🛡️ ANTI-CHEAT SYSTEM

RNG Exploits Are Mathematically Impossible

ZPL runs on the server. Players receive results, never the algorithm. No seed to predict, no client-side state to manipulate, no bias injection that survives the 8N+3 theorem.

Try Live Demos ← Gaming Use Cases

client-side RNG exposed to players

8N+3

theorem makes seed prediction impossible

100%

server-authoritative — no replay attacks

AIN

score verifies no bias per outcome

The Exploit Landscape

Why Traditional RNG Gets Hacked

Client-side RNG, predictable seeds, and stateful sequences are the root cause of most RNG exploits in games. ZPL eliminates all three attack vectors structurally.

Traditional RNG

Seed prediction — Math.random() and seeded PRNGs expose deterministic sequences cheaters can reverse-engineer

Client-side execution — RNG running in the client can be intercepted, modified, or replayed by memory editors

Sequence exploitation — stateful RNG allows "save-scumming": reloading to get desired outcomes

Bias injection — modified clients can skew input distributions to influence loot drop rates

No auditability — impossible to prove to players or regulators that outcomes were fair

ZPL Anti-Cheat

Server-only execution — the ZPL engine never runs on the client; players send requests, receive results

Stateless per call — every /compute call is independent; no sequence to predict or replay

Bias-resistant — 8N+3 theorem: even 99% biased input produces ~50% output at N≥16

AIN audit trail — every outcome has a cryptographic neutrality score for dispute resolution

Algorithm protected — ZPL is a black box API; no source code to decompile or reverse

Attack Vectors Eliminated

Six Cheat Types ZPL Blocks by Design

🔮

Seed Prediction

Cheaters extract or guess the PRNG seed and pre-compute all future rolls. ZPL has no seed — each call is a fresh matrix computation.

STRUCTURALLY IMPOSSIBLE

💾

Save Scumming

Players reload saves to re-roll outcomes until favorable. ZPL calls are server-generated per unique request — reloading cannot replay.

NO STATE TO REPLAY

🧬

Memory Injection

Cheat engines modify memory to change RNG output or loot tier thresholds. ZPL output comes from the server — client memory is irrelevant.

SERVER-AUTHORITATIVE

📡

Packet Manipulation

Man-in-the-middle attacks modify server responses to inflate item tiers. ZPL responses include AIN score and matrix signature for validation.

SIGNED RESPONSES

📊

Bias Injection

Modified clients send skewed inputs trying to influence outcomes. The 8N+3 theorem ensures any input distribution maps to ~50% output.

8N+3 THEOREM

🤖

Bot Farming Exploits

Bots exploit timing patterns in deterministic RNG to optimize loot per hour. ZPL outputs are statistically uniform — no pattern to optimize.

NO PREDICTABLE PATTERN

Live Simulation

Client Attack vs ZPL Server

Cheat Attempt Simulator

Watch a simulated cheat client try to predict/manipulate ZPL loot outcomes — and fail every time.

⚔️ Cheat Client Log

// Waiting for simulation...

🛡️ ZPL Server Log

// Waiting for simulation...

Architecture

How ZPL Server Auth Works

ZPL replaces client-side RNG with a server-authoritative call pattern. The client only ever sees results — never the engine.

Client Action

Player opens chest, triggers combat, or requests loot. Client sends event to your game server.

Server Calls ZPL

Your game server calls POST /compute with N and bias parameters. ZPL runs on Render servers.

ZPL Returns p + AIN

ZPL returns a probability value p (0–1) and AIN score. Your server maps p to the outcome.

Client Gets Result

Only the outcome (item, damage, drop) reaches the client. Algorithm is never exposed.

