Verifiable Random Function (VRF)

Our gacha pack system uses a Verifiable Random Function (VRF) to produce fair, tamper-proof rolls.

Why this is secure

The roll is derived from your on-chain transaction signature, which we cannot know until after you sign the transaction with your wallet. By the time we calculate your roll:

Your signature is permanently recorded on Solana
We can't predict it, manipulate it, or retry for a different result

We then run that signature through a VRF using our private key. Anyone holding our public key can verify the proof — but only we can produce one.

The standard

We follow ECVRF-SECP256K1-SHA256-TAI (RFC 9381) — secp256k1 curve, SHA-256, try-and-increment hash-to-curve, 97-byte proofs.

The implementation is close to the spec but not bit-for-bit identical: the hash-to-curve step uses the suite ID as its prefix instead of the public key, and nonce generation is a simplified hash rather than RFC 6979. These deviations are deliberate and stable — they were inherited from the original library so existing on-chain proofs remain verifiable.

Verification

GET /api/vrf/verify?memo=YOUR_MEMO

Returns the proof, public key, transaction signature, and whether the stored roll matches the recomputed roll. Anyone can independently verify against the published public key.

Why this is secure​

The standard​

Verification​

Why this is secure

The standard

Verification