MCH2022 Curated content

drand: publicly verifiable randomness explained

Clairvoyance 🔮
Yolan Romailler
drand is an opensource project allowing anybody to run a “randomness beacon”. Its goal? Providing a trustable, verifiable source of public randomness that would enable full transparency in online lotteries, leader election or blockchain smart contracts. This talk is about what distributed randomness is, what it means for developers, and users, and why you’d want to use it. I will also present to you the current ecosystem around drand, and what it enables you to do differently and why it is desirable in a distributed, decentralized web to have public, verifiable randomness. Don’t worry though: we will first go through an easy overview of how it works without diving too much into the gory cryptographic details. In addition, I’ll demo how drand works in practice, and explain you how you can easily use it in your applications since drand nodes can be queried by anybody. Disclaimer: this is NOT a blockchain talk, but rather a distributed system one.
[drand](https://drand.love/) (pronounced "dee-rand") is a distributed randomness beacon daemon written in Golang. It has been used by Cloudflare, EPFL, Kudelski Security, UCL and other partners to setup a distributed randomness project that was unveiled in June 2019: the ["League of Entropy"](https://blog.cloudflare.com/league-of-entropy). Since then even more members have joined the league. Servers running drand can be linked with each other to produce collective, publicly verifiable, unbiasable, unpredictable random values at fixed intervals using bilinear pairings and threshold cryptography. Drand nodes can also serve locally-generated private randomness to clients. Generating public randomness is the primary functionality of drand. Public randomness is generated collectively by drand nodes and publicly available. The main challenge in generating good randomness is that no party involved in the randomness generation process should be able to predict or bias the final output. Additionally, the final result has to be third-party verifiable to make it actually useful for applications like lotteries, sharding, or even "nothing up my sleeves" parameter generation for security protocols. drand relies on the following cryptographic constructions: - Pairing-based cryptography and Barreto-Naehrig curves. - Pedersen's distributed key generation protocol for the setup. - Threshold BLS signatures for the generation of public randomness. - ECIES for the encryption of private randomness. These are well known, while still relatively cutting edge cryptographic schemes. Why do we need such randomness? A lot of reasons actually: - Lotteries, jury selection, election event, random sampling for audits, ... - Protocols & cryptography: - Verifiable gossip: randomly choosing peers in a verifiable way in a network to disseminate information - Parameters: Nonces & IV for symmetric encryptions, composite or prime numbers for selecting a field for RSA, or even ECC - Schemes: Diffie Hellman exchange, Schnorr signatures, more generally for zero knowledge proofs, - Protocols: Tor (e.g. path selection), sharding (Omniledger), leader election for consensus - Statistics: verifiable random sampling, reducing bias e.g. in controlled trials in medicine, etc. Now, drand is a software ran by a set of independent nodes that collectively produce randomness and whose long term goal is to implement Randomness-as-a-Service: - Fetching randomness should be as simple as fetching time from NTP servers. - Nodes can serve both private randomness and public randomness: - Unpredictable and bias-resistant - Publicly Verifiable - Decentralized service using threshold cryptography, with high availablity, reliability and trust. This talk will NOT be about just the cryptography behind drand, but I will cover some of the basics in a simple way in order to tease the people that could be interested, while introducing cool cryptographic constructions to the rest. It will NOT be about how drand is built, but it will really be about the **practical use-cases for drand**, how to use it, its kind of randomness, what it means and why you might want to use it.

Additional information

Type Talk
Language English

More sessions

7/22/22
MCH2022 Curated content
Elger "Stitch" Jonker
Abacus 🧮
⚠️ Warning! This talk may contain hackers. There may be hackers in the room. There may be hackers surrounding the room. There may be hackers recording this. There may be hackers listening in. There may be hackers that exfiltrate data. There may be hackers wearing shirts. There may be hackers carrying spying devices. OH NO! There are hackers EVERYWHERE! What can we do now, except having a party?
7/22/22
MCH2022 Curated content
Jelle vd ster
Abacus 🧮
What do big tech, synthesizers, the crucifixion and Matthäus Passion have in common? Find the answer in the tech performance The Silicon Passion. We’ve all embraced big tech —but is it a warm hug or a strangulation? Bear witness to a debate of biblical proportions between tech nerds, technology and its users. In The Silicon Passion SETUP, in collaboration with de Transmissie (David Schwarz en Derk Stenvers) and Rodrigo Ferreira, is looking for a way out of the pit that technology has ...
7/22/22
MCH2022 Curated content
Clairvoyance 🔮
Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki.
7/22/22
MCH2022 Curated content
Mikko Hypponen
Abacus 🧮
This is a submission for a keynote talk at MCH2022. The Internet is both a familiar, comfortable place as well as a bottomless rabbit hole you can lose yourself in. The Internet has always been like this from its inception, the difference now is the scale and consequences are almost immeasurable - and it tests the limits of human imagination. When you look into the mirror of the Internet what you see reflected back depends on what you are looking for. It has become largely a reflection of ...
7/22/22
MCH2022 Curated content
Battery 🔋
Thanks to DNSSEC and DANE, it is possible to automatically verify user@domain.name identities by checking with domain.name servers. The real problem however, is integration with existing protocols, instead of inventing something completely new and perhaps web-only. The purpose of our work on Realm Crossover mechanisms has been to design generic solutions that extend many different application protocols, without changing their protocol specs.
7/22/22
MCH2022 Curated content
Klaus Agnoletti
Clairvoyance 🔮
Utilizing collaborative security to collect data on attacks we were able to detect Log4J in a quite unusual but effective manner. We'll show you how CrowdSec enables the entire infosec community to stand together by detecting attempts to exploit a critical 0day, reporting them centrally thereby enabling anyone to protect themselves shortly after the vulnerability was made public. The unusual part is that this is done using FOSS software and by analyzing logs of real production systems but in a ...
7/22/22
MCH2022 Curated content
bert hubert
Abacus 🧮
Building on the very well attended DNA presentations ("DNA: The Code Of Life") at SHA2017, this talk will cover: * A brief recap what DNA is and how it works * It is surprisingly digital! * How reading DNA is within 'pro-sumer' reach now * (I might bring a live demo for after the talk) * An overview of DNA editing technologies (offline, and online: on living organisms) * Including the famous CRISPR-CAS, but also newer variants * How does such editing actually work in a lab? * The surprising lack ...