Technical Whitepaper

Introduction

XRoll.io is a betting platform on the XRP Ledger (XRPL) (and recently on Algorand too), inspired by the SatoshiDice model. It integrates cryptographic methods, including a classic commit-and-reveal scheme, combined with transparent ledger transactions for verifiable bet outcomes. The XRPL was chosen due to its deterministic finality, average block time of approximately three seconds, and resistance to double spends, which together facilitate immediate settlements and verifiable operation.

This document provides an outline of the platform’s technical foundations. It discusses cryptographic processes, ledger-based transparency, security architecture, and regulatory considerations. The goal is to describe how the system produces verifiable results for users seeking a trust-minimized environment.

Commit-and-Reveal Scheme

XRoll.io employs a commit-and-reveal approach:

1. Server Secret (SECRET): The server generates a random string (SECRET) and broadcasts its SHA-256 hash in every transaction to the user. This action constitutes the “commit.”
2. User Bet Transaction Hash: When a user places a bet on the XRPL, this transaction is identified by its hash (HASH_OF_BET_TRANSACTION). It is important to note that the user has certain control on this value, preventing the server from knowing the result of the roll in advance.
3. Outcome Computation: The system calculates a random roll by HMAC_SHA256(SECRET, HASH_OF_BET_TRANSACTION). The server controls the first input SECRET while the user controls HASH_OF_BET_TRANSACTION.
4. Server Reveal: The server processes the bet and sends back a payout transaction. In this transaction the SECRET used in the previous commit is disclosed, together with the hash of the secret for the next bet. The published secret can be validated against its earlier commitment (the published hash), thereby verifying the integrity of the bet outcome. Even if the transaction results in a LOSS for the user, the server still will send back a transaction with a value of (0.001 XRP) with the information descrived above.

This approach precludes either party from altering the SECRET or the bet transaction in retrospect or controlling its output. The roll is both random and fair.

Provable Fairness

The provable fairness model relies on several cryptographic and ledger-based characteristics:

• Inalterable Server Commit: Once the hash of the SECRET is recorded, changing the SECRET would produce a mismatch with its committed hash.
• Immutable Ledger Transactions: XRPL transactions, including user bets, are appended in an auditable manner due to deterministic finality.
• Post-Bet Hash Lock: The bet transaction hash is fixed at the time of betting and is used as input to the HMAC. It cannot be retroactively revised. And most importantly, cannot be controlled or predicted by the server.

These features collectively contribute to a system in which the probabilities match the stated odds, and neither the user nor the platform can covertly change or predict the outcome.

Security Architecture

Several measures are in place to protect the platform:

• Separation of Concerns: The server handling core bet logic is isolated from the frontend to mitigate common attack vectors and secured behind a firewall. This website is 100% client side and static.
• Deterministic Ledger Transactions: Fraudulent modifications are infeasible on the XRPL, as all transactions are cryptographically linked and validated by a consensus mechanism.
• Regulatory Compliance: Integration with Sumsub handles KYC/AML procedures. If a user’s status is not verified, bets are rejected, and a link to complete KYC is provided in the memo field. Verified users may subsequently place bets without interruption.
• Responsible Gambling Features: Individuals can set self-imposed limits on betting amounts and frequency. These limits are enforced by the server (and verifiable onchain) to promote responsible gambling practices.

Manual Bet Verification

The platform accommodates independent verification of individual bets. A generalized process follows:

1. Locate the Bet Transaction: Identify the XRPL transaction in which the bet was placed. Its hash is the (HASH_OF_BET_TRANSACTION).
2. Locate the server response of the previous bet: The memo of this transactions contains the commit hash of the secret for this bet NEXT_SECRET_HASH.
3. Access the server response of the current bet: Retrieve the response transaction memo that reveals the SECRET and relevant details, such as THRESHOLD, and final outcome. This memo can be read in any XRPL-compatible wallet or explorer.
4. Confirm Commit Integrity: Compare the disclosed SECRET’s SHA-256 hash with the previously committed hash. A mismatch indicates tampering.
5. Compute the Roll: Use any standard library to compute HMAC_SHA256(SECRET, HASH_OF_BET_TRANSACTION) and interpret the result as a floating-point number in the interval [0,1).
6. Match the Outcome: Compare the roll to the THRESHOLD provided in the memo. If ROLL exceeds the threshold, the memo indicates a “WIN”; otherwise, it indicates a “LOSE.” Confirm that the reported outcome and payout align with this calculation.

This procedure verifies the validity of the bet without reliance on the platform’s servers beyond the ledger’s public data.

Open Source Verifier (Client-Side)

A publicly available JavaScript verifier is located at https://xroll.io/verifier.html. This client-side tool interprets the memo data and automatically performs the computations listed above. Its source code is open, non-minified, and unobfuscated, allowing the broader community to conduct audits or integrate the verifier into custom software.

Regulatory Compliance and Responsible Gambling

Operations on XRoll.io involve:

• KYC/AML Integration: Whenever unverified users attempt to bet, the memo field displays an error and a link to complete identity verification. This step satisfies various legal obligations associated with Anti-Money Laundering (AML) regulations.
• Self-Limit Enforcement: Users can transmit a configuration transaction that specifies their personal betting limits. The server reads and applies these constraints for subsequent bets.
• Notifications for Invalid Bets: The memo may indicate if bets exceed the maximum allowed stake, are below the minimum stake, or fall under a “dust” threshold. Invalid bets are disregarded, and the memo communicates the reason.

Memo Data and Illustrative Code

Information concerning the outcome, thresholds, and next SECRET commitment appears in the server response’s transaction memo field, which any wallet can parse. Below is an example of the memo of a successful bet:

{
	"THRESHOLD": "0.51",
	"MAX_BET": "9473.6698362",
	"MIN_BET": "0.5000000",
	"NEXT_SECRET_HASH": "FC896595A07DFBF9DE2A5D7416D0DE80351F4B273E2CB1D5A5843B0A71C634FA",
	"COUNTER": 5675,
	"SECRET": "342DB41C32183992D36DDA6E62C65B54F414B602F30CF2D15CE23F4CF19AAA20",
	"NOTE": "Visit https://xroll.io for more info",
	"TYPE": "BET_RESULT",
	"PAST_TX_HASH": "A97FA8D4AE80BABEE643468696F2F889798F93C8024A8A900183A402A9DA6955",
	"ROLL": "0.591",
	"OUTCOME": "WIN"
}
			

Conclusion

XRoll.io adopts a commit-and-reveal scheme to replicate the characteristics of the original SatoshiDice model on the XRPL. Users and third-party auditors may independently validate the fairness of each bet by reconstructing HMAC calculations and cross-referencing disclosed secrets. The platform employs XRPL transactions for transparent record-keeping, while open source verifier scripts permit client-side verification of all relevant steps.

The server architecture emphasizes security, regulatory compliance, and features promoting responsible gambling. Parties interested in deeper inspection are encouraged to consult the publicly available repository and associated documentation. Additional questions may be directed to official support channels or community forums.