Formular

We use

$$poly(r) \% p$$

as the lottery result, where $poly()$ is a polynomial evaluation, $r$ is a random u256 integer, and $p$ is a large prime number. The basic theory behind this setting is that this modulus result will generate loops when $r$ increases from $0$ to $2^{256}− 1$.

To see why, let’s consider the following polynomial:

$$f(x) = a_nx^n + a_{n−1}x^{n−1} + ... + a_0$$

If we want to find a looping range i, i.e.,

$$f(x+i)=f(x) \space \space (\mod p)\space \space \space \space \forall x \in 0,1,...,2^{256}-1$$

which means

$$g(x)=f(x+i)−f(x)=0 \space\space (\mod p)\space \space \space \space \forall x \in 0,1,...,2^{256}-1$$

Equivalently, this means all the coefficients of $g(x)$ should be $0$. Denote the coefficients of $g(x)$as {${b_n, b_n−1, ..., b_0}$}. It is easy to see that is for all is $\forall i$≥ 0, $b_i$is divisible by $i$. So if we set $i = p$, all $b_i$ will be $0$. Therefore, $p$ will be a looping range of $f(x)$. Specially, if $a_0 = 0$, we will have $f(0) = 0$. Therefore, if there is no $0$ in $f(1),f(2),...,f(p−1)$, then $p$ will be the minimal looping range of $f(x)$.

The next step is to choose a prime $p$ such that $p$ is the minimal looping range, and the smallest probability $1/p (f(0) = 0$ is the only $0$ in this range) is approximately the smallest required probability. Afterwards, the remaining task is to calculate all the probabilities of the lottery results and aggregate the ranges such that each range of results satisfies the required probabilities.