A Provably Fair RNG for Web2

Traditional random number generators (RNGs) are already cryptographically secure and easy to use. So why do Web2 applications need Chainlink VRF? 

Typically, a Web2 user has to trust the application they are using for random outcomes, such as drawing cards, picking the winner of a raffle, etc. The actual randomness generation happens in a black box on the application’s backend with no guarantees about fairness or a way for the end users to verify the outcome. In some cases, service providers undergo audits of their RNG process, but this gives little assurance to the end users that an insider is not benefitting from the RNG outcome, simply because there is no way to verify this. By using Chainlink VRF, Web2 projects can integrate a tamper-proof and auditable source of randomness into their applications. 

Not only does Chainlink VRF’s provably fair randomness strengthen a wide array of Web2 products across the gaming, marketing, and analytics industries, it unlocks new use cases that weren’t previously possible. Now, with Chainlink VRF receiving compliance certification from BMM Testlabs, regulated iGaming apps can use it as a verifiable RNG. Companies can leverage VRF to increase user transparency, build better products, strengthen their brand, and gain a competitive advantage. 

In this article, we explore the limitations of current RNGs used in Web2, how Chainlink VRF unlocks verifiable randomness for Web2 applications, and the myriad of use cases it enables. Ultimately Chainlink VRF is another step in advancing all web applications towards a trust-minimized standard. 

Limitations of Traditional Web2 RNGs

Random numbers are critical for many Web2 applications. While the most popular RNGs used in Web2 provide highly efficient sources of randomness, they often come with security and transparency limitations that can undermine the products using them. 

The Problem with Pseudorandom Number Generators (PRNGs)

PRNGs use mathematical formulas to generate a sequence that appears random, such as the Math.random() function in Javascript, random.randint() in Python, and rand in Rust. While the limited computation used to generate random numbers makes them highly efficient and scalable, it can also make them predictable. The problem with PRNGs is that they are deterministic algorithms that can be reverse-engineered, leaving applications using them vulnerable to manipulation and attacks. 

An illustration showing how traditional RNGs can be manipulated and negatively impact users.
PRNGs can be reverse-engineered by malicious actors, leaving them vulnerable to manipulation and attacks.

For example, a now-patched vulnerability in Kaspersky Password Manager made it possible for malicious actors to reverse-engineer passwords stored using the application. The web version relied on the Math.random() function on Javascript, which doesn’t include sufficient entropy to generate a secure password, while the desktop version used a Mersenne Twister PRNG that can be reverse-engineered using 52 of its password outputs by configuring the publicly available randcrack tool. 

The underlying problem of these PRNGs is they are not computationally complex enough and can be exploited with a brute force attack. This is why the more computationally complex, cryptographically secure PRNGs that use sufficient entropy in their seed are a must-have for increased security. 

Limitations of Cryptographically Secure PRNGs (CSPRNGs)

Cryptographically secure PRNGs are stronger than ordinary PRNGs because they’re generated with a high-entropy seed and more complex algorithms that make them more unpredictable and computationally intensive to reverse-engineer. Popular CSPRNGs such as /dev/random function on UNIX-based operating systems like Mac and Linux, and CryptGenRandom on Windows use entropy generated from hardware and random system functions to seed the randomness. While CSPRNGs are both highly secure and efficient, they have a key limitation—they are not verifiable. There is a lack of transparency around the source of randomness used, which requires users to trust that the centralized data provider won’t manipulate the results to their own benefit. With an increasing need for cryptographically guaranteed outcomes, this lack of transparency and requirement of trust in a centralized entity can be a major disadvantage for Web2 applications relying on CSPRNGs.

A diagram showing how Chainlink VRF provides a verifiable source of randomness
While traditional RNGs can be manipulated without users knowing, Chainlink VRF provides cryptographic proof enabling users to verify the integrity of the random number provided.

Leveraging a Provably Fair RNG

Web3 is the next evolution of the Internet. It uses blockchain technology, smart contracts, and oracle networks to provide more secure and reliable web-based services. Thankfully for many Web2 applications, they don’t need to build completely new products and infrastructure to leverage many of the advantages of Web3. Rather, they can natively incorporate trust-minimized Web3 services like Chainlink VRF into their existing applications.

Chainlink VRF: A Verifiable and Cryptographically Secure RNG

Chainlink Verifiable Random Function (VRF) uses cryptography to create a tamper-proof and provably fair source of randomness that anyone can independently verify. Being cryptographically secure and verifiable provides a multitude of benefits compared to existing RNGs used in Web2. 

A diagram show how Chainlink VRF eliminates the risks of traditional RNG solutions
Chainlink VRF delivers a tamper-proof source of randomness that users can verify is fair and unbiased.

Chainlink VRF is powered by the industry-leading Chainlink Network, a decentralized oracle network that provides applications with tamper-proof inputs, outputs, and computations. VRF works by combining block data that is unknown when the randomness request is made and an oracle node’s pre-committed private key in order to generate a random number and a corresponding cryptographic proof. This enables the consuming application to only accept the random number if it is cryptographically secure and allows its users to independently verify that the source of randomness has not been tampered with. 

