Technical Whitepaper

Version 1.0

Epinikia Foundation

Canton of Zug · Switzerland

Epinikia (ἐπινίκια) — Ancient Greek: victory odes composed to celebrate athletic champions. We build the game where every participant earns their ode.

Abstract

Epinikia Game is a provably fair, on-chain lottery ecosystem engineered for mass adoption. It eliminates the two structural barriers that have historically prevented mainstream users from participating in blockchain-native applications: wallet complexity and trust in randomness.

Through a Gmail-authenticated identity layer, an embedded custodial-free wallet, and a cryptographic commit-reveal draw mechanism anchored on-chain, Epinikia delivers a verifiable gaming experience that is simultaneously as accessible as a traditional lottery website and as transparent as a public ledger.

At the center of the Game sits $EPI, a native utility token that powers every dimension of participation — ticket fees, staking, reward distribution, game governance, and cross-game economies. A perpetual points engine ensures that every interaction with the Game is rewarded throughout the entire lifecycle of the ecosystem.

Introduction & Vision

The Problem with Existing Lotteries

Traditional lotteries operate as black boxes. Players purchase tickets and trust an opaque entity to draw winning numbers fairly. The mechanism is unauditable by design: the lottery operator holds exclusive knowledge of the draw process, making independent verification impossible.

Blockchain-native gaming applications have attempted to address this, but have consistently failed at adoption. The barriers are structural:

✗

Wallet friction

New users must acquire cryptocurrency, manage private keys, and understand blockchain mechanics before placing their first bet. This eliminates the non-technical majority from participation.

✗

UX complexity

Web3 gaming interfaces require multiple transaction approvals, gas fee awareness, and wallet connectivity flows that are foreign to 99% of internet users.

✗

Trust without transparency

Even on-chain randomness using VRFs or oracles introduces trusted third parties. A truly provably fair system must rely on no external randomness oracle.

✗

Siloed ecosystems

Existing on-chain games operate in isolation. There is no cross-game economy, no cumulative reward for long-term engagement, and no token that ties the player's journey together.

The Epinikia Solution

Epinikia Game is designed as a vertical layer stack that abstracts all blockchain complexity away from the end user while preserving full on-chain verifiability for those who wish to audit it.

The Eight Pillars

Pillar I

Web2–Blockchain Bridge

Dual-state architecture: real-time relational DB + on-chain anchoring for draw integrity.

Pillar II

Gmail Authentication

Google OAuth 2.0 with RS256 JWT and hashed rolling refresh tokens — zero wallet friction.

Pillar III

Embedded Custodial-Free Wallet

BIP-39 key derivation, client-side AES-256-GCM encryption. Server never holds private keys.

Pillar IV

$EPI — Game Token

Unifying economic layer: ticket fees, staking, rewards, governance, and airdrop settlement.

Pillar V

Provably Fair Draw Mechanism

On-chain SHA-256 commit-reveal. Winning numbers are a deterministic function of a pre-committed seed.

Pillar VI

Perpetual Points Engine

Permanent rewards for every interaction: tickets, logins, social, referrals, badges, tiers.

Pillar VII

Social Amplification Layer

Twitter integration, referral propagation, and streak tracking — community growth as individual reward.

Pillar VIII

Tiered Gamification

Five-tier progression with concrete benefits: ticket limits, points multipliers, exclusive rewards.

Pillar I — The Web2–Blockchain Bridge

The bridge layer maintains a dual-state architecture: a high-performance relational database serves all real-time UI operations (ticket listings, user stats, leaderboards), while selected critical operations — draw commitments, seed reveals, and prize computations — are anchored on-chain to provide immutable proof of integrity.

ARCHITECTURE LAYERS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Presentation    Next.js 14 · TypeScript · TailwindCSS
                React Query (server state) · Zustand (client)

API Gateway     REST (Express) · JWT RS256 · Rate Limiting
                Request validation (Zod) · Audit logging

Business Logic  Draw management · Ticket processing
                Prize computation · Points emission

Crypto Engine   CSPRNG seed generation · Commit-Reveal
                SHA-256 hashing · AES-256-GCM encryption

Data Layer      PostgreSQL (RLS) · On-Chain Anchor
                Immutable audit log · Materialized views

Row-Level Security policies are enforced at the infrastructure level — data isolation is a database-level guarantee, not an application-level assumption. All admin operations generate immutable audit log entries with full change diffs.

