Decentralized Randomness and the League of Entropy

Tagged: decentralized & random & entropy & cloudflare & cryptography

When I heard of drand, a distributed randomness beacon daemon, my nerd-o-meter lit up. What is it, why do we need it, how random is it, and why is it distributed or decentralized?

Decentralized vs distributed

First off, I will often conflate the terms "distributed" and "decentralized". Distributed computing often refers to networked systems of CPUs which each process a slice of a whole computation (e.g. trying one unique hash to crack a password). Decentralized means there's no single special point of control or authority. Both terms can describe drand and how it produces random values.

A random walk

Wait, but what do we even mean by randomness? Randomness is statistically randomly distributed but, more importantly, unpredictable. Knowing the most recent value(s) give(s) no indication of the next value(s). Stock prices are often said to be unpredictable for a given time scale and are said to move in a "random walk" over a period, going up and down in an unpredictable manner. Likewise, a coin toss's outcome should be random as should 100 coin tosses in a row, despite any expectation of outcome distribution among the 100.

Vegas was built on randomness

So why is randomness useful? Critical components of our modern digital world rely on an assumption of randomness to be safe and trustworthy. Randomness is key in cryptography where a random seed prevents an attacker from intercepting encrypted communication. Random values are used in games to make them fun, but also to make them fair. Poker relies on a random shuffling of cards. Otherwise, winning would be a simple matter of memorizing the order the cards are in. A number of electronic gambling devices at casinos around the world were "beaten" by punters who realized their internal random number generators [RNGs] were not actually random. Casinos require state inspectors to ensure that a machine's random number generator is truly random and fair.

Do we really need governments to ensure digital randomness?

Randomness is also critical in statistics where a pattern or predictability can be exploited to game the outcome. In the US, failed randomness has led to things like black defendants being tried by a completely white jury rather than a jury of (randomly selected) peers.

How hard is it to make a random number?

If a computer spit out: 5 0 3 9 2 2 7 6 1

Would you be convinced it was random? You might. But computers can spit out random looking strings of numbers which are actually predictable just by knowing the "seed" value and the algorithm used. These are called pseudo random number generators (PRNGs). In a pinch, this may be sufficient for a kid's game with no consequences for getting hacked. For serious applications, we need serious randomness. All the serious random number generators I know of use unpredictable aspects of physical reality and convert those into digital values.

Random.org

Random.org is a website that has been giving away free random numbers since the late 90s. It gets its randomness from radio static as a proxy for random atmospheric conditions. This source of randomness is also called a source of entropy.

Lava lamps

Lava lamp blob shapes are thought to be random. So Cloudflare uses a wall of lava lamps watched by digital cameras as a source of entropy to feed into their random number generators.

The League of Entropy

Cloudflare is also a founding member of the League of Entropy along with some universities and Protocol Labs (builders of IPFS), foundations (like the Ethereum Foundation), non-profits, and private enterprises (including security companies).

The League are the ones powering the nodes which provide decentralized and distributed sources of entropy for random number generation. One member uses keyboard and mouse click events as entropy to produce random numbers, something every computer can already do itself (Linux does this) but not in huge amounts. Maybe you were asked to bang on a keyboard to produce an ssh key in the past. Another source of entropy is seismic activity in Chile.

These various sources of entropy can be used together like Voltron to create a bigger, more powerful source of entropy. And one source can go down (or get hacked!) while the rest of the network maintains random number generation. The total amount of entropy is high enough for most use cases. And more nodes can join as operators and provide more entropy.

Users of this service can get new numbers every minute. You can get numbers publicly or privately. For cryptographic uses, you would want private numbers otherwise an attacker could snoop on your communication by combining the seed and the algorithm you were known to be using. For provably fair gaming, you would use public numbers.

drand

A drand randomness beacon is composed of a distributed set 
of nodes and has two phases:

Setup:

Each node first generates a long-term public/private key 
pair. Then all of the public keys are written to a group 
file together with some further metadata required to 
operate the beacon. After this group file has been 
distributed, the nodes perform a distributed key 
generation (DKG) protocol to create the collective public 
key and one private key share per server. The 
participants NEVER see/use the actual (distributed) 
private key explicitly but instead utilize their 
respective private key shares for the generation of 
public randomness.

Generation:

After the setup, the nodes switch to the randomness 
generation mode. Any of the nodes can initiate a 
randomness generation round by broadcasting a message 
which all the other participants sign using a t-of-n 
threshold version of the Boneh-Lynn-Shacham (BLS) 
signature scheme and their respective private key shares. 
Once any node (or third-party observer) has gathered t 
partial signatures, it can reconstruct the full BLS 
signature (using Lagrange interpolation). The signature 
is then hashed using SHA-256 to ensure that there is no 
bias in the byte representation of the final output. This 
hash corresponds to the collective random value and can 
be verified against the collective public key.

Drand is a daemon written in Go which connects to the drand network and then provides random values to any client that connects to it, which you can do from a web app using JavaScript. So web apps, or dapps, don't need to do their own bad PRNG or rely on the browser, but can get a verifiably random number of high entropy. It's probably better than what everyone's using now. You can dig into how or why here.