Web2 developers can easily incorporate Chainlink VRF into their applications using Web3.js for Javascript, Web3.py for Python, or Web3j for Java. The frameworks allow developers to easily access an Ethereum node’s JSON RPC via an HTTP, WebSocket, or IPC connection and incorporate the verifiable randomness generated by Chainlink VRF in their applications. This enables Web2 developers to leverage the high security guarantees and transparency of Chainlink VRF natively within their Web2 applications. 

Advantages of Chainlink VRF for Web2 


Users can independently verify the integrity of the random input from Chainlink VRF via the cryptographic proof posted on-chain, meaning they no longer have to trust a centralized entity that the random numbers weren’t manipulated.

Provably Fair

Users have cryptographic proof that the random number generated is truly random, meaning the application relying on it can deliver provably fair and unpredictable outcomes.


The cryptographic proof supplied with the random number enables the consuming application to verify that the randomness used has not been manipulated by anyone, including the oracle that generated the random number. 


When a Chainlink VRF request is made, the block data used as part of the seed has not been created and is therefore unknown. This ensures that the random number generated is unpredictable. 


The code used by Chainlink VRF is open-source, enabling everyone, from an independent user to an organization, to inspect the process used to generate a random number.

Seamless Integration

Chainlink services are easy to integrate into Web2 applications. With just a few parameter changes, developers can configure the random output to the technical needs of their project.

Compliance Certification

Chainlink VRF has received GLI-19 compliance certification through BMM Testlabs. This enables regulated iGaming apps to use Chainlink VRF in their applications as a verifiable RNG. 

Web2 Use Cases for Chainlink VRF

Verifiable randomness can benefit a wide array of Web2 applications, including online gaming, marketing campaigns, raffles, and data analytics. While cryptographically secure RNGs are commonplace, a cryptographically secure and provably fair RNG unlocks a vast array of new use cases and enables high-integrity processes.

Diagram showing how Web2 systems can leverage Chainlink VRF.
Web2 developers can leverage Web3 technology by incorporating Chainlink VRF into their applications.

Online Gaming

As fairness is one of the most important aspects of a good game, and randomness often influences in-game outcomes, a provably fair source of randomness is a must-have for many online games. 

A Verifiable RNG for Regulated iGaming Apps 

With GLI-19 compliance certification from accredited gaming certification lab BMM Testlabs, regulated iGaming applications can use Chainlink VRF as a regulated iGaming app. As Maria Romero, business development manager for iGaming at BMM Testlabs, said, “As one of the first certifications in the blockchain industry, BMM is paving the way for companies developing blockchain-based gaming solutions to become certified in a secure and compliant way that was previously unavailable.”

Creating Unpredictable Outcomes In Fighting and Adventure Games

Games are more exciting when the results of a player’s action are unpredictable, such as when striking an opponent with a sword. Generating unpredictable outcomes with Chainlink VRF makes games more fun for players of different skill levels to compete against each other, more entertaining for audiences watching, and can ensure the game remains challenging even as players increase their skill.

Input/output randomness for smart contracts
Chainlink VRF enables unpredictable gaming outcomes such as the amount of damage a blow in a fighting game inflicts.

Spawning Player Locations and Placing Items in the Metaverse

Metaverses are built with many exciting features and hidden “easter eggs”. If players spawn in a random location, they’ll be able to enjoy much more of the novelty that the game has to offer. Similarly, with items airdropped in random sectors, players get to explore different parts of the map. While some RNGs could result in players spawning and items being airdropped in the same locations, Chainlink VRF ensures they’ll be dispersed in a random pattern across the map, helping the game remain engaging for a longer time.

Matching Players in PvP Competitions

Whether it’s a battle royale in the metaverse or a first-person racing game with real-world prizes, the opponent you’re set against can be a determining factor in the player progressing through a tournament. Randomizing the player matchmaking process with Chainlink VRF can give everyone an equitable chance of competing against the highest or lowest skilled opponents. 

Distributing Rare Items From Loot Boxes

When opened by a player, loot boxes distribute in-game items such as weapons or potions. Rare items, such as a powerful weapon or limited edition skin, are highly sought after by players. Chainlink VRF can help ensure they’re distributed randomly, ensuring no player gets an unfair advantage.  

Dealing Cards to Players

Card-based games like bridge and poker are reliant on both luck and skill. By using Chainlink VRF to help distribute cards, players can verify that the initial hand they are dealt was provably fair

Underpinning Odd-Based Games

Some games like a coin toss are entirely dependent on luck, with skill having little influence on the outcome of the game. Given that randomness is the core feature of the game and these games are relatively easy to develop, verifiable randomness from Chainlink VRF can distinguish games from their competitors

Marketing Campaigns

By transforming a seemingly ordinary event into something extraordinary, marketers can strengthen their brand, capture consumer attention, and grow their market share. Chainlink VRF can help inject a sense of excitement and novelty into any marketing campaign, while simultaneously demonstrating a company’s commitment to provably fair, high-integrity processes.  

