Correlated Randomness

A core cryptographic tool for generating correlated randomness. A Verifiable Random Function (VRF) produces a random output and a cryptographic proof that the output was correctly generated from a specific input and secret key. This allows the result to be publicly verified by anyone, ensuring unpredictability and public verifiability without revealing the secret.

• Key Property: The output appears random, even to the party who generated it, until the proof is published.
• Use Case: Used in blockchain consensus (e.g., Algorand's leader election) and on-chain lotteries.

A method to distribute the generation of correlated randomness across a group. In threshold cryptography, a secret (like a random number) is split into shares among n participants. The secret can only be reconstructed when a threshold number t of participants collaborate.

• Security: No single party or small coalition (less than t) can predict or control the final random value.
• Application: Essential for Distributed Key Generation (DKG) in validator committees for protocols like Drand, ensuring the beacon output is unbiased and resilient to malicious actors.

Public services that emit a continuous stream of verifiable, unpredictable random values at regular intervals. Beacons like Drand use threshold cryptography among a network of nodes to produce publicly verifiable, unbiasable randomness.

• Function: Provides a common, agreed-upon random seed for decentralized applications.
• Properties: Liveness (values are produced on schedule), Unpredictability, Public Verifiability.
• Example: Drand's beacon powers randomness for Filecoin's storage proof allocation and other Web3 protocols.

A two-phase protocol for generating fair random numbers in a decentralized setting where participants may act maliciously. In the commit phase, each participant publishes a cryptographic commitment (hash) to their secret random value. In the reveal phase, they later disclose the original value.

• Purpose: Prevents participants from changing their submitted random number after seeing others' submissions.
• Limitation: Vulnerable to last-revealer attacks and requires all participants to eventually reveal, which can cause delays.

Correlated randomness is critical for fairness in decentralized applications where outcomes must be random and provably fair.

• NFT Traits & Minting: Randomly assigning rarity traits to NFTs upon minting in a way that is verifiable and cannot be manipulated by the project team.
• Game Mechanics: Determining combat outcomes, loot drops, or matchmaking in blockchain-based games.
• Requirement: The randomness source must be tamper-proof and unpredictable to prevent exploits and ensure user trust.

Used within consensus mechanisms to select leaders, committees, or shards in a secure and unbiased manner.

• Leader Election: Protocols like Algorand use VRFs to secretly and randomly select the next block proposer, reducing attack surfaces.
• Shard Allocation: In sharded blockchains, validators are randomly assigned to shards using correlated randomness to prevent collusion.
• Security Goal: Ensures cryptographic sortition—the selection process is random, private until necessary, and verifiable after the fact.

A threshold signature scheme allows a group of N parties to collaboratively generate a single, valid digital signature, but only if a threshold T of them participate. The signature is correlated randomness because each party contributes a random share, and the final signature is a deterministic function of these shares.

• Decentralized Trust: No single party ever knows the full private key.
• Application: Used in distributed key generation (DKG) for validator sets in protocols like Dfinity's Internet Computer and various multi-sig wallets to produce a common, verifiable random beacon output.

A commit-reveal scheme is a two-phase protocol where parties first commit to a secret value (e.g., by publishing its hash) and later reveal the original value. The final correlated random value is typically a function (like XOR or addition) of all revealed secrets.

• Prevents Manipulation: The commitment phase locks in choices before the reveal, preventing last-second changes based on others' inputs.
• Limitation: Requires two rounds of communication and is vulnerable to block withholding if a participant refuses to reveal.
• Common Use: Found in early blockchain randomness beacons and simple on-chain games.

Secure Multi-Party Computation (MPC) protocols allow a group of parties to jointly compute a function (like generating a random number) over their private inputs without revealing those inputs. The final random output is correlated through the cryptographic computation.

• Information-Theoretic Security: Some MPC protocols provide security even against computationally unbounded adversaries.
• Process: Parties generate and secret-share random values, perform computations on shares, and then reconstruct the final result.
• Use Case: Underpins advanced threshold signature schemes and distributed random beacon constructions.

In Proof-of-Stake (PoS) blockchains, validator selection for block production is often a weighted lottery based on the size of a validator's stake. The randomness for this lottery must be unpredictable, unbiased, and verifiable to prevent manipulation.

