RandRunner: Distributed Randomness from Trapdoor VDFs with Strong Uniqueness

Generating randomness collectively has been a long standing problem in distributed computing. It plays a critical role not only in the design of state-of-the-art BFT and blockchain protocols, but also for a range of applications far beyond this field. We present RandRunner, a random beacon protocol with a unique set of guarantees that targets a realistic system model. Our design avoids the necessity of a (Byzantine fault-tolerant) consensus protocol and its accompanying high complexity and communication overhead. We achieve this by introducing a novel extension to verifiable delay functions (VDFs) in the RSA setting that does not require a trusted dealer or distributed key generation (DKG) and only relies on well studied cryptographic assumptions. This design allows RandRunner to tolerate adversarial or failed leaders while guaranteeing safety and liveness of the protocol despite possible periods of asynchrony.

[1]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[2]  Edgar Weippl,et al.  HydRand: Efficient Continuous Distributed Randomness , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[3]  Jeremy Clark,et al.  On Bitcoin as a public randomness source , 2015, IACR Cryptol. ePrint Arch..

[4]  Cécile Pierrot,et al.  Malleability of the blockchain’s entropy , 2016, Cryptography and Communications.

[5]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[6]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[7]  Joseph Bonneau,et al.  Proofs-of-delay and randomness beacons in Ethereum , 2017 .

[8]  Yehuda Lindell,et al.  Security Against Covert Adversaries: Efficient Protocols for Realistic Adversaries , 2007, Journal of Cryptology.

[9]  Johannes A. Buchmann,et al.  A key-exchange system based on imaginary quadratic fields , 1988, Journal of Cryptology.

[10]  Dominic Williams,et al.  DFINITY Technology Overview Series, Consensus System , 2018, ArXiv.

[11]  Nico Döttling,et al.  Tight Verifiable Delay Functions , 2020, IACR Cryptol. ePrint Arch..

[12]  Aggelos Kiayias,et al.  Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain , 2018, EUROCRYPT.

[13]  Krzysztof Pietrzak,et al.  Simple Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[14]  Tal Rabin,et al.  An efficient non-interactive statistical zero-knowledge proof system for quasi-safe prime products , 1998, CCS '98.

[15]  Michael J. Fischer,et al.  Scalable Bias-Resistant Distributed Randomness , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[16]  Sarah Meiklejohn,et al.  Winning the Caucus Race: Continuous Leader Election via Public Randomness , 2018, ArXiv.

[17]  Manuel Blum,et al.  Coin flipping by telephone a protocol for solving impossible problems , 1983, SIGA.

[18]  Michael O. Rabin,et al.  Randomized byzantine generals , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[19]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[20]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[21]  Marc Stevens,et al.  Non-interactive Cryptographic Timestamping based on Verifiable Delay Functions , 2020, IACR Cryptol. ePrint Arch..

[22]  Richard M. Karp,et al.  Randomized rumor spreading , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[23]  Jan Camenisch,et al.  Proving in Zero-Knowledge that a Number Is the Product of Two Safe Primes , 1998, EUROCRYPT.

[24]  Ilan Komargodski,et al.  Continuous Verifiable Delay Functions , 2020, IACR Cryptol. ePrint Arch..

[25]  Yehuda Lindell,et al.  Fast Distributed RSA Key Generation for Semi-Honest and Malicious Adversaries , 2018, IACR Cryptol. ePrint Arch..

[26]  Scott Shenker,et al.  Epidemic algorithms for replicated database maintenance , 1988, OPSR.

[27]  Elaine Shi,et al.  Thunderella: Blockchains with Optimistic Instant Confirmation , 2018, IACR Cryptol. ePrint Arch..

[28]  Arjen K. Lenstra,et al.  A random zoo: sloth, unicorn, and trx , 2015, IACR Cryptol. ePrint Arch..

[29]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[30]  Dan Boneh,et al.  A Survey of Two Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[31]  Jeremy Clark,et al.  On the Use of Financial Data as a Random Beacon , 2010, EVT/WOTE.

[32]  Ittai Abraham,et al.  HotStuff: BFT Consensus with Linearity and Responsiveness , 2019, PODC.

[33]  Dan Boneh,et al.  Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[34]  Barak Shani A note on isogeny-based hybrid verifiable delay functions , 2019, IACR Cryptol. ePrint Arch..

[35]  David J. Wu,et al.  A Note on the (Im)possibility of Verifiable Delay Functions in the Random Oracle Model , 2019, IACR Cryptol. ePrint Arch..

[36]  Ignacio Cascudo,et al.  SCRAPE: Scalable Randomness Attested by Public Entities , 2017, IACR Cryptol. ePrint Arch..

[37]  Silvio Micali,et al.  Verifiable random functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[38]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[39]  Victor Shoup,et al.  Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography , 2000, Journal of Cryptology.

[40]  Luca De Feo,et al.  Verifiable Delay Functions from Supersingular Isogenies and Pairings , 2019, IACR Cryptol. ePrint Arch..

[41]  Benjamin Wesolowski,et al.  Efficient Verifiable Delay Functions , 2019, Journal of Cryptology.