Randomize winning numbers on a Blockchain
Security and Randomness
On the Cryptoball Lottery, all bets go to a smart contract with source code freely available. Prizes are automatically paid by the Smart Contract to the addresses originating the bets, so there is no man in the middle. Users cannot be cheated on. All this is assured by the immutable code of a Smart Contract which is not executed by any particular party but rather the whole blockchain.
Nevertheless, there still is an open challenge for all blockchain based games, how to obtain true randomness. According to this article, no one has yet (as of spring 2019) implemented a good and strong random source in the blockchain and tested it live. Part of the problem is easily solved, as long as strong cryptography is used, strictly unbiased results are obtained. Using the Signum blockchain this can be easily obtained from block hashes. However, as miners can influence block hashes (for instance, by adding an additional transaction to a block) they can start influencing the results to generate their desired numbers. Miners of any blockchain seek profit and a strong design should assume that miners cannot be trusted.
Thus, many solutions to this problem have been proposed. Among the most common are the commit-reveal and the use of an oracle. The former adds complexity and requires users to interact with the system more than once for a single bet. Additionally, miners could still block transactions and then again somehow influence results. The later one, based on an oracle, proposes the use of third parties outside the blockchain. However, having to trust a centralized oracle is unacceptable. It not only contradicts the very core of the blockchain philosophy but also is subject to the fact that this central point can be corrupted at any time.
The Cryptoball Lottery solution for this problem is to keep any attempt to tamper with the results unprofitable for miners, since there are some fundamental restrictions we cannot overcome in a truly decentralized way. All players of a fair and truly random lottery should know that they cannot profit in the long term. Bets should be made for fun or occasionally expecting good luck for whatever reason. Miners trying to tamper with the system in a systematic way, will need to beat the 30% average cut reserved for network and Smart Contract fees besides keeping the jackpot amount. If the winning numbers were to come from a single specific block hash, it could be feasible for a miner owning a substantial hashing power to take advantage of it. To avoid this, winning numbers of each round will come from several different block hashes.
The seed for the winning numbers of each round (on block height N) will consist of 128 bits. Half of these bits (64 bits) will be taken as follows:
Block Height |
N-9 |
N-8 |
N-7 |
N-6 |
N-5 |
N-4 |
N-3 |
N-2 |
N-1 |
Bit Number |
1 ..... 56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
This way, the first 56 bits will come from the block N-9 and then 1 bit from block N-8 up to N-1. Using these first 64 bits, plus another 64 bits from block height N-9, a SHA-256 hash is applied to get the winning numbers. Any change in any of these bits generates a completely different result. By manipulating only the last bit, only two different numbers can be obtained which is a very small subset in the universe of possible values. This alone greatly reduces any advantage a dishonest miner can have.
Furthermore, a miner with a huge capacity could indeed mine several blocks in a row, but the chances of this happening exactly on the block heights where the numbers are drawn are much reduced. Most smart contract platforms can only react to transactions and here lies an advantage of the Signum Smart Contract platform:
A Smart Contract can be programmed to run in a specific block, regardless of receiving transactions or not.
This means that the contract can be programmed to run on a specific block height and there is nothing miners can do about it.