Drand

Drand uses threshold BLS signatures to generate randomness. A group of nodes (the drand network) collectively generates a shared public key. To produce a random beacon, a threshold of participants (e.g., 50% + 1) must collaborate to create a single, aggregated signature on a known message (like a round number). This signature is the random value. This ensures no single party controls the output, and the system remains operational even if some nodes fail or are malicious.

Anyone can cryptographically verify that a random beacon was correctly generated by the drand network without trusting any participant. This is achieved through verifiable random functions (VRFs) and the network's public key. Given a beacon value and its associated proof, a verifier can check it against the public parameters. This property is essential for blockchain applications like leader election or lotteries, where participants need proof the result was not manipulated.

Drand's randomness is unpredictable before its publication time and unbiased. Unpredictability is guaranteed because the beacon is generated via a distributed process requiring secret shares from multiple nodes; no entity knows the final signature in advance. Bias resistance is ensured by the cryptographic properties of the BLS signature scheme, which produces output uniformly distributed in its range. This makes it suitable for high-stakes applications like cryptographic lotteries or sharding.

The drand network is run by a decentralized set of independent entities, often from universities, non-profits, and tech companies (e.g., Cloudflare, Protocol Labs, universities). This distribution of trust prevents any single point of failure or control. Nodes run the drand software, participate in the distributed key generation ceremony, and collaborate to produce beacons. The network's configuration (group size, threshold, round time) is public and verifiable.

Drand produces randomness in regular, time-locked intervals called rounds. Each round (e.g., every 30 seconds) generates a new random value. The process is deterministic: given the same starting conditions (the distributed key and round number), the network will always produce the same beacon. This allows applications to fetch or verify randomness from a specific point in time, which is crucial for replayable or time-sensitive protocols like blockchain consensus.

Drand is primarily used as a public randomness beacon for blockchain and Web3 systems. Key integrations include:

• Filecoin & Ethereum 2.0: For leader election in consensus.
• LOTTERY & Gaming Protocols: As a verifiable random number generator (RNG).
• Sharding & Committee Selection: To assign nodes to committees fairly.
• Any application requiring a common, unbiased random seed that no party can manipulate. It is accessed via HTTP API or through client libraries.

Optimistic and ZK Rollups utilize Drand for secure and verifiable randomness in their fraud proof and validity proof systems. Key use cases include:

• Randomized sampling for fraud proof challenges in Optimistic Rollups.
• Selecting validators or sequencers in a fair, unpredictable manner.
• Generating random parameters for zero-knowledge proof setups, ensuring trustless security.

NFT projects and blockchain games require provably fair randomness for features like:

• Randomized minting and trait generation for NFT collections.
• Loot box or reward distribution mechanisms.
• In-game event outcomes and matchmaking. Using Drand allows these applications to provide cryptographic proof that the randomness was not manipulated by the platform, building user trust and enabling on-chain verification.

Beyond randomness beacons, Drand's underlying threshold BLS signature scheme is used for distributed key generation (DKG) and threshold signing. This enables:

• Secure multi-party computation (MPC) setups.
• Distributed custody of private keys for wallets and oracles.
• The creation of t-of-n signature schemes where a threshold of participants must collaborate to produce a valid signature, enhancing security.

Cross-chain communication protocols and oracle networks integrate Drand to secure critical functions that require unbiased randomness. This includes:

• Selecting relayer committees for bridge operations.
• Randomized attestation groups within oracle networks like Chainlink's OCR.
• Providing a neutral, decentralized source of entropy that is independent of any single blockchain, preventing a common point of failure.

Drand's core security relies on threshold BLS signatures. A random beacon value is generated only when a threshold (e.g., 2/3) of nodes in the network sign a message. This ensures:

• Unpredictability: No single node or coalition below the threshold can predict or bias the output.
• Robustness: The network remains functional even if some nodes are offline or malicious.
• Verifiability: Anyone can verify the final signature against the network's public key.

The network has no single point of failure or control.

• No Leader: Randomness generation uses a round-robin or deterministic coordinator selection, preventing any single node from controlling the timing or content of the beacon.
• Independent Nodes: Operators are run by diverse, reputable entities (e.g., universities, nonprofits, cloud providers), reducing collusion risk.
• Network Churn: The protocol is designed to handle nodes joining and leaving without compromising security.

Drand is designed to be a publicly verifiable random function (VRF).

• Pre-commitment: Nodes commit to a share of the randomness before the actual random value is revealed, making it impossible to retroactively change the output.
• Bias Resistance: The cryptographic construction ensures the output is uniformly random and cannot be biased towards specific values, which is critical for applications like lotteries or leader election.
• Sequential Seeding: Each round's output is used to seed the next, creating a chain of randomness where predicting a future value requires breaking the cryptography of all prior rounds.

Every aspect of the randomness generation is transparent and auditable.

• Public Beacon: All randomness outputs and their cryptographic proofs are published and immutable.
• Anyone can verify: Users can cryptographically verify that a given random value was correctly generated by the drand network using its public key.
• Misbehavior Proofs: The protocol can produce cryptographic proofs if a node acts maliciously (e.g., signs two different values for the same round), allowing the network to slash or remove the faulty node.

Drand prioritizes safety (correctness/unpredictability) over liveness (always producing an output).

• Safety First: If the network cannot achieve the required threshold of honest signatures, it will not produce an output rather than produce a potentially compromised one.
• Byzantine Fault Tolerance: The network is designed to be secure (produce correct, unpredictable randomness) as long as fewer than the threshold fraction of nodes are Byzantine (malicious or faulty).
• Network Partitions: In a split network, each partition may produce its own beacon, but clients can detect this by verifying signatures against the known global public key.

Security also depends on how applications consume the drand beacon.

• Relay Oracles: Many blockchains access drand via oracle services (e.g., Chainlink). Users must trust the oracle's correct relay and the integrity of the on-chain verification code.
• Timing Attacks: Applications must correctly handle the round concept and potential delays between generation and on-chain availability.
• Entropy Mixing: For high-stakes applications, drand output is often used as a seed or mixed with other entropy sources to create defense-in-depth.

A random beacon is a trusted public source of randomness that emits a new, unpredictable value at regular intervals. Drand is a distributed random beacon. Its output is a cryptographically secure, unbiasable, and publicly verifiable random value. This beacon is consumed by other protocols (like Filecoin's consensus or Obol's Distributed Validator Technology) as a seed for leader election, shard assignment, or other processes requiring a common random source.

The League of Entropy is the initial, flagship consortium that operates the main Drand network. It is a public-good collective of diverse organizations (including Cloudflare, EPFL, and Protocol Labs) that each run a Drand node. Members commit to high availability and independent operation. The league demonstrates the decentralized trust model, where randomness is produced by a group with no single point of failure or control, in contrast to a single trusted entity.

Drand operates on a strict round-based protocol. Time is divided into discrete, fixed-length intervals (e.g., 30 seconds). Each round has a unique identifier (like a round number). All nodes synchronize to this clock. The randomness for a given round is generated from a hash of the previous round's signature and the current round number, creating an unpredictable and unbiasable chain of randomness. This ensures freshness and prevents pre-computation of future values.