Verifiable Random Function (VRF) System
Our gacha pack system uses Verifiable Random Function (VRF) technology to ensure completely fair and tamper-proof randomness for all pack openings.
Why This Is Secure
The key security guarantee comes from timing: we cannot know your transaction signature until after you sign the transaction with your wallet. This means:
- We cannot predict the outcome — Your wallet generates a unique signature that we have no control over
- We cannot manipulate the result — By the time we receive your signature, your transaction is already confirmed on-chain
- We cannot retry for different results — The signature is permanently recorded on the blockchain before we calculate the roll
How It Works
1. You Purchase a Pack
When you buy a pack, you receive a unique memo (UUID) that identifies your pack.
2. You Sign the Transaction
When opening the pack, your wallet generates a unique transaction signature. This signature is:
- Cryptographically unique to your wallet and this specific transaction
- Unpredictable before you sign
- Permanently recorded on Solana before we ever see it
3. VRF Roll Calculation
Once your transaction is confirmed, we combine your memo and transaction signature:
Input = SHA-256(memo + transaction_signature)
This input is processed through our VRF algorithm using our private key to generate:
- A cryptographic proof (verifiable by anyone)
- A deterministic hash that produces your roll number (1 to 100,000,000)
4. Roll Number Generation
The VRF hash is converted to your final roll:
randomValue = first 8 bytes of VRF hash as BigInt
roll = (randomValue % 100,000,000) + 1
Verification
Anyone can verify the fairness of any pack opening:
API Verification
GET /api/vrf/verify?memo=YOUR_MEMO_HERE
This returns:
valid: Whether the VRF proof is cryptographically validrollMatches: Whether the stored roll matches the calculated rollproof: The VRF proof for this packpublicKey: Our VRF public keytransactionSignature: Your unique transaction signature
Manual Verification
- Concatenate the memo + transaction signature
- Hash the combined string using SHA-256
- Use our public key to verify the VRF proof
- Extract the first 8 bytes of the proof hash as a BigInt
- Calculate:
(value % 100,000,000) + 1
Technical Details
| Property | Value |
|---|---|
| Algorithm | ECVRF-SECP256K1-SHA256-TAI |
| Standard | RFC 9381 |
| Curve | secp256k1 |
| Input | SHA-256(memo + transaction_signature) |
| Output Range | 1 to 100,000,000 |
| Library | @simplevrf/ecvrf |
| Public Key | Available in verification responses |
About the Algorithm
We use ECVRF-SECP256K1-SHA256-TAI, a Verifiable Random Function based on elliptic curve cryptography as specified in RFC 9381.
Key properties:
- Elliptic Curve (secp256k1): The same curve used by Bitcoin and Ethereum, providing battle-tested cryptographic security
- SHA-256: Industry-standard hashing algorithm for input processing and proof generation
- TAI (Try-And-Increment): The method used to hash arbitrary data to a point on the elliptic curve
- Deterministic: The same input always produces the same output — no hidden randomness
- Verifiable: Anyone with our public key can verify that the proof was generated correctly without knowing our private key
This implementation follows production-grade standards, ensuring our randomness is both cryptographically secure and independently verifiable.
Transparency
Every pack opening includes:
- Immutable transaction record on Solana blockchain
- VRF proof stored and publicly verifiable
- Open verification endpoint for all users
The bottom line: Because your transaction signature is recorded on-chain before we calculate your roll, it is mathematically impossible for us to influence the outcome.