Полный логотип OrangeChips
Назад к блогу
Engineering & Trust

Truth by Proof: The AES-256-GCM Provably Fair Architecture

A deep dive into how OrangeChips uses military-grade AES-256-GCM encryption and ChaCha20-Poly1305 hardware acceleration to guarantee absolute fairness on every bet.

The Problem with Legacy Crypto Casinos

Since 2013, the standard for "Provably Fair" gambling has relied on simple SHA-256 hash chains. The server generates a random string, hashes it, gives you the hash, and then reveals the original string later.

While theoretically sound, this mechanism is extremely fragile and susceptible to side-channel attacks or poorly generated PRNGs (Pseudo-Random Number Generators) in the backend. OrangeChips decided to rewrite the standard.

The Truth by Proof Philosophy

We believe that trusting a casino is a fundamental flaw. You should not have to trust us. You should only have to trust math.

The AES-256-GCM Implementation

Instead of simple hashing, OrangeChips utilizes AES-256-GCM (Galois/Counter Mode), a symmetric-key cryptographic block cipher widely adopted for its performance and its inclusion of authenticated encryption.

How a hand is rolled:

  1. The Server Seed: Generated securely in our backend using a cryptographically secure pseudo-random number generator (CSPRNG). This seed is encrypted using AES-256-GCM, and the Encrypted Hash is presented to the player before the bet is placed.
  2. The Client Seed: The player controls this. It can be a completely random string or a word of their choosing. This proves the casino cannot modify the outcome, as the outcome relies strictly on the player's unpredictable input.
  3. The Nonce: A simple counter tracking the number of bets made with this pair of seeds.
  4. The HMAC Generation: The Server Seed, Client Seed, and Nonce are combined and sent through HMAC-SHA256 to generate a final 512-bit hex string, which is mapped mathematically to game outcomes (cards, dice rolls, crash multipliers).

Why ChaCha20-Poly1305?

On platforms that do not have dedicated AES hardware acceleration (such as older mobile devices playing our mobile web-app), we fallback gracefully to ChaCha20-Poly1305.

This ensures that verifying millions of hashes on the client-side (for instance, when a player verifies an entire day's worth of game history) executes efficiently without draining mobile battery life. This dual-cipher approach ensures "Truth-by-proof" is universally accessible.

Verify it Yourself

Every game on OrangeChips features a "Verify" button alongside the history log. Clicking it opens the Provably Fair modal where you can test the math live, directly in your browser. All verification scripts are 100% open-source and run locally on your machine, not on our servers.