Pillar II — Mass-Adoption via Gmail Authentication

Google OAuth 2.0 with RS256 JWT signing eliminates all Web3 onboarding friction. The Game persists only the Google sub identifier alongside standard profile data. No OAuth tokens are stored.

SESSION SECURITY ARCHITECTURE
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
ACCESS TOKEN
  Algorithm:   RS256
  Expiry:      15 minutes
  Payload:     { sub: uuid, role, email, iat, exp }
  Key:         RSA private key (rotated quarterly)

REFRESH TOKEN
  Format:      Opaque random string
  Expiry:      30 days (rolling)
  Storage:     SHA-256 hash only — plaintext NEVER persisted
  Revocation:  Immediate, per-device
  Rotation:    Every use (prevents replay attacks)

Pillar III — The Custodial-Free Embedded Wallet

Every user receives an embedded wallet at account creation. Private keys are derived client-side using BIP-39 and encrypted with AES-256-GCM before any storage. The server never holds or transmits private keys.

Zero-Cost Participation: Gas fees are abstracted via sponsored transactions during Alpha and Beta. Users never need native blockchain tokens to participate — $EPI is the only token they need to be aware of.

Pillar IV — $EPI — The Game's Central Nervous System

$EPI is the economic connective tissue binding every game mechanic into a coherent system. Every value flow touches $EPI.

TICKET FEE DISTRIBUTION
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Prize Pool      ████████████████████  ~60%
Treasury        ████████              ~20%
Staking Pool    █████                 ~12%
Burn            ██                     ~5%
Foundation      ██                     ~3%
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Parameters are governance-adjustable with timelocks

Pillar V — The Provably Fair On-Chain Draw Mechanism

The commit-reveal scheme is the Game's core technical innovation. It makes fair draws a mathematical proof, not a trust assumption.

PHASE 1 — COMMIT  (before draw opens)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Game generates random entropy seed S
Computes: H = SHA-256(S)
Encrypts S: AES-256-GCM → (ciphertext, IV, AuthTag)
Records on-chain: { draw_id, commit_hash: H }

PHASE 2 — TICKET SUBMISSION
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Users submit number selections
Each ticket anchored: { user_id, draw_id, numbers[] }
Game CANNOT modify H (immutably committed)

PHASE 3 — REVEAL  (after deadline_ts)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Game reveals S
Any auditor verifies: SHA-256(S) == H  ✓
Winning numbers = DeterministicDraw(S, game_config)
Result anchored on-chain: { draw_id, seed: S, numbers[] }

KEY PROPERTY: S is committed before tickets open.
The Game cannot select S after observing tickets
without breaking SHA-256 preimage resistance.

Pillar VI — The Perpetual Points & Reward Engine

The Points engine rewards every meaningful interaction with the Game, permanently. It is a deferred $EPI claim mechanism — Points are the receipt for engagement, convertible to $EPI at each airdrop event.

POINTS EMISSION SOURCES
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
SOURCE           TRIGGER                        TYPE
welcome          First login                    One-time
daily_login      Login after 24h gap            Recurring
ticket           Valid ticket submission         Per-ticket
referral_bonus   Being referred                 One-time
referral         Referred user completes action Per-referral
tweet            Approved tweet                 Daily
tweet_streak     N consecutive tweet days       Milestone
badge            Badge unlock                   Per-badge
tier             Tier advancement               Per-tier

Pillar VII — Social Amplification Layer

The social layer converts community growth into individual reward. Referral codes are auto-generated at account creation. The referral chain survives OAuth redirects via sessionStorage persistence. Self-referral is prevented at the database constraint level. Tweet verification validates author identity, hashtag presence, mention inclusion, and uniqueness against a tweet_id unique constraint.