Comparison

ZPL vs Traditional Anti-Cheat RNG

Feature	Math.random()	Seeded PRNG	Hardware RNG	ZPL
Server-authoritative	Optional	Optional	Optional	Always
Seed prediction possible	Yes	Yes	No	No seed exists
Bias injection resistant	No	No	Yes	Yes (8N+3)
Auditable per outcome	No	No	No	AIN score
Stateless (no replay)	No	No	Yes	Yes
Algorithm exposed	Open standard	Open standard	Hardware	Black box API
Dispute resolution	No	No	No	AIN audit trail

Integration

Add ZPL Anti-Cheat in 10 Minutes

Replace client-side RNG with a single server-side API call. Works with any game engine or backend language.

Python — Server-Side Loot Drop (Flask/FastAPI)

import requests

ZPL_API = "/api"
HEADERS = {"Authorization": "Bearer YOUR_API_KEY"}

LOOT_TABLE = [
    (0.60, "Common"),
    (0.25, "Uncommon"),
    (0.10, "Rare"),
    (0.04, "Epic"),
    (0.01, "Legendary"),
]

def roll_loot(chest_level: int) -> str:
    # N scales with chest tier — higher N = more precision
    n = 9 + chest_level * 4

    resp = requests.post(f"{ZPL_API}/compute",
        headers=HEADERS,
        json={"N": n, "bias": 0.5, "samples": 1}
    )
    p = resp.json()["p"]  # server-generated, client never sees this

    # Map probability to loot tier
    cumulative = 0
    for threshold, rarity in LOOT_TABLE:
        cumulative += threshold
        if p <= cumulative:
            return rarity
    return "Common"

# Called by your game server, never the client
result = roll_loot(chest_level=3)
print(f"Loot: {result}")  # "Rare" — determined server-side

Unity C# — Server-Authoritative Combat

// ZPLCombat.cs — all dice rolls handled server-side via ZPL
public class ZPLCombat : MonoBehaviour
{
    private const string ZPL_API = "/api/compute";

    public IEnumerator ResolveAttack(CombatData data, Action<CombatResult> callback)
    {
        var payload = new { N = 9, bias = 0.5f, samples = 3 };
        string json = JsonUtility.ToJson(payload);

        using var req = new UnityWebRequest(ZPL_API, "POST");
        req.uploadHandler = new UploadHandlerRaw(Encoding.UTF8.GetBytes(json));
        req.downloadHandler = new DownloadHandlerBuffer();
        req.SetRequestHeader("Authorization", $"Bearer {ApiKey}");

        yield return req.SendWebRequest();

        var result = JsonUtility.FromJson<ZPLResponse>(req.downloadHandler.text);
        bool hit = result.p > 0.5f;     // hit or miss
        bool crit = result.p > 0.9f;    // critical hit threshold

        callback(new CombatResult { Hit = hit, Critical = crit, AIN = result.ain });
    }
}

Supported Game Systems

Every Randomized System, Cheat-Proofed

🎁 Loot Drops

Every chest, mob drop, and reward is determined by a server-side ZPL call. Players cannot predict or manipulate item tiers.

POST /compute → p → loot tier

⚔️ Combat Resolution

Hit/miss, critical hits, dodge chance — all resolved server-side. Memory editors cannot change the outcome after the call.

POST /compute → hit/crit/dodge

✨ Gacha / Summon

Rate-up banners and pity counters backed by ZPL. Stated rates are mathematically enforceable — no manipulation possible.

POST /compute → rarity tier

🏎️ Race / Event Outcomes

Speed ticks, race events, and leaderboard shuffles run through ZPL. No client can predict or pre-compute the outcome.

POST /compute → speed delta

🗺️ Procedural Generation

Map seeds, dungeon layouts, and NPC spawns generated via ZPL sweep. Reproducible for the same zone, random between sessions.

POST /sweep → zone layout

👥 Matchmaking

Team assignment and bracket seeding done via ZPL binary matrix — balanced by ELO and provably fair across all participants.

POST /compute → team split

Make Your Game Cheat-Proof

Replace client-side RNG with ZPL's server-authoritative engine. Free tier includes 1,000 /compute calls/month.

Get API Access Try Live Demos → All Gaming Use Cases