Is God rolling the dice at Web3?
“We are all fooled by randomness” — — Nicholas Taleb
Randomness & Fate
Let’s imagine a scenario. There is a group of extremely rich but extremely bored BTC whales collectively putting up 1000 BTC annually to host a Russian Roulette.
They will prepare a revolver which is loaded with only one bullet in a clip which contains six slots, and then pull the trigger on your head. Each pull of the trigger produces an outcome that can be considered as a parallel universe, and thus there are a total of six parallel universes corresponding to different scenarios, each with the same probability of being produced. Five out of the six universes will make you rich overnight and even get to appear on the cover of Forbes, while the only one left will have you dead in an ugly way.
Are you willing to participate in this game? If so, for once or twice? Or even get involved in every single year?
It takes some courage and, of course, some intelligence to play this game. 83% has a high chance of winning, which you don’t get that often in daily life. But if some greedy fool chooses to keep playing, the vast majority of them are very probably to be found in the obituary section of the newspaper in 20 years. In this hypothetical game of Russian roulette, rules are clearly laid out and the odds are calculated well and so that risks are measured with all conditions disclosed in advance. Yet in the real world most of the time we are actually faced with asymmetric information games. It is not a revolver or a deck of cards that determines our fate. We don’t know how many bullets are there in the clip or how many suits of cards are in the deck. In an infinite number of parallel universes and under conditions of infinite risk, our destiny is undoubtedly unpredictable.
And this exactly reveals that we are living in a world of randomness.
As Feynman said, the one thing nature allows us to calculate is merely probabilities. Once we have the superpower of calculating “probability amplitudes”, we can become prophets, to predict and even change the future. In other words, whoever masters randomness manages the dice of fate and becomes God.
Random & Secure
Translating this thinking to the crypto world, the machine that generates random numbers can be thought of as a messenger of God’s oracles. It is for this role that the oracle gets its name. In past articles on oracles, we have pointed out that due to the transparency of the blockchain system, all algorithms, inputs, and outputs generated on the chain are exposed to the system participants. Therefore random sequences generated directly on the chain can actually be predicted.
Some typical on-chain random number generation methods, such as the Future Block Hash, have a lot of room for cheating and security vulnerabilities. As a simple example, if a miner is playing a lottery game that has a winning amount of 10 ETH and a block reward of only 3 ETH, then obviously the miner has the incentive to cheat. He can influence the generation of random sequences by discarding and not releasing blocks (Block Withholding Attacks), thus gaining himself an advantage in the game. This is the equivalent of playing the same game of poker as you and the miner, but they can change the undercards. If this pseudo-random sequence can be tampered with and predicted to Web3 scenarios, it is not difficult to imagine the huge security risk and unfairness behind it: once a hacker or attacker figures out the random algorithm and measures the initial seed of the random sequence, then whether it is the distribution of NFT airdrops, the explosion of the best equipment in GameFi, or the generation of the private key address of the user’s personal wallet , there is a possibility of manipulation and tampering.
So what kind of random numbers are really trustworthy and secure? Here we need to do a brief recap of the classification of random numbers first.
Generally, we divide random numbers into two types: True Random Number (TRN) and Pseudo-Random Number (PRN).
Among them, pseudo-random numbers can be subdivided into: weak pseudo-random numbers and strong pseudo-random numbers.
As the word “pseudo” implies, pseudo-random numbers are not truly random. All random numbers generated on the blockchain are also “pseudo”. Essentially, PRNs are seemingly random sequences of numbers output by computer software based on established mathematical formulas and algorithmic instructions, requiring an external input of an initial value to act as a SEED. and contrary to many people’s natural perception, computers can hardly be used to generate random conditions, as they are inherently predictable devices. The components are determined, the wiring is predetermined, the code and algorithmic commands are explicit, and under all sorts of fixed external conditions, we can locate the sequence results by some means (such as the cheating method mentioned above). Hence, as results can be calculated, how could they not be seen as pseudo-random?
Real TRN is generated by extracting randomness from physical phenomena such as noise, chaos and quantum random processes and introducing it into computers. To put it straight, you connect a big die off the chain to a computer.
In terms of nature, TRN needs to have randomness, unpredictability and irreproducibility at the same time:
- Randomness: The sequence is completely disorganized without statistical deviation, but it does not mean that it cannot be seen through
- Unpredictability: You can’t predict the new sequence even if you know the past sequence
- Irrepeatability: You cannot repeat exactly the same sequence unless the original sequence is saved
Strong PRN only satisfies the first two, while weak PRN only has the property of randomness, which is easy to see through.
When we say that a random number is reliable and secure, at the very least we mean that it cannot be seen through. Therefore, both unpredictability TRN and strong PRN can be treated as trusted random numbers and introduced to smart contracts. Weak PRN cannot be applied to cryptography-related scenarios such as key generation, password generation, and so on.
As for how to generate trusted and secure random numbers, at present, the most direct and efficient method is to link external API through the oracle and generate encrypted authentication. Chainlink’s verifiable Random Function (VRF) service, for example, uses an external API to link the test network, validates the generated strong PRN using the public key and the seed of the smart contract, and then transfers it to the smart contract (see figure below). Chainlink’s VRF service mainly charges users through subscriptions. After depositing enough LINK tokens into their accounts, users can send subscription requests to obtain random numbers provided by Chainlink.