Pillar VIII — Tiered Progression & Gamification

Tier	Points	Max Tickets/Draw	Points Bonus
New	0	1	—
Active	500	2	+5%
Veteran	2,500	3	+10%
Champion	10,000	5	+15%
Legend	50,000	10	+25%

Game Architecture

The data model is organized into four logical domains:

Core Domain

001_initial_schema.sql

users, refresh_tokens, audit_logs, game_configs, draws, tickets

Gamification Domain

002_gamification.sql

points_transactions, badge_definitions, user_badges, tier_definitions, user_tiers, leaderboard_snapshots

Social Domain

003_social.sql

twitter_accounts, tweet_submissions, tweet_streaks, referral_codes, referrals, social_shares

All tables implement: UUID primary keys, Row-Level Security policies, updated_at triggers, comprehensive index strategies, and foreign key constraints with appropriate cascade behaviors.

Game Catalogue

Alpha — Megale

MEGALE
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Main numbers:  Pick 5 from 1–41
Bonus:         Pick 1 from 1–9
Prize tiers:   5+1 (Jackpot) · 5+0 · 4+1 · 4+0
               3+1 · 3+0 · 2+1 · 2+0

Beta — Ploutos & Agon

PLOUTOS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Main numbers:  Pick 6 from 1–45
Bonus:         None
Prize tiers:   6 (Jackpot) · 5 · 4 · 3

AGON
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Format:        Head-to-head tournament brackets
Mechanic:      Players compete within prize pools
               Bracket structure with defined entry windows

Full Launch — Expanded Catalogue (10+ Games)

Game	Format	Theme
Lucrum	Pick-based	Wealth accumulation with multipliers
Praemium	Prize ladder	Sequential prize revelation, risk/reward decisions
Labyrin	Path-selection	Multi-stage branching prize paths
Dignitas	Reputation-weighted	Social standing influences ticket weight
Fortuna	Daily micro-draws	High-frequency, low-barrier daily lottery
Olympus	Seasonal mega-draw	Quarterly event with outsized prize pools
Arete	Skill-component	Random draws with knowledge challenges
Kronos	Time-locked	Progressive prize growing until won
Nexus	Cross-game	Prize pools aggregating across simultaneous draws
Phaedra	Community-funded	Prize pool funded by community staking

Tokenomics

$EPI has a fixed maximum supply, established at genesis. No minting beyond the initial allocation is possible after the genesis transaction.

$EPI TOKEN ALLOCATION
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
35% ████████████████████████████████████  Foundation Reserve
35% ████████████████████████████████████  Community Airdrop
12% ████████████                          Team
 8% ████████                              Staking Rewards
 5% █████                                 Liquidity Pool
 5% █████                                 Strategic Resources

Community Airdrop (35%) — Points → $EPI

The community airdrop is distributed exclusively based on accumulated Points. This prevents whale acquisition and ensures $EPI flows to the people who actually built the community.

AIRDROP PHASES
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Phase 1  Alpha → Beta transition
         Early adopters, Alpha testers, founding community
         Snapshot: Points accumulated during Alpha

Phase 2  Beta → Launch transition
         Beta participants, feature testers, community builders
         Snapshot: Delta points since Phase 1

Phase 3  Post-Launch, Year 1
         Active game participants, stakers, ambassadors
         Snapshot: Rolling 6-month points window

Phase 4+ Ongoing, multi-year (semi-annual, governance-voted)
         Long-term users, continuous engagement

Team Vesting Schedule (12%)

TEAM VESTING
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
5%   Available at TGE
     (operational liquidity)

5%   Released at 12 months post-TGE
     Milestone: successful Beta launch

2%   Released at 24 months post-TGE
     Milestone: full game catalogue launch
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
95% locked ≥ 1 year · Multi-sig (3-of-5)

Security Model

⚠ Draw Manipulation

✓ Commit-reveal scheme. Seed S is committed as H = SHA-256(S) on-chain before ticket submission. Changing S after observing tickets requires breaking SHA-256 preimage resistance — computationally infeasible.

⚠ Ticket Forgery

✓ deadline_ts enforced at DB and smart contract levels simultaneously. UNIQUE(user_id, draw_id) constraint prevents duplicate injection. All submissions immutably timestamped.

⚠ Authentication Bypass

✓ RS256 JWT with rotating keys, SHA-256 hashed refresh tokens (plaintext never persisted), device-specific session revocation, and Row-Level Security at the database infrastructure level.