• Correlation Mechanism: The random seed is typically derived from block hashes from previous blocks, combined with validator-specific data, creating a randomness chain.
• Challenges: Susceptible to grinding attacks where a validator influences future randomness. Solutions often incorporate VRFs (Algorand) or RANDAO / VDFs (Ethereum) to add resilience.

The fundamental risk is that if the randomness source is predictable or can be influenced by a subset of participants, it ceases to be random for the protocol. This can lead to:

• Front-running in DeFi lotteries or NFT mints.
• Validator manipulation in Proof-of-Stake leader election.
• Biased outcomes in on-chain gaming and gambling applications. The security of the entire application depends on the independence and unpredictability of each random number generated.

Several methods can lead to or exploit correlated randomness:

• Validator Collusion: In a blockchain using a random beacon, if a supermajority of validators collude, they can bias the output.
• Oracle Manipulation: Relying on a single, potentially compromisable off-chain oracle for randomness.
• Block Data Dependence: Using easily influenced on-chain data like block hash, timestamp, or gas price as a randomness source, which miners/validators can slightly manipulate.
• Sequential Submission: In commit-reveal schemes, if participants reveal in sequence, later players can adapt their reveals based on earlier ones.

A classic mitigation where participants first submit a cryptographic commitment (hash) to their secret random value, then later reveal it. Challenges include:

• High Latency: Requires two rounds of communication, unsuitable for fast applications.
• Liveness Issues: If a participant refuses to reveal, the protocol may stall, requiring complex timeout and slashing mechanisms.
• Last-Revealer Advantage: The last participant to reveal has full information before committing their own value, which can be mitigated by threshold cryptography or verifiable random functions (VRFs).

A cryptographic primitive that provides a gold standard for on-chain randomness. A VRF allows a prover to generate a random number and a cryptographic proof that it was generated correctly from a secret key and a public input. Key properties:

• Uniqueness & Unpredictability: The output is deterministic yet pseudorandom and cannot be predicted without the secret key.
• Public Verifiability: Anyone can verify the proof, ensuring the random number was generated honestly.
• Examples: Used by Algorand for leader election and Chainlink VRF for smart contract applications. The main challenge is secure key management for the VRF producer.

A random beacon is a continuously available source of public randomness. Decentralized beacons often use Distributed Key Generation (DKG) and threshold cryptography to eliminate single points of failure.

• Process: A group of participants collaboratively generates a shared public key and individual secret shares. Randomness is generated by aggregating signatures from a threshold of participants.
• Security: The random output is secure as long as fewer than the threshold are malicious (Byzantine fault tolerance).
• Challenges: Complex setup, significant on-chain computation for verification, and potential liveness vs. safety trade-offs. Used in protocols like Drand.

Beyond technical flaws, correlated randomness enables economic attacks:

• Bribing Attacks: An attacker can bribe validators or oracle nodes to bias randomness in a profitable application (e.g., a high-value NFT mint), making collusion rational.
• MEV Extraction: Predictable randomness can be exploited for Maximal Extractable Value (MEV) by bots front-running transactions.
• Solution Approaches: Combating these requires cryptoeconomic security—designing slashing penalties, staking requirements, and reward structures that make collusion economically irrational, often in combination with robust cryptographic schemes.

A commit-reveal scheme is a two-phase protocol where participants first commit to a secret value (e.g., by publishing its hash) and later reveal the original value. This prevents participants from changing their contribution after seeing others', which is crucial for generating fair correlated randomness in multi-party settings.

• Process: 1. Commit phase: Publish hash(secret, salt). 2. Reveal phase: Publish the secret and salt.
• Purpose: Mitigates last-revealer advantage in on-chain games and voting.

Distributed Key Generation (DKG) is a protocol by which a group of parties collaboratively generates a shared public key and a corresponding secret key that is distributed among them. No single party ever knows the complete secret key. DKG is the foundational setup phase for many threshold cryptography and correlated randomness systems, enabling secure multi-party computation.

• Output: A shared public key and individual secret key shares.
• Use Case: Establishing the committee for a randomness beacon or a threshold signature scheme.

Bias-resistant randomness refers to random values that cannot be manipulated or influenced by any participant, even if they try to deviate from the protocol. Achieving this in decentralized systems requires correlated randomness mechanisms that punish or eliminate the ability of adversaries to bias the final output. This property is non-negotiable for financial applications and leader election.

• Threat Model: Protects against adaptive adversaries and coalitions.
• Techniques: Use of cryptographic proofs, economic slashing, and threshold schemes.