This is the latest installment in our series highlighting unique features of the Filecoin network. Filecoin will be the first high-profile user of the production drand network. This post dives into what drand is and how it works.
This month, the League of Entropy, a consortium of organizations committed to providing a publicly verifiable, unbiasable source of randomness as a foundational internet service, is upgrading to a production grade service that will serve as an off-chain source of randomness for Filecoin. Drand can provide a reliable and unbiasable source of randomness for many blockchain systems and applications in the future. This post explores the history and value of drand and what it means for the future of the internet.
Why is randomness important?
Random systems generate results that have a uniform distribution of probability and are stochastically independent from each other. We encounter randomness with every dice roll and coin toss: When you flip a fair coin, both heads and tails have equal or uniform probabilities (uniform distribution) and you can’t predict the outcome of any individual coin toss on the basis of past results (stochastic independence).
But randomness is useful for more than just determining the statistics of coin tosses and dice rolls. In fact, we rely on randomness for everything from cryptography and cybersecurity to election audits and online gambling.
That’s because randomness has the power to make some digital processes resistant to manipulation. To take just one example, any cryptographically secure system is resistant to fraud and hacks only if the cryptographic keys it uses are incredibly difficult to guess. And cryptographic keys are difficult to guess only if the source values used to generate them are properly random. In other words, the basis for secure cryptography is randomness.
Yet not all randomness is created equal. For example, when generating a random integer between one and ten, you should have a 1 in 10 chance of guessing it correctly. But if your randomness generator exhibits bias or patterns, you could have a better than 1 in 10 chance of guessing the integer correctly. In other words, a key problem is the use of “predictable” generators. Predictable randomness opens the door once again to fraud and hacks. We don’t just need randomness; we need good randomness. And good randomness is harder to produce than you might think.
The quality of randomness is measured by its unpredictability, a property of randomness called “entropy.” Since computers are deterministic systems, it’s algorthmically impossible to create true, high-entropy randomness using a computer algorithm. But even physical randomness is easily biased if it’s generated by a single source. If you can control, manipulate, or otherwise influence the source of randomness, you can bias apparently random outcomes in your favor, as a recent high-profile case of lottery fraud reveals quite clearly. And for many use cases of randomness, like election auditing and cryptography, you also need randomness to be publicly verifiable. A randomness generator is only as good as the way it’s conveyed to the user. If you can’t verify that the numbers you are receiving are in fact random, then your system can be open to attacks and manipulation.
Good randomness that is high-entropy, bias-resistant, and publicly verifiable is hard to find. For years there was no service available that could produce that kind of randomness at scale. But a new project has emerged that is up to the task. It’s called drand (short for distributed randomness) and it’s what Filecoin uses as its randomness source.
What is drand?
Drand is what’s called a randomness beacon, a service that provides publicly-accessible randomness for use by third parties. While randomness beacons have been around for a while, what makes drand unique is that it generates randomness by combining contributions from a network of independently-run servers. That means drand incorporates the strength, security, and resilience of distributed networks into the process of randomness generation. In more ways than one, that makes drand an industry first for randomness-as-a-service.
Drand’s open-source software is run on a global network, the League of Entropy, that is maintained by a diverse set of organizations, including Protocol Labs, along with C4DT, ChainSafe, cLabs, Cloudflare, Emerald Onion, EPFL DEDIS, Ethereum Foundation, IC3, Kudelski Security, PTisp, University of Chile, Tierion, and UCL. Because the drand network is distributed across multiple server nodes, there is no central point of failure, which means drand cannot be biased and cannot be halted by a single insider or by the compromise of a single network partner. And, as an open-source project, drand is supported directly by its users, ensuring that the protocol remains a living, evolving project that adapts to the needs of its community.
The primary function of drand is generating publicly-available randomness for anyone to use. To perform this function reliably, all of the nodes in the drand network work together collectively to generate randomness at regular intervals called “rounds.” In every round of randomness generation, drand provides randomness with three distinct properties: unpredictability, unbiasability, and verifiability. That means that every round of randomness generation (1) can’t be predicted by any party involved in the randomness generation process, (2) is uniformly random and unbiased and (3) can be verified as truly random by verifying a single signature.
Drand provides the most reliable, high-entropy public randomness available to date. That’s why we use the randomness generated by drand in the Filecoin network.
How Filecoin uses drand
Many cryptocurrencies and blockchain-based networks need good randomness to operate securely and effectively. Filecoin is no different. Filecoin relies on good randomness values to maintain “liveness,” or the consensus of all clients on the correct history of the Filecoin blockchain. That’s because Filecoin uses randomness to perform the leader elections that determine which miner will publish a new block to the blockchain.
Leader elections are the way the Filecoin blockchain grows. Blocks in the Filecoin blockchain are arranged by epoch, and every epoch has potentially multiple elected leaders. In a leader election, at least one miner is selected from a set of miners weighted according to the storage power these miners contribute to the Filecoin network. The elected miner is chosen to begin a new epoch by generating the next block on the blockchain and earning that block’s rewards.
Leader elections write the history of the Filecoin blockchain, so it’s important that the process by which leaders are elected is untamperable, unbiased, unpredictable, and fair. To make sure this election is fair and unbiased, Filecoin needs good randomness. At the same time, Filecoin needs the randomness it uses to be publicly verifiable, since elected leaders need some way to prove to other miners that they were, in fact, elected.
Drand provides precisely the high-entropy, unbiased, and publicly verifiable randomness values that Filecoin needs to guarantee the fairness and security of its leader elections. Its unique features ensure that Filecoin’s leader elections are just as fault-tolerant and immune to bias and adversarial manipulation as drand itself. With drand as its source of randomness value, the Filecoin network can guarantee liveness.
The future of drand
Drand is a rapidly evolving project with ample room for growth. As drand develops, we’ll likely see the network scale in new ways to meet growing industry demand and to adapt to new technologies, like advances in cryptography and quantum computing. But drand is already a cutting-edge service that can make a crucial contribution to many digital projects, including the Filecoin network.
To learn more about drand, join us Thursday August 13, as Protocol Labs and ETHGlobal host the Randomness Summit, a one-day virtual conference for distributed systems and critical infrastructure enthusiasts on the state of randomness beacon research and deployment. The full schedule can be viewed here.