Provably fair setups at mystery box sites are RNGs that you can verify yourself. All the legit mystery box sites use them, giving you clarity on the randomization process of the prize distribution, and eliminating any shadow of doubt that the boxes are rigged. Boxes are set up using RNGs, and results are determined by the client seed, server seed, hash and nonce, which we will explain on this page.
Mystery Box Provably Fair Explained
The most important aspect to make note of is that with provably fair mechanics, the outcomes are always generated on the spot, and not predetermined. You can also check the data inputs after each unboxing, verifying that the results are indeed fair.
We research alternative gaming platforms with a focus on the details that matter most to players, including how each site works, how clear the rules are, the overall user experience, rewards, redemptions, withdrawals, fairness, safety tools and support. Our content is written to be clear, independent and regularly reviewed as platforms, offers and features change.
Read MoreQuick Answer (TL;DR)
Mystery box sites with provably fair mechanics are quite open about the procedures, and our experts have reviewed some that even offer scripts so anyone who doesn’t have the knowhow can get the data and check it for themselves. Basically, the RNGs take two data inputs, or seeds, combine it with an opening counter, or nonce, for an output. This is converted into a number that is then plugged into the mystery box’s drop odds, and your prize will be determined. It happens in the blink of an eye, and the results are always determined after you open the mystery box, so the results are not predetermined.
These mechanics can all be checked right after you open a box. The platform will provide you with the seeds and data inputs that impacted the outcome, and you can verify the results for yourself.
What provably fair usually means in practice
Provably fair is a term that is used in online casino games, sweepstakes casinos, and mystery box sites. It is the guarantee that ensures you are playing games that are fair. These are not biased, rigged, or deliberately fixed in your favor/against you. The provably fair mechanics are all digitalized, so you are not physically picking between boxes, or having someone draw lots in your place. It all happens on the site, using a repeatable formula with randomized inputs, and is generated in the blink of an eye.
This is essential to the quality of the experience. If the outcomes were predetermined, you would effectively be buying an “already won” or “already lost” box, which is unfair. If the mystery box operators decide the outcome, this would be biased as they can choose to give high paying players better rewards, or use near miss tactics to keep frequent gamers in the loop. The provably fair mechanics means that the operator cannot manipulate the results, and that as a player, you cannot predict the outcome of a roll/result.
Why Mystery Box Sites Use Provably Fair Systems
When you create an account and buy boxes at a mystery box site, the first thing you want to know is whether or not the system is fair. The unboxing is all digitalized, so the outcome is determined by random number generators, a little like in slot machines or online casino games. But the big difference between the two is that licensed online casinos have to use approved third-party auditors such as eCOGRA or GLI (Gaming Labs International), to test their games for fairness. You get a little seal of approval at the bottom of the page from the auditor, and you know that the online casino has provably fair to play games.
Mystery box sites do not use auditors like eCOGRA, they are not regulated in the US, and therefore don’t need a license to serve US customers. But instead of putting blind faith into the boxes, legit mystery box sites use provably fair setups. Instead of relying on a third party to approve the fairness, you can verify the results yourself and get all the proof you need that the random prize distribution is fair.
The Main Parts of a Provably Fair Setup
The mechanics of provably fair setups were not actually invented by mystery box sites, but they come from early crypto casino pioneers. They used cryptographic hash formulas, which were developed long before – by the US National Security Agency for security purposes.
The concept is that these mystery boxes can create formulas with randomization pivoting on data inputs – client and server seeds. If you have never heard of provably fair mechanics, or have but don’t know how it works, you are in the right place.
We will go through the various components of this system, explaining their function and how they all combine together into an RNG.
RNG Formula
The formulas all follow a standard, where they require the following inputs:
- Client Seed
- Server Seed
- Nonce
- Hash
The two seeds are the inputs that are needed for the formula. These are plugged in, with a nonce acting as a counter to add extra randomness, and then the resulting output is used to work out what prize that specific box opens.
The client seed and hash formula are two inputs that you can check before the unboxing, the server seed may be partially shown or encrypted, but the nonce is a fully secret value.
After the outcome, you can check the data that was hidden or generated later, and plug these into hash formulas to verify the results.
Server seed
The server seed is the main source of the randomness for each roll. This is a hidden value that may be shown to you partially, or with an encrypted hash, before the roll. If the mystery box gives you this value before the roll, then some of the more tech-savvy gamers would be able to use it to predict the results, which wouldn’t benefit anyone.
To keep games fair, this value is deliberately kept partially hidden or encrypted before you start a game. Server seeds are often 32-64+ characters long, and these are periodically rotated.
Hash
This is the version of the server seed that you can check before playing a round. The server seed is encrypted using a hash, and only partially revealed. At the end of the roll, you will get the full hashed version of the server seed, and you can plug this into a formula (with the nonce and your client seed) to check the original server seed. Thus, you can prove that the server seed was not changed or altered after you opened the box.
