Economically Viable Randomness

💡 Research Summary

The paper introduces the notion of Economically Viable Randomness (EVR), a randomness service tailored for blockchain applications where the random output has significant economic consequences, such as lotteries or gambling dApps. EVR must satisfy two core properties: secrecy (the random bits remain hidden until a predefined condition matures) and robustness (the bits are guaranteed to be published once the condition holds). To reason about EVR independently of any specific blockchain, the authors define an abstract blockchain model B, comprising a global clock, a set of accounts (externally owned accounts and smart contracts), an append‑only transaction log, and a deterministic state machine that processes transactions while preserving the total coin balance.

Within B, a service is realized as an escrow smart contract. Players register by depositing a small collateral (typically 1 coin) into the escrow; registration ends when a verifiable condition closes, after which the set of participants is fixed. The randomness generation itself occurs off‑chain using a distributed key generation (DKG) protocol. Each participant commits a share of a secret and later reveals it when the condition matures, reconstructing a uniformly random value.

A central challenge is that participants, motivated purely by profit, may attempt to break secrecy by leaking the secret early. To counter this, the authors devise an “informing mechanism”: any participant who learns the secret before the reveal condition can submit it to the escrow contract and receive a substantial reward funded by the collective deposits. The reward is calibrated so that the expected profit from leaking is negative, making early disclosure economically unattractive.

The game‑theoretic analysis models each player as a utility‑maximizing agent with both deposited and external coins. Players may also form side contracts—trustless agreements enforced by smart contracts—to coordinate attacks. The authors prove that the default honest strategy (following the protocol, and informing when possible) constitutes a Coalition‑Proof Nash Equilibrium (CPNE). In a CPNE, no coalition of any size can deviate in a way that benefits all its members, and any sub‑coalition would have an incentive to further deviate, rendering the original deviation unstable. This result holds even when side contracts are allowed, demonstrating that the incentive structure robustly deters collusion aimed at breaking secrecy or robustness.

The paper extends the single‑shot EVR to a multi‑shot version, where a single commitment yields a sequence of random values revealed over time. This is essential for applications such as card games or dice rolls that require multiple random draws. The authors implement a proof‑of‑concept multi‑shot EVR on Ethereum, addressing practical issues like gas limits, transaction ordering, front‑running, and chain re‑organizations. Their implementation can support hundreds of participants within Ethereum’s block gas constraints, and they discuss how to mitigate ordering attacks by using time‑based verifiable conditions and deterministic commit ordering.

In the related‑work discussion, the authors compare their approach to existing distributed randomness protocols (e.g., RandHound, DRAND, and threshold‑signature based schemes). The distinguishing factor of EVR is the explicit economic model that assumes fully selfish participants and still achieves security with constant, minimal deposits. Unlike many prior schemes that require large stakes proportional to the jackpot or rely on honest majority assumptions, EVR’s incentive‑compatible design ensures security even when the jackpot scales linearly with the number of participants.

Overall, the contribution of the paper is threefold: (1) a formal definition of the EVR problem and an abstraction of blockchain services; (2) a concrete protocol combining off‑chain DKG, on‑chain escrow, and an informing reward mechanism that yields a CPNE guaranteeing secrecy and robustness; and (3) a practical Ethereum implementation demonstrating scalability and addressing real‑world blockchain constraints. The work provides a solid foundation for trustworthy randomness in economically sensitive decentralized applications.