Trust model
Provably fair · zkShuffle
How ShinyPoker guarantees nobody — not even us — can see your cards or rig the deck.
The short version. Cards are shuffled and dealt by the players themselves using zero-knowledge cryptography. A sealed deck commitment is posted on-chain before every hand and the seed is revealed after, so any hand can be independently verified. There is no trusted server holding the deck.
1. What "maximally on-chain" means here
On ShinyPoker, the things that decide who wins money live on Somnia mainnet: your escrow balance, buy-ins, blinds and antes, every betting action (fold / check / call / bet / raise / all-in), the main pot and side-pots, rake, payouts, tournament registration and prize pools. Somnia's high throughput and sub-second finality let all of this happen without the table feeling slow.
2. Card secrecy via mental poker (zkShuffle)
"Mental poker" is a family of cryptographic protocols that let mutually distrustful players shuffle and deal a deck such that:
- The deck is shuffled collaboratively — every player contributes randomness, so no single party controls the order.
- Each player can read only their own hole cards. Other cards stay encrypted to everyone, including the operator.
- The shuffle is accompanied by zero-knowledge proofs that it was performed correctly — without revealing the order.
Because the protocol runs between players, there is no server that ever holds the plaintext deck. We literally cannot see your cards.
3. Commit → reveal: how you verify a hand
- Commit (pre-deal). A cryptographic commitment to the shuffled deck is published on-chain before cards are dealt. It can't be changed mid-hand.
- Play. The hand proceeds; only you can decrypt your own cards.
- Reveal (post-hand). The shuffle seed is revealed. Re-hashing it must reproduce the original commitment. If it does, the shuffle was fair and untampered.
Open the Verification Center in the Cashier, enter any hand number, and ShinyPoker shows you the pre-hand commitment, the revealed seed, and a pass/fail check — computed in your browser.
4. Session keys (convenience without custody)
Signing a wallet transaction for every fold would be unusable. Instead, when you sit down you authorize a session key once, with a spend cap scoped to that table. Your actions are then signed locally and settle on-chain in the background — no popup per hand. You can revoke the session key at any time from Settings, and it expires when you leave.
5. Live state
Table updates, timers and pot changes are pushed to your client over standard WebSocket event subscriptions on Somnia mainnet — no polling, no stale screens. (Somnia's "Reactivity" precompile is testnet-only today and is not relied upon for mainnet.)
6. What we will never do
- Expose opponents' hidden cards, or show fake "win % vs unknown hands".
- Hold your funds in a custodial wallet — your balance is in escrow you can withdraw from.
- Hide rake or fees. Cash rake (with cap) and tournament fee splits are always shown up front.