On Bitcoin as a public randomness source

1 Stanford University 2 Concordia University 3 Princeton University Abstract. We formalize the use of Bitcoin as a source of publiclyverifiable randomness. As a side-effect of Bitcoin’s proof-of-work-based consensus system, random values are broadcast every time new blocks are mined. We can derive strong lower bounds on the computational min-entropy in each block: currently, at least 68 bits of min-entropy are produced every 10 minutes, from which one can derive over 32 nearuniform bits using standard extractor techniques. We show that any attack on this beacon would form an attack on Bitcoin itself and hence have a monetary cost that we can bound, unlike any other construction for a public randomness beacon in the literature. In our simplest construction, we show that a lottery producing a single unbiased bit is manipulation-resistant against an attacker with a stake of less than 50 bitcoins in the output, or about US$12,000 today. Finally, we propose making the beacon output available to smart contracts and demonstrate that this simple tool enables a number of interesting applications.

[1]  W. Güth,et al.  An experimental analysis of ultimatum bargaining , 1982 .

[2]  Michael O. Rabin,et al.  Transaction Protection by Beacons , 1983, J. Comput. Syst. Sci..

[3]  Silvio Micali,et al.  A fair protocol for signing contracts , 1990, IEEE Trans. Inf. Theory.

[4]  Bruce Schneier,et al.  Secure Applications of Low-Entropy Keys , 1997, ISW.

[5]  David Mazières,et al.  A future-adaptive password scheme , 1999 .

[6]  David Mazières,et al.  The Advanced Computing Systems Association a Future-adaptable Password Scheme a Future-adaptable Password Scheme , 2022 .

[7]  Noam Nisan,et al.  Extracting Randomness: A Survey and New Constructions , 1999, J. Comput. Syst. Sci..

[8]  Luca Trevisan,et al.  Extracting randomness from samplable distributions , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[9]  Salil P. Vadhan,et al.  Randomness extractors and their many guises , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[10]  Moni Naor,et al.  On Memory-Bound Functions for Fighting Spam , 2003, CRYPTO.

[11]  Brent Waters,et al.  New client puzzle outsourcing techniques for DoS resistance , 2004, CCS '04.

[12]  Hugo Krawczyk,et al.  Randomness Extraction and Key Derivation Using the CBC, Cascade and HMAC Modes , 2004, CRYPTO.

[13]  Brent Waters,et al.  Harvesting verifiable challenges from oblivious online sources , 2007, CCS '07.

[14]  Jeremy Clark,et al.  On the Use of Financial Data as a Random Beacon , 2010, EVT/WOTE.

[15]  Jeremy Clark,et al.  Scantegrity II Municipal Election at Takoma Park: The First E2E Binding Governmental Election with Ballot Privacy , 2010, USENIX Security Symposium.

[16]  John Kelsey,et al.  NIST Special Publication 800-90A: Recommendation for Random Number Generation Using Deterministic Random Bit Generators , 2011 .

[17]  Ronen Shaltiel,et al.  An Introduction to Randomness Extractors , 2011, ICALP.

[18]  Jeremy Clark,et al.  CommitCoin: Carbon Dating Commitments with Bitcoin - (Short Paper) , 2012, Financial Cryptography.

[19]  Jared Saia,et al.  Scalable Byzantine Agreement with a Random Beacon , 2012, SSS.

[20]  Douglas W. Jones,et al.  Broken Ballots: Will Your Vote Count? , 2012 .

[21]  Christian Decker,et al.  Information propagation in the Bitcoin network , 2013, IEEE P2P 2013 Proceedings.

[22]  Matthew Green,et al.  Zerocoin: Anonymous Distributed E-Cash from Bitcoin , 2013, 2013 IEEE Symposium on Security and Privacy.

[23]  Martin Mauve,et al.  Modular square root puzzles: Design of non-parallelizable and non-interactive client puzzles , 2013, Comput. Secur..

[24]  Jeremy Clark,et al.  Mixcoin: Anonymity for Bitcoin with Accountable Mixes , 2014, Financial Cryptography.

[25]  Marcin Andrychowicz,et al.  Secure Multiparty Computations on Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[26]  Cristina Pérez-Solà,et al.  The Bitcoin P2P Network , 2014, Financial Cryptography Workshops.

[27]  Matthew Green,et al.  Rational Zero: Economic Security for Zerocoin with Everlasting Anonymity , 2014, Financial Cryptography Workshops.

[28]  Joshua A. Kroll,et al.  perspectives on Bitcoin and second-generation cryptocurrencies , 2015 .

[29]  Jeremy Clark,et al.  SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies , 2015, 2015 IEEE Symposium on Security and Privacy.

[30]  Alon Rosen,et al.  Public Verification of Private Effort , 2015, TCC.

[31]  Arjen K. Lenstra,et al.  A random zoo: sloth, unicorn, and trx , 2015, IACR Cryptol. ePrint Arch..

[32]  Simon Josefsson,et al.  The scrypt Password-Based Key Derivation Function , 2016, RFC.

[33]  Franck Petit,et al.  Stabilization, Safety, and Security of Distributed Systems , 2016, Lecture Notes in Computer Science.