zkVerify blog

Beyond Trust: How to Ensure Wordle is Provably Fair

an elderly woman is holding a cell phone in her hand .
a man in a suit and white shirt is smiling for the camera .
John Camardo

Preface

I’ll preface all of this by saying that this demo is one that I created myself. It differs from the demo hosted at proofs.zkverify.io. I built this with Risc0 and did it to continue learning about how Risc0 proofs work.

As you will be able to see from the demo, I didn’t automate any proof submission to zkVerify. In future blog posts you’ll see how I move from basic understanding of Risc0 and how to generate proofs with the zkVM, to actually automatically submitting them to zkVerify for verification. In any case, I hope this is interesting and informative!

Introduction

In the world of online gaming, a fundamental question often goes unasked: how do you really know the game is fair? Players implicitly trust that the server running the game isn't tipping the scales, but what if that trust could be replaced by mathematical certainty? This is the revolutionary concept behind zkWordle, a familiar word-guessing game with a powerful cryptographic upgrade that makes it "provably fair." By leveraging Zero-Knowledge Proofs (ZKPs), zkWordle offers a glimpse into a future where players don't have to trust, they can verify.

The Cheating Server Problem

In any typical online game, from a simple word puzzle to a complex multiplayer arena, there's an inherent imbalance of power. The server knows all the secrets—the solution to the puzzle, the location of other players, the order of the cards. A player, on the other hand, only has the information the server chooses to provide. This raises a crucial issue of trust. What's to stop a malicious or poorly designed server from changing the secret word halfway through a game of Wordle to make your guess incorrect? Traditionally, the answer has been nothing more than faith in the game's operator.

A New Kind of Proof: Playing with Zero-Knowledge

zkWordle addresses this trust issue head-on by incorporating zero knowledge proofs. In zkWordle, after every guess a player makes, the server (the Prover) does more than just return the familiar green, yellow, and grey squares. It also generates a Zero-Knowledge Proof, a cryptographic "receipt" that mathematically guarantees two critical things: the feedback is honest according to the game's rules, and, most importantly, the secret word has not been changed.

Under the Hood: The "Commit and Prove" Scheme

zkWordle achieves this verifiable fairness through a "Commit and Prove" technique, powered by the Risc0 zkVM (Zero-Knowledge Virtual Machine). This process relies on three key components that are generated with each turn:

  • The Image ID (The Verification Key): This is a unique cryptographic fingerprint of the official Wordle game logic. It proves that the server is running the pre-agreed-upon version of the game and hasn't altered the rules. Think of it as verifying the authenticity of the game board and rulebook before you start playing.
  • The Journal (The Public Inputs): This contains the public output of the game for a given turn. In zkWordle, this includes the feedback for your guess (the array of 'Correct', 'Present', 'Miss') and, crucially, a SHA-256 hash of the secret word (correct_word_hash). The Journal is the server's public declaration of what happened on that turn.
  • The Seal (The Proof): This is the cryptographic data that ties the Image ID and the Journal together. The Seal is the "magic key" that mathematically proves that running the official game code (verified by the Image ID) resulted in the exact public output contained in the Journal.

How We Know the Word Hasn't Changed

The genius of this system lies in the correct_word_hash. With the very first guess, the server commits to a secret word by including its hash in the first Journal. This hash acts like a digital wax seal on the secret word. For every subsequent guess, the server must generate a new proof, and the resulting Journal must contain the exact same correct_word_hash.

A player, or an automated verifier, can simply compare the hash from turn to turn. If the hashes don't match, it's undeniable proof that the server has cheated by changing the secret word. This elegant solution ensures the integrity of the game from the first guess to the last, all without ever revealing the secret word itself.

The Future of Fair Gaming

The implications of projects like zkWordle extend far beyond word puzzles. This technology provides a powerful model for building trust in a digital world where interactions are often opaque. By replacing blind trust with verifiable cryptographic proof, we can create a new generation of provably fair online experiences. Players no longer have to simply hope the game is honest; they are given the tools to independently verify that every step was executed according to the rules. This shift from trust to verification has the potential to revolutionize not just gaming, but any digital interaction where fairness and transparency are paramount.

If you're into ZK, AI, and building real things—not just reading papers—follow me on X: @john_camardo.