LuckyPem Logo
Lucky Pem
HomeResultsTransparencyFAQContact Us
100% Transparent & Auditable

Draw Sessions

Complete transparency in our lottery draws. Every session uses cryptographically secure randomness from drand (Distributed Randomness Beacon) combined with HKDF-SHA256 for provably fair winner selection.

Cryptographic Security
HKDF-SHA256 algorithm ensures tamper-proof randomness
Commit-Reveal
Commitment hash prevents manipulation before draws
drand Beacon
Distributed randomness from trusted network

Select a Pool

Browse completed lottery pools by type and explore the draw session audit details.

Loading pools...

Understanding the Draw & How to Verify

What is this draw system?

Our lottery uses a cryptographically secure, transparent, and verifiable random number generation system. Every step is mathematically provable, and anyone can independently verify that the draw was fair and winners were selected randomly.

Technical Terms Explained

HKDF-SHA256 (Key Derivation Function)

HKDF is a cryptographic algorithm that takes input randomness and produces high-quality random bytes. Think of it as a "randomness extractor" that ensures the final seed used for winner selection is unpredictable and uniformly random. SHA256 is the underlying hash function.

drand (Distributed Randomness Beacon)

drand is a publicly verifiable randomness service run by a global network of independent organizations (including Cloudflare, Protocol Labs, and universities). It provides randomness that:

  • Cannot be predicted before it's published
  • Cannot be manipulated by any single party
  • Is publicly verifiable using cryptographic signatures
  • Is timestamped and tied to a specific "round" number

Learn more: drand.love

Random Bytes

Random bytes are sequences of unpredictable data derived from the cryptographic seed. For each winner selection, we use HKDF to generate unique random bytes, which are then converted to a number between 0 and the available entries using cryptoRandomInt(). This ensures each winner is selected with equal probability.

Commitment-Reveal Protocol

This is a cryptographic technique to prevent manipulation. Before the draw starts, we publish a "commitment" (a cryptographic hash of a secret value). After all participants join, we "reveal" the secret. Anyone can verify that the revealed value matches the commitment, proving we couldn't have changed it after seeing who participated.

Merkle Root

A Merkle root is a single hash that represents the entire list of participants. It's computed from a tree structure where each participant's entry is hashed, pairs are combined and hashed again, repeating until we have one hash. This allows anyone to verify that a specific participant was included in the draw without revealing all participants.

Cryptographic Seed

The seed is the final random value used to select winners. It's derived by combining:

  • The commitment reveal (proves we didn't change our value)
  • drand randomness (unpredictable public randomness)
  • Using HKDF-SHA256 (ensures high-quality randomness)

This combination ensures the seed is both unpredictable and verifiable.

How to Verify This Draw

Step 1: Verify the drand Randomness

Visit drand API for round ?

Verify that the "randomness" and "signature" fields match the values shown above. The signature proves this randomness was published by the drand network.

Step 2: Verify the Commitment

Compute SHA256(commitment_reveal) and verify it matches the commitment hash.

This proves we committed to a value before knowing the drand randomness or participants.

Step 3: Verify the Seed Derivation

Use HKDF-SHA256 with:

  • IKM (input key material) = commitment_reveal
  • Salt = drand round number (?)
  • Info = "lottery-winner-selection-v1"
  • Length = 32 bytes

The output should match the "finalSeed" shown above.

Step 4: Verify Winner Selection

For each winner, use HKDF to derive random bytes from the seed (with appropriate context), then use cryptoRandomInt(randomBytes, availableEntries) to get the selection index.

This process is deterministic - anyone with the seed and participant list will compute the same winners.

Need help verifying? Technical documentation and verification scripts are available on our GitHub repository. You can also use standard cryptographic libraries in Python, JavaScript, or Go to independently verify all steps.

Why This Matters

Traditional lotteries require you to trust the operator. Our system is different:

  • Don't trust, verify: You can independently verify every draw using publicly available data
  • Tamper-proof: The commitment prevents us from changing our randomness after seeing participants
  • Unpredictable: Using drand ensures no one (including us) can predict the outcome
  • Mathematically fair: Every participant has an equal, provable chance of winning

How Our Draw System Works

1. Commit Phase (Before Draw)

A cryptographic commitment hash is generated and stored before the draw. This prevents any manipulation after participants enter.

2. Randomness Source (drand)

We use drand, a distributed randomness beacon operated by a global network of independent organizations, ensuring no single party can predict or influence the outcome.

3. Winner Selection (HKDF-SHA256)

The drand randomness is combined with our commitment using HKDF-SHA256 key derivation to generate provably fair winner selections. Each participant has an equal, verifiable chance of winning.

4. Verification

All draw sessions are logged with timestamps, participant counts, and cryptographic proofs. Anyone can verify the integrity of past draws.

LuckyPem LogoLuckyPem Logo

Experience the thrill of next-generation lottery draws with LuckyPem. Fair, transparent, and exciting draws available 24/7.

Quick Links

  • Special Pools
  • Scheduled Draws
  • Power Pools
  • Winners
  • Transparency

Support

  • FAQ
  • Terms & Conditions
  • Privacy Policy
  • Contact Us

© 2026 LuckyPem. All rights reserved.