7

I was looking at ramdom.org which generates random numbers using atmospheric noise picked up by radio receivers. However, it is still a centralized service, and there is no way to know if some results are tampered by the owner. (random.org has third-party audit, but that audit can be compromised as well.)

Then I am thinking if there is a way to generate public random numbers in a decentralized manner. Specifically, there will be a protocol/process for the random number generation, and anyone who follows the protocol should be able to get the same random number at a certain point of time.

A rough idea is that the "randomness" should come from some natural/physical process, and it should be observable by anyone or a large group of people. And an algorithm can be defined to translate the analog data to digital numbers.

I am wondering if this is practical, and if there are already available solutions. We can relax some other common requirements of the random generator, i.e., it is fine to be very inefficient (like one number per day).

Some searches I did:

  • random.org and other hardware based random generator, they are all owned by single entity and other people cannot verify the results. (People can verify the numbers statistically, but there is no way to tell if a certain number is compromised.)
  • https://medium.com/coinmonks/a-crash-course-on-proof-of-stake-part-iii-67aa720ea08f There are many decentralized random number generator for Blockchain, but they all require the communications and involvements of blockchain parties.
  • https://drand.love/ drand is very close to what I want, just the generation process is still "owned" by The League of Entropy, and technically it is still comprisable.
wddd
  • 171
  • 3

3 Answers3

6

The "randomness" should come from some natural/physical process, and it should be observable by anyone or a large group of people. And an algorithm can be defined to translate the analog data to digital numbers.

A problem with this is uncertainty in analog measurements. For natural widely observable phenomena, e.g. astrophysical events, different observers will make slightly different observations, and I see no way to reduce to a practically acceptable level the possibility of disagreement about if the next bit should be a 0 or a 1 without communication between observing parties. Such communication can remove disagreement, but at the expense of allowing a collusion of parties to influence the outcome.

This is exactly why we throw dice or coins: it's an artificial phenomenon with low possibility of disagreement on discrete outcomes. We know how to solve the bias problem, e.g. with Von Neumann's de-biasing.

So the only things I can propose are variations around the theme of public lottery. Independently operated webcams around a dice thrower; giant white/black coin thrower on the surface of the moon operated once every full moon.

psmears
  • 137
  • 3
fgrieu
  • 149,326
  • 13
  • 324
  • 622
5

I'd probably not base such a thing on natural processes. Astrophysics probably gives the best results, but we cannot always see the stars and it will likely require specialized equipment. The fact that we live on a globe makes CMB or Solar activity kind'a hard to sync (same for the moon of course, we cannot always observe it). Gravitational waves can be measured globally, but they are infrequent - a few times per month maybe, and it is probably not something that can be measured in a backyard.

To me it would make more sense to choose some widely publicized values that can be mashed together and are hard to manipulate or dispute, for instance hashing a sequence of least significant digits of GPS satellite data, weather stations and/or seismic sources. For best results the data should have a timestamp attached. I thought of stock market prices first, but those are too easy to manipulate, and stock markets are sometimes halted when trading goes haywire.

Blockchain and Trusted Third Parties have already been mentioned in the question.

All in all, we don't have a globally available, natural TRNG. I the end I'm not sure that a TRNG is often the best option, and in this case I don't think it is.

Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
0

This is a classic problem in cryptography. The earliest solution is Blum's 1981 protocol for "Coin Flipping by Telephone". Its setup is slightly simpler than what you've described, but for demonstration, it makes a good place to start. It's indeed a "decentralized" protocol, but with only two parties. It guarantees that, if at least one of the parties is behaving honestly, the resulting coin flip will be truly random.

Blum's original scheme was created in the infancy of theoretical cryptography. A slight generalization of the protocol leads the concept of cryptographic commitment schemes. Reading the Wikipedia article on commitment schemes should give you the basics, and they work through the coin flipping protocol in the examples.

Benjamin Kuykendall
  • 101
  • 3