Client seed
The client seed is your own seed, which you can view and edit. This is a value that is automatically generated for you, but you can change it and some mystery box sites will also allow you to check the seeds used by other players.
Client seeds are generally 8 to 32+ characters long, using numbers and letters. It is your own input into the randomness of the roll.
Nonce
The nonce is the final part of the formula. This is a hidden value that increases with every roll, and is used to add more randomness to the results. This basically makes it more difficult for any cryptographic hackers to predict the outcomes, but the data input responsible for the most randomization is still the server seed.
Result generation
Before each roll/result, you can check your Client Seed and the hashed Server Seed. Your seed can be, and some argue, should be changed to ensure that there is no bias in the results. After you change your Client Seed, or decide to play with the one that is automatically generated for you, you can go ahead and buy a box.
Your seed is combined with the hashed client seed, and the nonce is also integrated into the formula. Then, the result will create a number that will fall into the prize pool scale. This determines which prize you get.
Key Terms Highlighted
Here are the key terms we have explored, and a quick summary of what they do.
| Input | Generated by | When visible | Main Purpose | Notes |
|---|---|---|---|---|
| Client Seed | Player, or automatically by site | Before the roll | Adds player-side randomness | Often editable manually |
| Server Seed | Site | After the outcome or seed rotation | Main hidden randomness source | Hidden initially to prevent prediction |
| Nonce | Site system | After the outcome | Changes result every roll | Increases after each opening |
| Hash | An encrypted version of the server seed | Before the roll | Proves server seed was not changed | Usually uses SHA-256 encryption |
How Verifying a Result Usually Works
Proving that a result is fair is quite a simple process, if you have the technical knowhow. After you learn how to use the formula, where to input your data, and what to look for, this becomes something you can do in seconds. It is really no work at all, and worth checking after each box you open.
So before you open your box, you have the client seed and a hashed version of the server seed displayed. That hash is hiding a line that you have to reveal using the formula. After unboxing, you get the following data inputs:
The idea is that now, with the nonce and the full server seed, you can plug those into the original formula, use the hashing system and get the same hash as you saw before the roll. This ensures that the roll was not altered, manipulated, or changed in any way from before you bought the box to the second you got your prize.
Hashes before the reveal
Your mystery box site will use a set of hash functions to encrypt the server seed. This is the Hash that you can check before the roll, and you will have to work backwards to calculate from the results.
Typically, we have seen sites using the SHA-256 or SHA-512 hash algorithms for hashing. You have to enter the Client Seed, Nonce, and the Server Seed into the relevant hash formula. Then, the calculated hash can be compared with the value displayed before you started the game.
Re-checking after the reveal
To check that initial hash, you will need to do the following:
1. Open the game history/verification details
2. Copy the Server Seed, Nonce and Client Seed
3. Enter this into the hashing script (from external source)
4. Calculate the hash
5. Compare this with what you got on the mystery box site
Most mystery box sites do not have in-built decrypting software for your convenience. Be prepared, verification is something you will usually need to find a good online code editor and compiler.
Sometimes, the mystery box sites will provide already assembled scripts on external sites, so you can just head there, plug in your data, and get your results. These are called Verifier Tools, Verification Sites, or simply Code Editors. The most commonly used ones we have seen are jdoodle and writephponline.
What Provably Fair Can and Cannot Tell You
Provably fair mechanics are there for you to verify your results. Whether you do that or not is up to you, it is pretty quick so some players prefer to double check their results after every unboxing. Others may be satisfied in the knowledge that as the mechanics are provably fair, they don’t need to check these out themselves – going on crowd wisdom or the general public’s acceptance of these games are the mark of fairness.
What it can help validate
The procedure is pretty simple if you take out all the scripting and coding details. Every game requires your client seed, a server seed and a nonce value to randomize the results. Of these, the server seed is the main source of the randomness, and you get an encrypted version of this – the hash – before you open a box.
After opening the box, you get the real server seed and nonce value, and to verify that the server seed didn’t change, you can plug the data into the original formula. You then work backwards, calculating to get the hash value and ensuring that the result was fairly generated.
This allows anyone to access the results and prove them, but as the server seed rotates (and the nonce value changes with every round), it ensures that the future outcomes are still impossible to predict or precalculate.
What it does not prove
Provably fair mechanics do not change any of the other aspects of the randomization process. Just because the results can be verified, it doesn’t mean that there can’t be variance, volatility, or other phenomena that can mix up your results. Randomness is still the same with mystery boxes as it is when you are flipping a coin, playing a slot machine, or predicting a sports game. Odds do not change with provably fair mechanics, but outcomes do not necessarily need to reflect the exact odds. You can win a 1 in 10,000 prize in your third box. Or, you can chase a prize that has a 1 in 10 dropping rate, and still not unbox it in 20 tries.
