noxed part 4: On-chain randomness
Understanding DEXON backwards and forwards: sortition, epoch, notary selection
In the previous post, we talked about DEXON’s sortition scheme, which allows DEXON to support thousands of validators joining the network while the performance remains efficient. However, some interesting questions are still left to be answered: what is the “magic number” and where does it come from? The answers lie in DEXON’s “on-chain randomness.”
As mentioned in noxed part 1, blockchains can be applied far beyond cryptocurrencies. And one crucial element to make blockchain more feasible in more applications is a thing called randomness.
Randomness is one key element for many applications, particularly in lottery, gambling, and fintech. Blockchain’s intrinsic decentralization and tamper-proof properties makes it an excellent platform for these applications. However, most blockchain projects do not have a built-in randomness source. If you’re a developer of these mainstream blockchains, you usually rely on other trusted third-party applications, such as Oraclize. Unfortunately, the randomness quality is not guaranteed, and you may put your product at risk.
On the contrary, DEXON provides a built-in random source where security is guaranteed by cryptography. So, what do we promise?
Hold on. It will be an exciting and intensive journey to get there.
DEXON’s on-chain randomness
What does DEXON’s randomness guarantee? In DEXON, we provide an “unpredictable,” “unbiased,” “unique,” and “verifiable” random source. Don’t worry. We will explain these one-by-one.
Let’s take lottery as a concrete example. Suppose there is a 6/49 lottery smart contract on a blockchain. The lottery outcome will be out at a specific block height (say height 100), where the outcome is determined by the random number of block #100. You can buy a bet before the block #90 is proposed.
First, the lottery outcome should not be known before the betting is closed. Obviously, if not, anyone can just bet on the exact winning number combination before the results are out and win the prize. In DEXON, the random number of a block is unpredictable when the block is proposed. Even the block proposer cannot be known beforehand!
Second, all the 49 numbers should be chosen with equal probability. In practice, the lottery balls are made delicately to make sure that all of them weigh equally and the balls have to be tossed around in the lottery machine long enough. Similarly, the unbiased property guarantees that anyone cannot influence or change the random number even if someone deviates from the protocol arbitrarily.
Then, it’s odd if there are either no results or multiple results happen for one lottery bet. In practice, the lottery outcome is drawn at a particular time in public. Hence, the audience can check whether the outcome is drawn only once. In DEXON, one, and only one, random number will be generated for each block. Without its uniqueness property, users may have multiple choices and may choose the best one for their own profit. That’s unfair.
Finally, the result should be verified by the public. In practice, lotteries are drawn publicly, usually broadcasted on TV. The balls are put into the lottery machine, the machine shuffles the balls, and the balls fall out of the machine. All the steps are shown on TV.
But for operations done digitally, even if the winning number combination is broadcasted live, how can one guarantee the legitimacy of the draw? In DEXON, live broadcasts may no longer be necessary due to our novel “threshold signature.” With the signature, anyone can verify that the random number is, indeed, generated by a specific procedure.
So, what is the threshold signature? This is the essence of DEXON’s on-chain randomness.
How is on-chain randomness generated
A nuclear bomb is a powerful, devastating weapon. It is dangerous if the bomb can be launched only under someone’s willing hands. Hence, the launching process usually requires multiple keys to start.
We apply a similar notion to generate randomness. The on-chain randomness should not be determined by any single user; otherwise, it is predictable and easily biased. So DEXON’s on-chain randomness is generated as follows:
For each block, all the validators in the notary set send out their signature-shares (say there are
n validators in the notary set). The final on-chain randomness is generated only if there are more than
t valid signature-shares sent out. Hence, no single user can influence the randomness and thus, the security holds.
Precisely, the random beacon for bi is:
Randomness for bi = hash(TSig(block hash of bi))
Where the magic number comes from
Let’s go back to the question in the beginning. Where does the “magic number” come from? For each epoch (3,600 blocks), the notary set actually generates 3,601 random numbers. The extra one random number is the magic number for the next epoch. Hence, the magic number enjoys all the aforementioned desired properties. With the magic number, DEXON can support thousands of validators joining the network, and each validator is chosen fairly.
Hope you enjoy the journey. Your Decentralization EXperience Opens Now.
What is noxed?
Noxed is a brand new learning series produced by the DEXON Foundation where we explain the ins and outs of DEXON in written, video, or visual formats. If there’s a topic about DEXON technology you want us to cover, let us know in the comments.
Read more noxed:
- noxed part 1: Overview (Byzantine Agreement)
- noxed part 2: Single-chain algorithm
- noxed part 3 Sortition
Let’s talk about DEXON
You can register for the newsletter for the latest updates, or join us in our various community discussions in different platforms.
👉 Twitter: https://twitter.com/dexonfoundation
👉 Faceboook: https://www.facebook.com/DEXON.Foundation/
👉 YouTube: https://www.youtube.com/channel/UCbg6l4M8QmSrJphxQvKof5g
👉 Medium: https://medium.com/dexon