Editors Note: This article comes fromEditors Note: This article comes fromBabbitt Information (ID: bitcoin8btc )
, author: Huang Lianjin, famous blockchain expert, chief scientist of Nuclear PolyChain, CEO of DistributedApps in the United States, expert committee member of China Institute of Electronics Blockchain Branch, NULS consultant; Xiang Wenbo, Java software engineer, Cryptotech-Writer, NULS Core Team Member, reproduced by Odaily with authorization.
Application of random numbers in blockchain
Application of random numbers in blockchain
private key
private key
Anyone who owns cryptocurrency knows the importance of private keys. Whoever owns your private key owns your encrypted assets. The generation of private keys needs to rely on random numbers, so whether the random numbers can be guaranteed to be unpredictable and cracked is related to the security of encrypted assets.
The Bitcoin private key uses a 256-bit random number generated by SHA-256. The value range of this random number is 0~2²⁵⁶-1. The 256th power of 2 is approximately 10 to the 77th power. This is a value range Very large numbers, with the existing computing power, it is almost impossible to brute force them.
It cannot be cracked by brute force, but if the random number generator that generates random numbers can be manipulated and the generated random numbers can be predicted, then your private key may be decrypted, and the security of encrypted assets will not be guaranteed.
Guessing Apps
In the guessing application, random numbers are needed to ensure the randomness of the results, avoid human intervention, and affect the fairness of the results.
In a centralized environment, users who participate in guessing need to submit guessing orders to the system, and the system collects user information according to the rules, and then generates guessing results. During the whole process, the client will not participate in the calculation of the guessing result, which is essentially a string of random numbers generated by the system. When the temptation of huge benefits appears, the system may cheat to benefit itself.
In a decentralized environment, there is no unique center, and all nodes can participate in the generation of random numbers.
It can effectively guarantee the fairness of random numbers. But in a decentralized environment, hackers can more easily attack random numbers and gain benefits from it. So far, the security of blockchain random numbers is still a technical problem that needs to be broken through.
In August 2018, the once-popular Fomo3D game was exploited by hackers using its random number loophole to gain huge profits in the game. Following Fomo3D, many popular DAPPs on EOS, especially guessing games, such as EOS.WIN, EOSDice, etc., have also been attacked by hackers due to the defect of random number generation.
POS consensus mechanism
Blockchain is a decentralized distributed accounting technology. In a decentralized environment, to achieve correct accounting, random selection of bookkeepers is very critical. Because only under random conditions can the fair distribution of accounting rights and the reasonable distribution of mining rewards be guaranteed.
The consensus mechanism of POW is to calculate a very difficult hash value through computing power competition to randomly determine who will keep the account. Using the consensus mechanism of POS, it is necessary to randomly select a node for bookkeeping through random numbers.
Most POS protocols will select a group of miners and verifiers based on the number of tokens held by the holders to jointly complete the verification and block generation of transactions on the chain. In order to randomly select miners and verifiers and ensure fair distribution of rewards, the algorithm must incorporate some fair and unbiased random number sources. Therefore, in many POS consensus mechanisms, random numbers are a very critical technology.
True Random Numbers and Pseudo-Random Numbers
Random numbers are divided into true random numbers and pseudo random numbers. True random number sequences are completely unpredictable and only exist in the real physical world, such as radioactive decay, electronic equipment noise, trigger time of cosmic rays, etc. We can obtain true random number sequences by collecting these data. Pseudo-random numbers are calculated using a random number algorithm by obtaining a sequence of true random numbers (usually called a random number seed). As long as the random number seed is obtained, the same pseudo-random number sequence can be obtained.
Therefore, true random numbers only exist in the real physical world, and most random numbers in computers are pseudo-random numbers. If you want to ensure the security of pseudo-random numbers, you need an effective random number seed and a secure random number generator.
How to generate random numbers in blockchain
The blockchain is a decentralized system. In theory, the random numbers generated are fairer than the centralized system. However, in a decentralized environment, if there are huge profits, it is easier to be attacked by hackers. Therefore, in order to ensure the block The security of chain random numbers has given birth to various random number generation mechanisms.
VRF (Verifiable Random Function)
VRF (Verifiable Random Function) is a verifiable random number
Generation method. At present, it is mainly used by blockchain projects based on the POS consensus algorithm, including Algorand and Cardano.
In Algorand and Cardano, VRF is the key to generating random numbers. VRF can output a random number based on any input. A non-interactive zero-knowledge proof process is specially designed in VRF, which can be used to verify the correctness of random numbers and that a certain random number is generated by a certain node.
