On-Chain Randomness

A two-phase protocol where a participant first submits a commitment (a hash of their secret random number) and later reveals the original number. This prevents participants from changing their input after seeing others' commitments.

• Process: 1. Commit (hash of seed). 2. Reveal (original seed). 3. Final random number is derived from all revealed seeds.
• Use Case: Common in early blockchain games and decentralized lotteries to ensure no last-second cheating.

Utilizing inherently unpredictable future blockchain state as a randomness source. Common sources include:

• Block Hash: The hash of a future block (e.g., blockhash(blockNumber + 1)).
• Timestamp: The miner-defined block timestamp.
• Risk: These can be manipulated by miners/validators to a degree, making them unsuitable for high-value applications without additional safeguards.

A core security requirement where no single entity (user, miner, validator, oracle) can control or predict the random outcome to gain an advantage. Solutions include:

• Multi-party computation: Distributing trust across many nodes.
• Economic staking/slashing: Penalizing malicious actors.
• Delay functions: Introducing a time buffer between commitment and reveal. Failure here directly compromises application fairness.

The guarantee that a random number will be generated and become available within a known timeframe, even if some participants are offline or act maliciously.

• Liveness Risk: A protocol stalling if a required participant fails to reveal their commitment.
• Solution: Designs often incorporate threshold schemes or oracle fallbacks to ensure the system progresses and the random value is finalized.

Different use cases demand different randomness properties:

• Gaming/NFTs: Need unpredictability and fairness for minting or match outcomes.
• Governance: Requires unbiasable selection for jury duty or committee assignment.
• Security: High-entropy randomness for generating private keys or shuffling validator sets.
• Scalability: Low-cost, high-throughput RNG for frequent, low-stakes events.

A two-phase protocol where participants first submit a commitment (a hash of their chosen random number and a secret). Later, they reveal the original number and secret. The final random value is derived from all revealed inputs.

• Prevents Front-running: The initial commitment hides the participant's choice.
• Drawback: Requires multiple rounds and participant cooperation, which can be slow and vulnerable to stalling if a participant refuses to reveal.

A decentralized randomness beacon where participants collectively generate a random number by each submitting a number in sequence. The final output is the XOR or hash of all contributions.

• Mechanism: Each participant's submission is mixed with the previous state, making the result unpredictable until the last contribution.
• Incentive Model: Participants are economically incentivized (or penalized) to participate honestly. Used by Ethereum's beacon chain for committee assignments.

A group of nodes collaboratively generates a single signature, which is then used as a source of randomness. The random value is derived from the signature itself.

• Security: Requires a threshold (e.g., 2/3) of participants to collaborate, preventing any single node from controlling the output.
• Efficiency: Produces randomness in a single round, making it faster than commit-reveal. Used by protocols like Dfinity's Internet Computer.

Uses a future or past block hash (e.g., blockhash(blockNumber)) as a source of randomness. This was a common early method but is now considered insecure for high-value applications.

• Vulnerability: Miners/validators have limited influence over the block hash and can potentially withhold blocks to manipulate outcomes favorable to them.
• Legacy Use: Still found in simple or older contracts, but modern dApps avoid it for critical randomness.

A commit-reveal scheme is a two-phase protocol where a participant first publishes a cryptographic commitment (hash) to a secret value, and later reveals the original value. This prevents participants from changing their submitted random number after seeing others' submissions.

• Phase 1 (Commit): Users submit hash(secret, randomNumber).
• Phase 2 (Reveal): Users reveal the original secret and randomNumber for verification.
• Application: Used in early blockchain lotteries and multi-party randomness generation to ensure no last-mover advantage.

RANDAO is a decentralized randomness generation mechanism used in Ethereum's consensus layer. It works by having validators commit hashes of random numbers in one epoch and then revealing them in the next, combining all reveals to create a final random seed.

• Process: The final seed is the XOR or hash of all revealed values.
• Security Model: It is biasable if the last revealer knows all other values, but this is mitigated in practice by combining it with VDFs.
• Primary Use: Generating the randomness for assigning block proposers and committee duties in Ethereum's proof-of-stake.

A Verifiable Delay Function (VDF) is a function that requires a prescribed amount of sequential computation to evaluate, but whose output can be verified quickly. In randomness systems, it is used to prevent last-revealer manipulation.

• Core Property: Creates a time delay that is impossible to parallelize.
• Application: Used to post-process an initial random seed (e.g., from RANDAO). The delay ensures no one can predict or influence the final output after the initial commitment phase ends, guaranteeing unpredictability.

In cryptographic randomness, entropy refers to the measure of unpredictability or randomness in a system. A seed is a initial value, often derived from high-entropy sources, used to initialize a pseudorandom number generator (PRNG).

• Entropy Sources: Can include block hashes, timestamps, oracle data, or user inputs.
• Critical Role: The security of the entire randomness chain depends on the unpredictability and secrecy of the initial seed.
• On-Chain Challenge: Finding a reliable, manipulation-resistant source of entropy on a public, deterministic blockchain is the fundamental problem these mechanisms solve.