MCH2022 Curated content
drand: publicly verifiable randomness explained
drand is an opensource project allowing anybody to run a “randomness beacon”. Its goal? Providing a trustable, verifiable source of public randomness that would enable full transparency in online lotteries, leader election or blockchain smart contracts.
This talk is about what distributed randomness is, what it means for developers, and users, and why you’d want to use it. I will also present to you the current ecosystem around drand, and what it enables you to do differently and why it is desirable in a distributed, decentralized web to have public, verifiable randomness.
Don’t worry though: we will first go through an easy overview of how it works without diving too much into the gory cryptographic details. In addition, I’ll demo how drand works in practice, and explain you how you can easily use it in your applications since drand nodes can be queried by anybody.
Disclaimer: this is NOT a blockchain talk, but rather a distributed system one.
[drand](https://drand.love/) (pronounced "dee-rand") is a distributed randomness beacon daemon written in Golang.
It has been used by Cloudflare, EPFL, Kudelski Security, UCL and other partners to setup a distributed randomness project that was unveiled in June 2019: the ["League of Entropy"](https://blog.cloudflare.com/league-of-entropy). Since then even more members have joined the league.
Servers running drand can be linked with each other to produce collective, publicly verifiable, unbiasable, unpredictable random values at fixed intervals using bilinear pairings and threshold cryptography. Drand nodes can also serve locally-generated private randomness to clients.
Generating public randomness is the primary functionality of drand.
Public randomness is generated collectively by drand nodes and publicly available. The main challenge in generating good randomness is that no party involved in the randomness generation process should be able to predict or bias the final output. Additionally, the final result has to be third-party verifiable to make it actually useful for applications like lotteries, sharding, or even "nothing up my sleeves" parameter generation for security protocols.
drand relies on the following cryptographic constructions:
- Pairing-based cryptography and Barreto-Naehrig curves.
- Pedersen's distributed key generation protocol for the setup.
- Threshold BLS signatures for the generation of public randomness.
- ECIES for the encryption of private randomness.
These are well known, while still relatively cutting edge cryptographic schemes.
Why do we need such randomness?
A lot of reasons actually:
- Lotteries, jury selection, election event, random sampling for audits, ...
- Protocols & cryptography:
- Verifiable gossip: randomly choosing peers in a verifiable way in a network to disseminate information
- Parameters: Nonces & IV for symmetric encryptions, composite or prime numbers for selecting a field for RSA, or even ECC
- Schemes: Diffie Hellman exchange, Schnorr signatures, more generally for zero knowledge proofs,
- Protocols: Tor (e.g. path selection), sharding (Omniledger), leader election for consensus
- Statistics: verifiable random sampling, reducing bias e.g. in controlled trials in medicine, etc.
Now, drand is a software ran by a set of independent nodes that collectively produce randomness and whose long term goal is to implement Randomness-as-a-Service:
- Fetching randomness should be as simple as fetching time from NTP servers.
- Nodes can serve both private randomness and public randomness:
- Unpredictable and bias-resistant
- Publicly Verifiable
- Decentralized service using threshold cryptography, with high availablity, reliability and trust.
This talk will NOT be about just the cryptography behind drand, but I will cover some of the basics in a simple way in order to tease the people that could be interested, while introducing cool cryptographic constructions to the rest. It will NOT be about how drand is built, but it will really be about the **practical use-cases for drand**, how to use it, its kind of randomness, what it means and why you might want to use it.
Additional information
| Type | Talk |
|---|---|
| Language | English |
More sessions
| 7/22/22 |
⚠️ Warning! This talk may contain hackers. There may be hackers in the room. There may be hackers surrounding the room. There may be hackers recording this. There may be hackers listening in. There may be hackers that exfiltrate data. There may be hackers wearing shirts. There may be hackers carrying spying devices. OH NO! There are hackers EVERYWHERE! What can we do now, except having a party?
|
| 7/22/22 |
What do big tech, synthesizers, the crucifixion and Matthäus Passion have in common? Find the answer in the tech performance The Silicon Passion. We’ve all embraced big tech —but is it a warm hug or a strangulation? Bear witness to a debate of biblical proportions between tech nerds, technology and its users. In The Silicon Passion SETUP, in collaboration with de Transmissie (David Schwarz en Derk Stenvers) and Rodrigo Ferreira, is looking for a way out of the pit that technology has ...
|
| 7/22/22 |
Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: https://wiki.mch2022.org/Static:Lightning_Talks
|
| 7/22/22 |
In this workshop, we will learn how to assemble tiny parts on circuit boards by building an electronic touch-activated purring kitten. Anyone can do it. Yes, even you who never touched anything electronic before. Takes 120mins, 20€/kit, avoid caffeine immediately before. Max 10 participants per session, sign up on PAPER at the Hardware Hacking Area.
|
| 7/22/22 |
This is a submission for a keynote talk at MCH2022. The Internet is both a familiar, comfortable place as well as a bottomless rabbit hole you can lose yourself in. The Internet has always been like this from its inception, the difference now is the scale and consequences are almost immeasurable - and it tests the limits of human imagination. When you look into the mirror of the Internet what you see reflected back depends on what you are looking for. It has become largely a reflection of ...
|
| 7/22/22 |
Have you ever forgotten a passphrase or lost a hardware token? Lost access to enough Bitcoin to buy a pizza or two? Encryption is fundamental to securing our liberties, but key and password management remain difficult even for professionals, let alone the general public. This talk presents Passcrow, an Open Source project attempting to address one of crypto's largest usability issues: password and key recovery in a decentralized environment.
|
| 7/22/22 |
Thanks to DNSSEC and DANE, it is possible to automatically verify user@domain.name identities by checking with domain.name servers. The real problem however, is integration with existing protocols, instead of inventing something completely new and perhaps web-only. The purpose of our work on Realm Crossover mechanisms has been to design generic solutions that extend many different application protocols, without changing their protocol specs.
|
