The random datasource: “A Scalable Architecture for On-Demand, Untrusted Delivery of Entropy”
Preamble
One of the most fascinating, probably most complicated and yet unsolved problems in the context of blockchain protocols and smart contracts is the secure generation of random numbers.
Different methods have been proposed, but none of them meets the goal in providing an ultimate solution. This is due to the complexity of the economic incentives infrastructure and the strictly deterministic nature of blockchain protocols.
The lack of a solution to this problem is limiting what smart contracts can accomplish today. Besides the obvious applications leveraging a source of randomness for gaming and gambling systems, there are many others — efficient probabilistic payment channels, random ballots systems and possibly some yet to be invented. Unfortunately, a theoretical solution seems nowhere near of being discovered.
A different approach
Staying consistent with the architecture that Oraclize has been designing during the last 2 years, we have tried to address this very problem using a different approach. Smart contracts and blockchain protocols not only enable trustless applications, but also applications with clearly defined trusted boundaries. As a data carrier, Oraclize is well familiar with the concept: any party interacting with a data-dependent smart contract must trust the data provider (but not necessarily the data carrier!).
Today, we are presenting the random datasource — an architecture that enables smart contracts to receive a random number from a trusted, super partes source, without having to rely whatsoever on the data carrier.
We explain the rationale behind the Oraclize random datasource in the following paper “A Scalable Architecture for On-Demand, Untrusted Delivery of Entropy”.
Thanks to its flexibility, the random datasource can be used by any type of application (both decentralized and traditional ones) requiring a random input, while maintaining the same security guarantees in both context. Random Number Generation (RNG) has always been a very important task for many real-life problems ranging from security and cryptography to traditional gaming and gambling applications.
Many different hardware and software based methods have been used to produce randomness, but in most cases the integrity of these systems relies on costly certification processes performed often by small or unknown parties. These processes can fail badly and leave no accountability as it has happened more than once in the gambling industry.
Also, the traditional process does not ensure that the code being executed is matching the one that was certified by the auditor.
On the other hand, the model we are presenting here offers far higher, mathematically binding guarantees of fairness thanks to open (and third-party auditable) authenticity proofs. Oraclize aims to remove itself completely from the trust equation as the trust is moved from Oraclize to the so-called “attestator”.
Specifically, our first version of the Oraclize “random datasource” leverages:
- the Ledger hardware-based RNG to generate entropy
- the Oraclize “Ledger proof” to guarantee the authenticity of the number generated
Actually, thanks to the flexibility of such an architecture, our random datasource is not limited to the use on the Ledger device only. It can adapt to different types of devices and attestation technologies, which can be even combined!
Proofs based on different technologies/attestators, but implementing the same architecture described here, will follow in the coming months.
Thanks to the easy verificability of the Ledger proof, smart contracts can verify on-chain at a negligible cost the correctness of the process and be sure that the random number generated by the random datasource is safe.
What’s next
The paper we have released today, “A Scalable Architecture for On-Demand Untrusted Delivery of Entropy”, is meant to be first public revision of the work we have been doing recently on trying to solve the randomness problem in a way which is consistent with our vision.
A consistent section of the paper is dedicated to comparing this approach with several already existing alternatives on the market.
We are looking forward to make this system better and better thanks to the feedback we receive — in the meantime we are refining the implementation which, in the coming days, will be available for everybody to test on the public Ethereum testnet.
The rationale we present here will be available as-a-service in the coming days as a new dedicated random datasource. The Solidity code showing examples on how it can be used and how the on-chain verification can be done will follow shortly: stay tuned!
Note: The company has now rebranded into Provable.
