In block chain, because all information is transparent, provide a safe and practical random number is a very difficult question, but a random number is the foundation for many applications, such as games, gambling, process control, etc., therefore, provide a practical and reliable random number is based on the urgent need of the application of intelligent contract
Random number 1. The traditional chain there are several ways to
The first is to make the trusted third party to provide random number for contract, this kind of situation is usually a centralized solution, through a credible oracle to provide independent random number generator, intelligent contract send a request to the oracle system outside the chain, independent of the blocks when oracle related request, listening to the chain to generate random Numbers and invoke the callback function returns the result block chain,
This solution is the main problem of the centralized solution, and distributed based on the block chain runs counter to the spirit, there are other weaknesses, such as time delay problem in the process of information transfer in p2p network, the demand for different levels of application can not provide differentiated services, etc.,
The second is an interactive commit and pass reveal, participate in the process of advance commit a random number, then submit to block the hash chain, all parties to submit to end, all pass reveal their random number, by incorporating their respective random Numbers to produce a final random Numbers, this process can ensure the random Numbers are not known beforehand, but the process there are a few problems, the first is the need of interactive communication for many times, is very difficult to implement automation, the second is that if a party in the results of their adverse circumstances, can not pass reveal oneself random number is used to delay random process, especially in the case of more participants, properly handle the network delay and intentional attack more difficult,
The third is to use publicly available information on the chain, such as using block hash value/timestamp/difficulty coefficient as a random number generator, under normal circumstances, the application needs to use in the future of a block of hash value in order to make sure before the block out, ready for operation has been fixed and cannot be modified, this way are the most common method was adopted in practice, but there are many pitfalls in the process of implementation, and, even if the implementation process of perfect, there is an insurmountable flaw is that the miners block, can be allowed within the scope of operation, to change the hash value block, generating random Numbers to the choice of the miners, the easiest way, is through the selectively trade package, makes the hash value to their advantage,
The fourth layer from the consensus, through the way of threshold signature, make each submit their consensus node to a signature pieces of information, after the signature of the fragments collected enough, any consensus node signature pieces can be merged into a legitimate can verify the signature of this signature can be used as a random number generator,
Miners are the benefits of this practice could not do for the final signature operational changes, for the same information to the message, the combination of different miners signature results are consistent, once the message to determine, signatures are identified, Dfinity adopt this approach as the basis of the consensus agreement, at the same time provide a verifiable random number generator, but there is a problem is in the process of the blocks in each round, each node needs to broadcast their signature pieces, so that each message passing is O (n2), similar to the PBFT, this problem can lead to understanding the limitation of the number of nodes, as well as to support the application of efficiency, etc.,
Solutions
2.
Chain using threshold signature, scholars put forward a O (n) random number method of information complexity,
First of all, the chain is based on multilayer structure locations locations of layer2 block chain, substring miners are randomly selected from the pool of nodes as a part of the consensus of a substring node, the block sequence of sub chain by substring of miners in Round Robin's way out of the blocks, in turn, at the same time to the substring state periodically substring hash flush to the main chain, implemented: 1. The state of finality, 2. Eliminate has proved the malicious nodes, 3. Random retire a small number of nodes, add a few new nodes randomly, 4. Realize the substring with mother chain across the chain operations,
In providing a random number of substring implementations, each chain of the miners VSS initialization realize verifiable distribution of private key, and then, each miner to submit a set of segments of the signature of the threshold signature, after the collected enough signatures, can complete the merger of threshold signature, miners can produce blocks, and signature as a contract of the random number generator, intelligence processing related transactions of the smart contracts,
The process is as follows:
1. Initialization phase, each node in turn generate blocks before, don't need to include the legal threshold signature, but each node need to legally block in which the current node of [H (b), H (b + 1),..., H (b + m - 1)] the signature of the fragment, b is the current block,
2. After the m a block, a piece of normal start, segments of the current node should be able to receive enough signatures (m), and the synthesis of effective threshold signature, as a result, the node can produce a valid blocks, the blocks are included in the m signatures collected fragments [H1 (b), H2 (b),..., Hj (b)], as well as the synthesis of threshold signature Sig_thres, transaction set {TX}, block Sig_block, and published their own [H (bi), H (bi + 1),..., H (bi) + m - 1] the signature of the fragment
3. If there is a Byzantine failure, did not get enough signatures current node, the node does not produce blocks, only broadcast your current signature pieces,
4. The third step can last for many times up to m times
5. The next node if received enough signature pieces, can produce blocks, go back to step
So that can ensure a block threshold signature is a collection of signature of the current block, the signature can be verified, but cannot be know in advance, and can not be miners modification operation, and this is a piece of information in the process of O (n),
In addition, when the chain refresh cycle, then substring node number will change, malicious nodes are eliminated, at the same time have a chance of old and new node changes, a new node of the VSS process can be completed before the refresh cycle, so that after the refresh cycle, a new batch of nodes can immediately enter the continuous process, make the whole process is not subject to interruption,
In addition, the realization of the substring of scholars made in intelligent contract can directly call the threshold signature as a random number generator, to process the application logic, and the threshold signature is binding and block, can greatly simplify the management of intelligent contract to the appropriate logic,
Stone technology (MOAC BlockChain Tech) has achieved the random chain, named RandDrop (this is and ProcWind FileStorm after the third is a chain of locations), now in the test network testing, can be provided to each game soon test and application of manufacturers,
To summarize, the advantages of the random number son chain RandDrop locations:
1, solve the plight of the existing intelligent contracts get reliable random number, random number by the consensus of substring nodes by threshold signature, high safety, random number is not affected by individual miners completely;
2, the existence of the Byzantine nodes can delay the production of a certain block, but will not affect the result of the random number;
3, the first news linear complexity of random Numbers, can support more consensus node, stronger applicability.
4, simplify the process of design, make smart contracts can call directly to obtain the current block random number,