Stream

    • decentralized

    Around the Spring Festival, we often see discussions in the community about the annual lottery procedure, among which the fairness of the lottery is the most discussed point. One might say that you can use random.org to pick a random number, and sure enough, the site guarantees random numbers, but if the browser accessing Random.org is on a computer, how do you prove that the number really came from Random.org? How can you be sure that everything from software to hardware, from operating system to network interface has not been tampered with?

    So we need a “verifiable” random number generation algorithm, that is, it should not run on a single device, but can run multiple times on different devices and always get the same result, in order to be convincing — everyone can check it on their own device.

    In fact, using the hash of the next block of Bitcoin or the closing price of the stock market as a random number is the simplest and most feasible way. This is not to say that Bitcoin (where miners can selectively submit blocks to influence random numbers) or the stock market cannot be manipulated, but that they are simply too large for our annual lottery to be cost-effective.

    So I want to know about before can use the knowledge of the decentralized and chain blocks, to achieve a decentralized, lucky draw program can check, is difficult to control, let the lucky draw program running in a distributed way on all participants in the equipment, there will be a backend server to help client to broadcast, but itself has no privilege, The client will check the random number generation process to ensure that no one cheated.

    There are already very mature random number generators on Ethereum (a blockchain similar to Bitcoin), which are implemented based on “two-stage commit”. In the first stage, each person creates a random number and broadcasts the hash of that random number. Then the participants before the second stage broadcast the plaintext of the random number, and then add the random numbers of all participants together to form a random number that cannot be manipulated by any means.

    The point of this algorithm is that in the first stage, everyone selects a number, but the hash of the number is broadcast, which means that you can’t know the number chosen by others, so you can’t construct a specific number to influence the result; In phase 2, the real numbers are broadcast, and everyone uses the previous hash to make sure the numbers are the same as in phase 1.

    I refined this algorithm, using React in the browser to implement the client, and using Node.js to implement a Websocket-based server to assist broadcasting. You can access the prototype at rollup.leanapp.cn (the source code and detailed algorithm are in jySPERM /rollup) and test it yourself by opening multiple browser Windows:

    What happens if someone makes a mess, such as broadcasting the wrong number in phase two or not broadcasting at all? On Ethereum this can result in financial penalties for participants. In our prototype, the only way we could do that was to sense the cheating and stop the drawing, and if someone tried to mess with it, the drawing would never be completed.

    Does that mean the prototype is unassailable? Is not, at present is to use a single backend for broadcasting, if this is the right backend selectively specific client broadcast some message, will lead to this particular client is isolated, and others have different lottery results, and the isolated client don’t prove whether the back-end without radio, or ignore the radio.

    A better design might be to broadcast in a true P2P manner, so that unless all the other participants band together to isolate some, the other participants can get the correct broadcast from the people who were never involved in the attack. True P2P, however, is impossible – you always need a node for service discovery, as well as the security of the communication channel, and current cryptography may guarantee that messages will not be tampered with, but it cannot guarantee that messages will not be lost.

    For more information on BlockChain, refer to my previous article introduction to BlockChain and Ethereum, which also had a detailed discussion of random number generators on Ethereum.

    Write reviews

    Sperm has been blogging for years, receiving few good comments, and in this age of SNS, there is no lack of channels for feedback to authors. So if you’d like to write a comment, please email [email protected] with the title, and I’ll pick the ones worth adding to the bottom of the article.