VRF mainly includes four links:
Generate public-private key pair
generate random output
Computational zero-knowledge proof
Verify random number output
The node that generates the random number uses its own private key as part of the input to generate the random number, and then outputs the random number and zero-knowledge proof locally. Other nodes can use the public key, input, and output of the node that generated the random number to verify the authenticity of the random number and the identity of the generator.
Randao
After getting the random number, you need to use the generated random number to select the nodes that participate in the block generation. The easiest way is to set a recognized critical value M in the entire network. Assuming that the random number R generated by a node is greater than the critical value M, the system allows the node to participate in the next block generation task. But this kind of scheme has no way to prevent sybil attacks, so most VRF lottery schemes now distribute votes based on rights and interests, and then design a lottery algorithm to complete the subsequent consensus process.
Based on blockchain technology, Randao provides open source, decentralized, and provably fair random number generation services. The goal of Randao is to meet the uncontrollable and unpredictable basic characteristics of random number generation, and at the same time enable individuals to participate in the generation of random numbers, ensure that random numbers can be participatory, and use the transparent and irreversible characteristics of blockchain to ensure the reliability of results Prove fairness.
Randao mainly uses Commit Reveal and BLS. The main disadvantage of Commit Reveal is that it generates random numbers slowly. In Ethereum, it takes at least 10 blocks or more from receiving a random number generation request to generating a random number, and currently takes more than 3 minutes; because participants need to send transaction submission data multiple times, its production and use higher cost. However, the advantage of this scheme is that its participation threshold is basically zero, and anyone can join a random number generation process at any time, which has certain advantages in preventing collusion and provable fairness.
The BLS signature scheme is a supplement to Commit Reveal, because the generation process is organized outside the chain, and the response speed is fast, usually it only takes one block to generate a random number; the consumer initiates a random number generation request, and the producer in the next Write random numbers in blocks, and only need to send two transactions to complete the generation and call of random numbers. The production and use costs are very low, and it is suitable for scenarios with high frequency and low requirements for anti-collusion.
Threshold Signature Scheme
Dfinity is a public chain project, the goal is to become an Internet computer to realize the operation of software and services in its public cloud. In Dfinity, random numbers are the core of the normal operation of the entire consensus mechanism. The threshold signature mechanism adopted combines VRF and BLS signature mechanisms, which is an effective way to generate random numbers.
The threshold signature mechanism is mainly composed of three parts: input, output, and threshold mechanism. The input is the private key of a group member, and the output is a random number. What the threshold mechanism can guarantee is that as long as the number of inputs received from members exceeds the set value, a definite random number can be obtained, but no one can predict the output random number until the number of inputs less than the set value is obtained . VRF is used in the process of outputting random numbers, and the BLS signature mechanism is used in the threshold mechanism.
NULSRNG
The threshold signature mechanism combines VRF and BLS. VRF makes the random numbers generated verifiable. The BLS signature mechanism enables no node to predict the signature result in advance during the signature process, realizing the uncontrollability of random numbers, and it is difficult to Collusion is a nice random number generation mechanism.
NULSRNG is a global open source community project NULS, based on its POC (Proof of Credit) consensus algorithm, a random number seed generation mechanism specially designed for DAPP.
The implementation of NULSRNG is a two-stage random seed submission generation mechanism based on POC consensus. That is, each node generates a random seed at the same time as the block, and encrypts the random seed, includes the generated ciphertext in the block header, and obtains the 256-bit random seed plaintext generated by the node last time . Combining the plaintext and ciphertext in the block header, the random number seed generated by the node can be verified to ensure that it cannot be tampered with.
The DAPP developed on NULS can directly use the interface provided by the bottom layer to obtain random seeds, and then use its own random algorithm to generate the required random number sequence, which can not only improve the security of random numbers, but also be flexible in use convenient.
epilogue
epilogue
1. In the blockchain, random numbers have many application scenarios. With the continuous development and improvement of blockchain technology, the application of random numbers in the blockchain will continue to increase;
3. Realizing the importance of random numbers, more and more technical teams and project parties have begun to study better random number generation mechanisms. In the future, there will be more perfect blockchain random number generation mechanisms.
references:
《Randao: Verifiable Random Number Generation》;
《Verifiable Random Functions》Silvio Micali, Michael Rabiny, Salil Vadhanz;
《DFINITY Technology Overview Series Consensus System》Timo Hanke, Mahnush Movahedi , Dominic Williams。