Variance: This is the deviation of the results from the mathematical odds. If the probability suggests you have a 50% chance of opening flip flops with a certain product, that doesn’t mean that 5 from 10 unboxed prizes will be flip flops. If that happens, there is no variance in the results. If you only get 1 pair of flip flops from 10 boxes, then the variance is very high.
Volatility: Typically used in slots nomenclature, this relates to the frequency of wins in rounds. As you win a prize every time in mystery boxes, volatility refers to the frequency of bigger prize drops against lower ones. This is also a product of randomness, and something that can occur with RNGs that use provably fair mechanics.
RTP: This is nonexistent in mystery boxes. RTP relates to money you earn back through game rounds, but as you always win prizes and these can have subjective value (and are not cash redeemable), the mystery boxes have no RTP.
Odds are there to indicate the chances of winning, but they are guide values that give you the theory and not a mathematical assurance. As such, you should always play or shop at mystery box sites responsibly, and don’t throw money at boxes that you cannot afford to lose. These are not financial investments nor are they ways to get discounted high value products. In that aspect, mystery box sites are like casino games or other gambling sites. They are there for your entertainment, and you should set a budget to control your spending.
What to Look For on a Mystery Box Site’s Fairness Page
Legitimate mystery box sites do not hide their provably fair mechanics. These often get entire pages or guides dedicated to how the mechanics work and how you can verify your results. This is one of the biggest selling points of a legit site, as they can give you the assurances that the results use RNGs, and that you aren’t getting ripped off with biased or rigged games.
Though it is important to know a bit of theory here, and to check for some of the following:
Better platforms go a little further, giving you their RNG methods, the hashing algorithm they use (SHA-256, SHA-516, etc), and they can even give you links to premade scripts. There, you can just plug in the data and get the results.
A rarity among these sites is to have built-in verification tools. This is something we have seen more of at crypto casinos than mystery box sites, but there are seldom exceptions. This basically means you don’t need to go off-site to check the code, but you can just plug in the values in a dedicated calculator tool on the site. There, you can verify the results and check for the provably fair mechanics.
FAQs
What does provably fair mechanics mean?
Provably fair mechanics are systems that let players independently verify that a mystery box result was generated randomly and not manipulated by the operator. They use cryptographic inputs such as Client Seeds, Server Seeds, hashes, and nonces to create RNG outputs, which you can verify yourself after each outcome.
Can mystery box sites have fake provably fair systems?
Yes, some sites may claim to be provably fair without providing proper verification tools, hashes, or transparent RNG formulas. Legit platforms allow users to edit or change their client seed, check the player seed after an outcome, compare hashes, and independently reproduce the outcome calculations.
How can I verify provably fair mechanics in mystery boxes?
You can verify a result by copying the Client Seed, Server Seed, and Nonce from the verification page after opening a box. These values are entered into a hashing script or verifier tool to confirm the generated hash matches the one shown before the roll.
What is the difference between server seed and hash in provably fair mechanics?
The server seed is the main component to create randomness in a result, and this value remains secret until after you open your mystery box. The hash is the encrypted version of the server seed, which is used to verify your results.
Where can I verify the hash of a provably fair mystery box?
Most mystery box sites provide verification data inside the game history or fairness section of your account. You can usually check the hash using external SHA-256 or SHA-512 verification tools, while some platforms also provide their own built-in verification scripts.
Author: Oliver Dickinson
Updated:
Oliver Dickinson is the head of strategy and serves as Lead Editor for Freaky Gaming. He has a lot of experience with sweepstakes casino style gaming and website publishing being part of many sweepstakes projects over the years. Oliver oversees editorial direction, review standards, and compliance, ensuring all content meets high standards of accuracy and transparency so that our users trust that our content is reliable.
Oliver Dickinson is the head of strategy and Lead Editor of Freaky Gaming, where he oversees content quality, and review standards across the site. With extensive experience in sweepstakes casino-style gaming and digital publishing, Oliver leads the development of Freaky Gaming’s review methodology and ensures every page is created with accuracy, transparency, and player value in mind.
Over the years, Oliver has worked across multiple sweepstakes gaming projects, giving him a strong understanding of how platforms operate, how offers are presented, and what players actually need to know before signing up. His work focuses on turning complex information into clear, practical guidance — whether that’s reviewing casino features, explaining bonus terms, or helping readers understand the differences between platforms.
As Lead Editor, Oliver is responsible for maintaining editorial consistency and ensuring content aligns with Freaky Gaming’s standards for factual accuracy, responsible messaging, and legal/compliance awareness for a U.S. audience. He works closely with reviewers, writers, and editors to make sure content is regularly checked, updated, and easy to trust.
Oliver’s editorial approach is rooted in a simple principle: readers should be able to make informed decisions based on honest, well-structured information not hype. That philosophy continues to shape Freaky Gaming’s voice and content standards across reviews, guides, and educational pages.
