Winner selection using randomness
In JavaScript, one can use Math.random() to generate a “random” number. We put this in quotes because the number generated isn’t truly random. Thus, it cannot be used by UpsideFinance to select a random winner for the lossless lotteries. The function mentioned earlier generates a pseudo-random number, which will eventually repeat. They are relatively evenly distributed over some expected range of values (Simmons, 2018). Once the seed of the pseudo random number is known, it is easy to predict the subsequent outcomes.
An article quoted Steve Ward, Professor of Computer Science and Engineering at MIT’s Computer Science and Artificial Intelligence Laboratory, saying
One thing that traditional computer systems aren’t good at is coin flipping…
“…They’re deterministic, which means that if you ask the same question, you’ll get the same answer every time. In fact, such machines are specifically and carefully programmed to eliminate randomness in results. They do this by following rules and relying on algorithms when they compute.” (Rubin, 2011).
CloudFlare obtains most of their random numbers from either the Linux kernel or OpenSSL’s random number generation system. Both of these seed their random number generators from a variety of sources which make them as unpredictable as possible (Graham-Cumming, 2013). CloudFlare also has a system of lava lamps, called LavaRand, which they use as a secondary source of randomness for their production servers. This physical world randomness adds additional security to their systems.
UpsideFinance aims to maintain transparency while choosing a random winner without compromising the predictability. For this reason, we have turned to Algoracle and are in the process of testing out their Verifiable Random Function (VRF).
A VRF is a “public-key pseudorandom function” that provides proofs that its outputs were calculated correctly. The owner of the secret key can compute the function value as well as an associated proof for any input value. Everyone else, using the proof and the associated public key (or verification key), can check that this value was indeed calculated correctly. However, this information cannot be used to find the secret key.
Our approach to lossless lotteries is designed to inspire confidence, thus attract a larger audience to UpsideFinance.
Read more on our partnership with Algoracle-
References
Chen, L. (2009, October). Computer Security Resource Center. Retrieved from National Institute of Standards and Technology: https://csrc.nist.gov/glossary/term/pseudorandom_function
Graham-Cumming, J. (2013, September 13). Why secure systems require random numbers. Retrieved from The Cloudflare Blog: https://blog.cloudflare.com/why-randomness-matters/
Liebow-Feeser, J. (2017, November 6). Randomness 101: LavaRand in Production. Retrieved from The Cloudflare Blog: https://blog.cloudflare.com/randomness-101-lavarand-in-production/
Raghunathan, A. (n.d.). Bilinear maps in Verifiable Random Functions. Retrieved from Stanford University: http://theory.stanford.edu/~dfreeman/cs259c-f11/finalpapers/vrf.pdf
Rubin, J. M. (2011, November 1). Ask an Engineer. Retrieved from MIT School of Engineering: https://engineering.mit.edu/engage/ask-an-engineer/can-a-computer-generate-a-truly-random-number/
Simmons, D. (2018, March 12). How does JavaScript’s Math.random() generate random numbers? Retrieved from Hackernoon: https://hackernoon.com/how-does-javascripts-math-random-generate-random-numbers-ef0de6a20131
