The importance of yielding randomness on blockchains
Exploring the need for trustless decentralized digital randomness.
In the physical world, it’s easy to achieve randomness because nature by itself is so random. But in the digital world, things are a little different and usually require some form of human-induced randomness to produce the desired result.
The Random Number Generator (RNG) is such a piece of software or hardware that is used in computing to generate random numbers. This tool seeks to achieve fairness in applications whose core functionality relies on the generation of random numbers. A few examples include games and lotteries.
Blockchains, in particular, share a unique relationship with this type of technology since the blockchain is built on the idea of fair distribution of opportunities on a decentralized framework. From the blossoming decentralized applications (dApps) on Ethereum to the on-chain NFT blind boxes that are growing popular by the day, RNGs are a must-have for achieving unbiased random inputs that improve credibility and user experience.
The challenge of producing trustless randomness
However, producing artificial random, secure, and robust numbers capable of being applied to situations that require unique and trustless randomness on decentralized networks is easier said than done.
While there are several methods of producing randomness both in the physical world as well as in cyberspace, the quality of randomness achieved is mostly categorized into two kinds i.e. truly random outcomes and pseudo-random outcomes.
Truly random numbers (TRN) leverage physical real-world processes. These random number generators are often based on microscopic events that generate low-level random pulse signals. This makes the use of TRNs impractical on blockchains as it is difficult to deploy these microscopic events into the code of a decentralized network.
Pseudo-random numbers (PRN), on the other hand, are generated using mathematical algorithms such as the public keyed hash message authentication code (HMAC) as well as threshold signature.
Overall, an ideal random number generator on a decentralized framework should have the following fundamental properties:
Random uniqueness
The output of an RNG should be unpredictable, unique, and independent between each output. Otherwise, attackers can carefully choose the random numbers and exploit the system. Simply put, this means that after producing โoutput A,โ the production of the following โoutput Bโ should depend only on the probability of its occurrence (B), not on previous outputs (A) or future ones (C, D, E..). On a decentralized framework, this level of uniqueness should be applied to the whole set of random number generating nodes and not just a part of the nodes in the network.
Non-interactives
On the blockchain, generating random numbers in a decentralized way is possible. The communication overhead will, however, become a limitation or a “single point of failure” for the entire system. An RNG algorithm needs to eliminate the output of a โTrapdoor Functionโ which allows secret discoverability with the right input. Overall, non-interactive RNGs ensure zero exportability thus achieving a secure one-way communication for each RNG node.
Availability
The consistent availability of base RNG services is important for decentralized networks. However, the uptime of current decentralized system nodes is unpredictable. Therefore, the RNG algorithm should provide availability based on unpredictable nodes. For instance, methods like threshold signature or multi-signatures work better in decentralized systems with more than half of the required nodes available at any given time. This proportion ranges from 50% to 90%. If you have a system that has less than half of the nodes available, it is important to create more alternative paths if some nodes are unreachable. For instance, if there are 5 required signatures, 3 backups should be used as well. However, any method of resiliency will depend on the availability of RNG nodes in the network.
Threshold BLS Signature: is it a viable solution?
The threshold BLS (Boneh Lyn Shacham) signature is a cryptographic digital signature scheme that is a game-changer for any decentralized network. This digital signature scheme can generate randomness without relying on TRN generators plus it compares favorably with other algorithms, such as the popular ECDSA.
BLS threshold signatures are considered to be faster and scalable hence the move by Ethereum 2.0 developers to switch to the BLS12-381 standard as the network’s primary signature scheme. The application of a BLS threshold signature standard will enable BLS-based applications to run on Ethereum.
Whatโs more, the threshold version of BLS signatures is robust on decentralized systems allowing at most half the group nodes on a decentralized network to be responsible for generating randomness. This enables a sufficient number of participating nodes thus allowing consistent availability of RNG nodes as well as network security.
Possible Existing solutions
One of the best existing implementations of the threshold BLS signature is ARPAโs RNG architecture. Not only does it allow anyone to run an RNG computational node on a decentralized network, but it also goes the extra mile to ensure verifiable computation even under malicious majority conditions on a network. Protocols need to meet all the three required features of a trustworthy, dynamic, and decentralized Random Number Generator as it is capable of learning over time to improve outcomes.