Another example, API3 recently chose to collaborate with the Quantum Optics team at The Australian National University (ANU) to provide Quantum Random Number Generation (QRNG) services for various dApp and Web3 products. The whole process is to validate its quantum phenomena-based generated TRN on-chain and then deliver it to requesters (see the workflow below). QRNG is also the only service that currently generates TRN. According to its whitepaper, QRNG provides maximum protection against witch attacks and is completely free to use.
Randomness & Web3
After understanding the definition and origin of VRF, let’s talk about a more practical issue: what exactly is the use of random numbers in Web3?
In fact, random numbers are indispensable in almost all Web3 scenarios.
1. GameFi
There are many situations where probability distribution is needed in games, and RPG games are a typical one. Some characters are extremely rare with scarce attributes, while others are just common. Usually, the rarer the character, the higher the value, the more it can help users to obtain high economic returns. In Axie, for example, each elf character has six components, each with different attributes and abilities. The game makers must get the role assignment mechanism right and set the assignment probability as fair as possible, if they want to create a personalized game experience for users.
In PVP matchmaking, a player’s possibility of winning and the amount of rewards they win depend on the opponent they are assigned to. The unfairness of the game matching mechanism is likely to directly lead to the loss of players. In world exploration games, players’ chances of obtaining rare items and equipment during map exploration also require a probability model that guarantees fairness. As for card games, the order in which players use cards largely serves as the winning hand of the game. In shooting games, the hit rate of shooting and the choice of the location of the character’s resurrection will have a certain impact on the game experience of players.
Essentially, all the games mentioned above require a certain degree of unpredictability to enhance the playability of the game. It is necessary to introduce verifiable random functions to generate unpredictability.
2. NFT
Just as the character attributes in GameFi have different compositions, the details of NFTs are also composed of different attributes. BAYC’s NFT, for example, consists of seven different attributes: background, clothes, earring, eyes, fur, hat, and mouth, and the rarity of the attribute actually determines the value of that NFT. Both the allocation of rarity and limit on the total number of attributes can be solved by verifiable random function.
In addition, with the establishment and growth of more and more NFT communities, the project party often stimulates the loyalty and activity of members by issuing random NFT airdrop rewards during special festivals or when certain milestones are reached. Which addresses to airdrop and how to ensure the fairness of the airdrop are carefully executed by the project owner according to certain distribution mechanisms. VRF can be considered as a good solution in such scenarios. In fact, most of NFT’s airdrop incentive campaigns today are also carried out by integrating services such as Chainlink VRF.
3. DeFi
DeFi protocols and algorithmic stablecoin protocols like Olympus often have a rebase process to address share dilution or to incentivize specific market behavior, such as maintaining the price anchor of algorithmic stablecoin. One of the strong “sensitive” variables of the rebase mechanism is its cycle time. If the rebase cycle is set constant for a long time, it is likely to be exploited by short-term arbitrageurs. Therefore, the rebase mechanism can be designed to apply trusted random numbers to determine the approximate period of a change adjustment.
In some innovative Yield Farming protocols, the reward mechanisms also introduce some volatility to increase user participation. The annualized returns of users with high participation and contribution will be different from those of average or low participation users. Thus, the distribution of reward sizes and the increase or decrease in the magnitude of returns in the pool will need to be adjusted and patterned using random numbers.
4. DAO
In DAO governance, members are often required to make key decisions for the organization, and a large DAO community may be able to execute day-to-day decisions more efficiently by establishing core management such as a board of directors. The selection and addition of these boards and managers requires a fair and transparent mechanism, and the introduction of trusted random numbers can be considered as the most optimal and convenient option for the establishment of such a mechanism.
In addition, random numbers can also be used to improve the security of member authentication systems in DAOs, which involve the management of large amounts of funds or specialize in investments, preventing hackers or malicious attackers from reverse-engineering the authentication process and securing the vaults within the DAO.
5. The use of VRF in L1 consensus mechanism
One of the major problems that new public blockchains need to face is the reduction of security after sharding. Before sharding, all the verifiers in the network verify all transactions together; however, after sharding, these verifiers are equally distributed to each shard for verification, which makes the possibility of each shard being forked (51% attack) much higher. A good solution to this security problem is to make the attacker unable to predict the verifier of each shard in advance, and this requires the introduction of a certain degree of randomness and unpredictability. NEAR Protocol randomly assigns the verifier through the VRF service, thus hiding the information of the specific shard which will be verified by the verifier.
Last Words
Randomness is fascinating because it implies uncertainty and possibility. Possibility can bring us both hope and fear, and that’s why the debate between determinism and non-determinism stretches to this day. Also, whether God rolls the dice or not is not that important. Maybe everything in the world is moving irrevocably toward the law of large numbers, maybe all fatalistic acquaintances are just probabilities of chance, maybe you, me, and him are just fools walking randomly in Web3.
But not knowing the answer is always much more interesting than getting a wrong answer. As Carlo Rovelli mentions in his book, “What’s nonapparent is much vaster than what’s apparent”.
Stay foolish, and be in awe of the randomness.
