# BitJack21

BitJack21 is an online Bitcoin Blackjack service launched in August of 2011. As of this writing maximum bets are 1btc and minimum bets are .01btc. BitJack21 features a cryptographic proof of fair game play based on SHA256 signed hands. From the website:

"It only seems fitting that cryptography, which is the basis for our trust in the bitcoin system, will now be used as the basis for trust in my bitcoin blackjack game. This system is a mathematical/verifiable PROOF that every hand you play on http://bitjack21.com is 100% completely honest. It allows you to prove/verify that: 1.) The order of the cards was COMPLETELY 100% random. 2.) The order of the cards was determined once before any cards were dealt, and did not change during the hand.

How I do this is by employing cryptographic hashes:

1.) Embedded in the client side javascript code of the game is a random number generator that generates a 128-bit random number before each hand is dealt. (Call this number R2). The user has the option to either use the number generated by their web browser, or modify it as they see fit.

2.) Before each hand, the server generates two more 128-bit numbers (using a HARDWARE random number generator). Call these numbers R1 and RX.

3.) The server will eventually determine the deck order by using R1 and R2. However, before the hand starts (ie, before the user clicks on DEAL) the server computes SHA256(R1 + RX) and displays this value to the user. (Note the '+' is concatenation).

4.) When the user clicks on "DEAL", their random number (R2) is sent to the server.

4.) The server generates a very long string of random bits by calling SHA256(R1 + R2 + 0) SHA256(R1 + R2 + 1) SHA256(R1 + R2 + 2) SHA256(R1 + R2 + 3) etc...

This string of random bits essentially *is* the deck order. In other words, you can directly determine the order of the cards in the deck by using this (The function is posted below, I will soon be implementing this in javascript so that users can verify it themselves without having to use PHP).

5.) AFTER the hand is over, the server displays to the user the actual values of R1 and RX. The user can then verify that SHA(R1 + RX) == the hash that was displayed prior to the hand starting. They can also verify that the order of the cards is correct given the values of R1 and R2. Since R2 was generated randomly by their web browser (or entered directly by the user), and the value of R2 is used as a random seed in the generation of the deck order, the user can be assured that the order of the cards was in fact 100% random."