Random Number Generation by network - golemfactory/golem-rd GitHub Wiki

This is a known problem.

Commitment scheme

Basic flow:

1. Everyone publishes hash(secret) - (aka commitment)
2. Everyone publishes secret - (aka preimage)

Problem: one can try to delay releasing preimage until he knows all other preimages and can compute this random number himself. Next, he evaluates if value was OK for him and only if it was, he releases the preimage. Otherwise he may choose to abort his participation in the process.

RANDAO etc

RANDAO or Ethereum block hash values are useful because block reward will likely dwarf value of single task in Golem. But because of Ethereum’s transition to PoS, future of this method is not clear.

BLS

We can try to incorporate a Verifiable Random Beacon approach (BLS threshold signatures, see dfinity.network for details) to generate random numbers, but this means that number generation in our particular case can be sabotaged by provider controlling min(k, n-k+1) nodes.