Math.min(Math.ceil(bitLength / 8), 6); // cap at 48 bits
const domain = Math.pow(2, byteLength * 8);
const limit = Math.floor(domain / n) * n;
for (let i = 0; i < 1024; i++) {
const buf = new TextEncoder().encode(`${seed}:${counter}`);
const out = new Uint8Array(await crypto.subtle.digest('SHA-256', buf));
let raw = 0;
for (let b = 0; b < byteLength; b++) raw = raw * 256 + out[b];
if (raw < limit) return raw % n;
counter++;
}
throw new Error('rejection sampling did not converge');
}
async function selectWinnerEntryNumber(seed, totalEntries) {
return 1 + await deterministicUniformInt(seed, totalEntries);
}
// Usage
const winner = await selectWinnerEntryNumber('PASTE_SEED_HERE', TOTAL_ENTRIES);
console.log('Winning entry position:', winner);
// Should match the winning position published on the campaign page.◇ The receipts
Every completed draw, publicly archived.
Each row is the full commit-reveal record. Click Verify to jump into the campaign page and run the checks above.
Loading the public draw record…
Questions about our draw integrity?
We’ll walk you through the math, the audit trail, or any specific draw you’d like to verify.