# Random Numbers
In order to determine winners, the Lotto contract uses a pseudo-random number generator based on three variables:
- Block time
- Block miner's address
- A nonce stored in the contract that increases with every random number
These three values are then used to calculate a hash, which is converted to a number.
The number is then divided so that the remainder (aka. modulo) is the random number we want.
This produces a random number that's evenly distributed, meaning an equal percentage change always has the same chance of being picked. Or restated, there is no significant bias in the result, and the distribution of numbers is uniform.
This method also makes the random number difficult to predict or alter, only a major Ethereum miner would be able to affect the outcome.
Expressed as a formula:
is the maximum desired value of the random number is the Keccak-256 hash function is the encoding used by Ethereum to prepare the data for hashing is the block time, aka.
is the address of the miner, aka.
is the random nonce in the contract
Each component in the formula serves a specific purpose.
We've tested the algorithm's properties for:
- Uniform distribution by comparing the results against a reference square distribution.
- Lack of serial correlation by testing a sequence of results and finding that the correlation of any two results in the sequence is zero.
This method should not be used in cases where all of the following applies:
- There is a chance to win less than 1%.
- The value of the prize is high.
- The potential winner is the one executing the transaction to play.
This is because it's possible to improve lower odds up to about 1% if you can control the timing of when you play. More specifically, you can predict the timing when you have a 1-in-100 chance of winning even the rarest of prizes.
As long as the play is being executed by an unbiased party other than the potential winner, this caveat does not apply.