User Giveaways 

Gaining new users, increasing product usage, or exploring updated features can be incentivized through random giveaways. Chainlink VRF adds transparency to this process as users can verify everyone had equal access and that company insiders did not have any special advantage. 

For example, SmartCon 2022 involved a competition for seven lucky ticket holders who could get the chance to sit down and eat a Big Mac with Chainlink co-founder Sergey Nazarov. By using Chainlink VRF to help randomly select winners, the integrity of the draw was bolstered, along with a sense of fun that helped the competition be widely shared across social media. 

Novel Product Features

Companies can generate attention for their product launches by using Chainlink VRF to randomly determine novel product features such as a unique color, limited-edition customization, or fan-generated design. 

Selecting Event Location 

Many conferences, events, and festivals have passionate fan bases that want the organizers to select their city to host the event. Instead of organizers making decisions, they can use Chainlink VRF and demonstrate to their fans that a location was fairly chosen from a selection of suitable venues. 

Gamifying Rewards 

Marketers can make loyalty programs more engaging by gamifying the rewards users receive. When users claim their reward, Chainlink VRF can randomly assign them one of several possible rewards. This enables every member of the loyalty program to have a fair chance of winning higher value items in the prize pool, like a holiday or a new car, ensuring every member of the loyalty program has a fair chance of winning.


The higher the stakes and more valuable the prizes, the more important a high-integrity process is for users. Chainlink VRF helps ensure every entrant has a fair chance of winning a raffle. 

Fairly Distributing Concert Tickets

Fans are incredibly passionate about their favorite artists and excited to attend their concerts. These events are often oversubscribed and many users miss out on getting a ticket, often because they cannot be online when the ticket sale goes live. Instead of making tickets available at a set time, fans can be given a set period to enter a raffle, and then Chainlink VRF can be used to fairly distribute tickets among all entrants

Choosing Prize Winners

Raffles often feature valuable prize pools, and entrants expect the winner selection process to be completely fair. Verifiable randomness provides proof that the source of randomness wasn’t tampered with or manipulated in any manner. Ultimately this establishes credibility for the raffle and attracts more entrants. 

The Ape Society is using Chainlink VRF to boost the integrity of its raffle. While they’re a Web3-native project, they used Chainlink VRF in a manner similar to how Web2 companies can leverage the technology. Every week, The Ape Society runs a raffle to distribute 10% of the royalties generated by the project to seven lucky winners. Reflecting on the impact of verifiable randomness, the project founder stated that using Chainlink VRF is “helping give our community a stronger sense of security when participating in our upcoming events.”

Data Analysis

Chainlink VRF is seeded with enough entropy and uses sufficiently complex cryptographic algorithms to ensure that all random numbers generated are completely unpredictable, making it an ideal input for data analysis that requires true randomness. Moreover, Chainlink VRF empowers anyone to verify the integrity of the randomness used in a dataset.

Unbiased Fraud Detections

Financial services and security industries rely on random data selection to identify early indicators around fraudulent transactions and malicious activity. Given the massive value these systems are responsible for securing and the possibility of unfairly targeting a user, tamper-proof and unbiased randomness from Chainlink VRF can increase the integrity of fraud detection processes and signal to customers that security is a top priority. 

Seeding Machine Learning Algorithms With Sufficient Entropy

Machine learning is becoming an increasingly important tool for enterprises, whether it’s used to help detect faulty products or identify the most effective marketing campaign. Randomness is frequently used when running simulations. Providing sufficient entropy through Chainlink VRF helps ensure that the data produced from these processes can be relied upon. 

An Opportunity for Forward-Looking Web2 Companies

Traditional RNGs may appear sufficient for the current Web2 landscape. However, when compared to Chainlink VRF, their limitations regarding the verification of randomness are revealed. Chainlink VRF is both cryptographically secure and verifiable. 

What will users prefer: A product that hides its source of randomness in the backend or a product that leverages a provably fair, tamper-proof RNG that publishes a cryptographic proof to verify its integrity? For use cases that benefit from transparency, such as gaming, marketing campaigns, raffles, and data analysis, Chainlink VRF has a clear advantage over traditional RNGs. 

Web2 companies that integrate Chainlink VRF can gain a competitive advantage in their business verticals. While in the long term, Chainlink VRF could become the standard randomness solution for Web2 use cases that benefit from transparency, the short term represents an opportunity for early adopters to establish a point of difference in their field. Beyond helping organizations build a better product, Chainlink VRF can help build a brand on the principles of fairness, integrity, and transparency. 

Chainlink VRF empowers Web2 companies to immediately benefit from Web3 technology. 

If you’re a developer and want to quickly get your application connected to Chainlink VRF, visit the developer documentation and join the technical discussion in Discord. If you want to schedule a call to discuss the integration more in-depth, reach out here.

Need Integration Support?
Talk to an expert
Get testnet tokens
Read the Docs
Technical documentation