Verifying disbursement doesn't verify the program run actually picked a fair winner. The parts left out of your bullet points are what the other posters are discussing.
Here's how to do it: Let's say there are N parties who want to generate a random number between 0 and M-1. None of the N parties trust each other. Each party individually generates a random number r_1, r_2, ..., r_N and keeps it a secret. Each party generates a hash of this number plus a suitably large salt. These hashes are publicly announced so that everybody can see everybody else's hash. After this, the original random numbers r_1, ..., r_N are published. Add them together modulo M to get R, the resulting random number. All it takes is a single party to randomly generate their number to ensure that the result is random. For extra shits and giggles you can add in a Bitcoin block hash (provided that it's in an appropriate range in order to avoid bias).
Have a public drawing based on physical randomness, which is then videoed and broadcasted.
For example, a ball bouncing around a chamber, where the floor of the chamber is divided between contact pads representing different digits. Each time a ball bounces off a contact pad, add that pad's digit to a list, after X bounces concatenate the list to a seed value.
In a perfect world, with a perfect launching mechanism, you may be able to predetermine which pads the ball will land on and thus guess the seed value ahead of time. But the world isn't perfect. Just give the ball to a four year old who doesn't understand the meaning or consequences of the ball launch, and let the kid throw it into the box.
- Public source code program used to pick a random winner among public keys.
- Private key holder has access to the winnings.
- Govt takes their taxes before disbursing the funds.
- Everyone can verify funds were disbursed.
- Winner can stay anonymous.