⚠ Points Manipulation

✓ All points_transactions are INSERT-only. Each source is uniquely constrained: tweet_id (unique), referral (unique per pair), badge (unique per user). Multi-account detection via IP + device fingerprint + behavioral analysis.

⚠ Smart Contract Exploits

✓ External security audits before mainnet deployment. Time-locked contracts with multi-sig withdrawal. Emergency pause functions with 24-hour timelocks.

Governance

GOVERNANCE PARAMETERS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Voting weight:  1 $EPI staked = 1 vote
Quorum:         5% (minor) · 10% (standard) · 25% (critical)
Timelock:       48h (standard) · 7 days (critical)
Foundation veto: Revocable by community vote after Year 2

TRANSITION SCHEDULE
Year 1: Foundation authority + governance advisory
Year 2: Fee params + game approvals via mandatory vote
Year 3: Full DAO transition, Foundation retains security veto
Year 4+: Community-governed game

Roadmap

Phase 0 — Foundation

✓ Completed

›Game architecture & database schema design
›Security model definition
›Smart contract architecture planning
›Swiss Foundation legal structure
›Whitepaper publication

Phase 1 — Alpha

⚡ Active

›Google OAuth authentication + embedded wallet pre-provisioning
›Megale draw engine (full commit-reveal cycle)
›Points, badge, and tier systems
›Referral system with sessionStorage resilience
›Twitter integration (account link + tweet submission)
›Leaderboard (real-time materialized view)
›Admin panel (draw management, audit log viewer)
›Legal framework (Terms of Service, Legal Mentions)
›Invite-only access via referral codes — free ticket claims

Phase 2 — Beta

Planned

›$EPI token deployment (testnet → mainnet)
›Ticket pricing in $EPI — Megale, Ploutos, Agon live
›Staking contract deployment
›Phase 1 airdrop event
›Mobile application (iOS + Android)
›Public API (read-only, third-party draw verification)
›DEX liquidity integration
›Security audit publication

Phase 3 — Full Launch

Planned

›Lucrum, Praemium, Labyrin, Dignitas, Fortuna launch
›Olympus quarterly mega-draw
›Nexus cross-game pool mechanics
›Governance contract deployment
›Full wallet self-custody export
›Multi-language platform (EN, FR, DE, ES, PT, JA, ZH)
›Phase 2 airdrop event

Phase 4 — Ecosystem Expansion

Planned

›Arete, Kronos, Phaedra and remaining games
›Open game creation framework (third-party integrations)
›Full DAO governance transition
›Cross-chain compatibility
›Semi-annual airdrop cadence established

Legal & Compliance

All operations are governed by Swiss law (Canton of Zug). $EPI is classified as a utility token under FINMA guidelines — not a security, payment token, or asset token.

Governing Law

Swiss Federal Law · Canton of Zug courts

Token Classification

Utility token (FINMA guidelines)

Gaming Compliance

Swiss Federal Act on Gambling (BGS)

Data Protection

nFADP (CH) + GDPR (EEA residents)

KYC/AML

Required for prize claims above threshold

Jurisdiction exclusivity

Canton of Zug courts, class action waived

Conclusion

Epinikia Game is built on a simple premise: the most transformative on-chain applications are those that feel like nothing more than a great product.

The eight architectural pillars are not independent features — they are a single integrated system where the bridge layer makes participation frictionless, Gmail auth converts any Google user into a participant, the embedded wallet prepares every user for the Web3 economy without requiring them to engage with it today, $EPI ties every game and interaction into a coherent economic system, the commit-reveal mechanism makes fairness not a promise but a mathematical proof, the points engine ensures that every user who participates in the ecosystem's growth is rewarded for it permanently, the social layer converts community into capital, and the tier system creates long-term retention without coercion.

The result is a game that scales from zero to mass adoption without ever asking its users to trust it — because it can prove it.

We build the victory odes. You claim them.

Legal Disclaimer: This whitepaper is a technical and conceptual document. It does not constitute financial advice, an offer of securities, or a solicitation to purchase tokens. $EPI is a utility token. All technical parameters described herein are subject to change prior to deployment and will be finalized in subsequent technical specification documents. Participation in the Game is subject to the Terms of Service and applicable law.

Epinikia Foundation · Canton of Zug · Switzerland

legal@epinikia.io