Seems to me you can do better with a gaming server. If the gaming server servers RNGs in a sequence such that each sample in the sequence can be verified, they don't need to trust the server; or at least there is an audit function. Eg. say that the server publishes subsequent pre-images in a hashchain. h_0 h_{i+1} = h_i and the server computes h_i values up to i = 10^8 and then publishes them starting with h_{10^8}, h_{10^8-1}, ... Then anyone can verify that the random number is the preimage of the previous random number. You do something similar with a more efficient (log(n)) auditing function with merkle authentication trees. If they aren't doing this someone should clue them in. Adam