Abstract
RANDAO is a commit-reveal scheme for generating pseudo-random numbers in a decentralized fashion. The scheme is used in emerging blockchain systems as it is widely believed to provide randomness that is unpredictable and hard to manipulate by maliciously behaving nodes. However, RANDAO may still be susceptible to look-ahead attacks, in which an attacker (controlling a subset of nodes in the network) may attempt to pre-compute the outcomes of (possibly many) reveal strategies, and thus may bias the generated random number to his advantage. In this work, we formally evaluate resilience of RANDAO against such attacks. We first develop a probabilistic model in rewriting logic of RANDAO, and then apply statistical model checking and quantitative verification algorithms (using Maude and PVeStA) to analyze two different properties that provide different measures of bias that the attacker could potentially achieve using pre-computed strategies. We show through this analysis that unless the attacker is already controlling a sizable percentage of nodes while aggressively attempting to maximize control of the nodes selected to participate in the process, the expected achievable bias is quite limited.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The specific values for a and b used in this section and Sect. 5.2 are chosen so that the total size of the validator set \(a \cdot b\) is large enough relative to the length of the proposers list a so that the probability of picking a compromised proposer stays the same (recall that the attack probability is fixed), while not too large to allow efficient analysis. This has the important consequence that the analysis results obtained are representative of actual setups (where the set of validators is much larger than that of the proposers), regardless of the exact proportion of proposers to validators.
References
Agha, G., Meseguer, J., Sen, K.: PMaude: rewrite-based specification language for probabilistic object systems. Electron. Notes Theor. Comput. Sci. 153(2), 213–239 (2006)
AlTurki, M., Meseguer, J.: PVeStA: a parallel statistical model checking and quantitative analysis tool. In: Corradini, A., Klin, B., Cîrstea, C. (eds.) CALCO 2011. LNCS, vol. 6859, pp. 386–392. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22944-2_28
Alturki, M.A., Roşu, G.: Statistical model checking of RANDAO’s resilience against pre-computed reveal strategies. Technical report, The University of Illinois at Urbana-Champaign, November 2018. http://hdl.handle.net/2142/102076
Boneh, D., Bonneau, J., Bünz, B., Fisch, B.: Verifiable delay functions. Proc. Crypto 2018, 757–788 (2018)
Bruni, R., Meseguer, J.: Semantic foundations for generalized rewrite theories. Theor. Comput. Sci. 360(1–3), 386–414 (2006)
Buterin, V.: RANDAO Beacon exploitability analysis, round 2, November 2018. https://ethresear.ch/t/randao-beacon-exploitability-analysis-round-2/1980
Buterin, V.: RNG exploitability analysis assuming pure RANDAO-based main chain, November 2018. https://ethresear.ch/t/rng-exploitability-analysis-assuming-pure-randao-based-main-chain/1825
Buterin, V.: Validator ordering and randomness in PoS, November 2018. https://vitalik.ca/files/randomness.html
Clavel, M., et al.: All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71999-1
Ethereum Foundation: Announcing beneficiaries of the Ethereum Foundation grants, November 2018. https://blog.ethereum.org/2018/03/07/announcing-beneficiaries-ethereum-foundation-grants
Ethereum Foundation: Ethereum 2.0 spec - Casper and Sharding, November 2018. https://github.com/ethereum/eth2.0-specs/blob/master/specs/beacon-chain.md
Kumar, N., Sen, K., Meseguer, J., Agha, G.: A rewriting based model for probabilistic distributed object systems. In: Najm, E., Nestmann, U., Stevens, P. (eds.) FMOODS 2003. LNCS, vol. 2884, pp. 32–46. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-39958-2_3
Meseguer, J.: Rewriting as a unified model of concurrency. In: Baeten, J.C.M., Klop, J.W. (eds.) CONCUR 1990. LNCS, vol. 458, pp. 384–400. Springer, Heidelberg (1990). https://doi.org/10.1007/BFb0039072
Meseguer, J.: Conditional rewriting logic as a unified model of concurrency. Theor. Comput. Sci. 96(1), 73–155 (1992). https://doi.org/10.1016/0304-3975(92)90182-F
Meseguer, J.: Membership algebra as a logical framework for equational specification. In: Presicce, F.P. (ed.) WADT 1997. LNCS, vol. 1376, pp. 18–61. Springer, Heidelberg (1998). https://doi.org/10.1007/3-540-64299-4_26
Qian, Y.: RANDAO: A DAO working as RNG of Ethereum, November 2018. https://github.com/randao/randao/
Sen, K., Kumar, N., Meseguer, J., Agha, G.: Probabilistic rewrite theories: unifying models, logics and tools. Technical report, UIUCDCS-R-2003-2347, University of Illinois at Urbana Champaign, May 2003
Acknowledgements
We thank Danny Ryan and Justin Drake from the Ethereum Foundation for their very helpful comments. This work was performed under the first Ethereum Foundation security grant “Casper formal verification” [10].
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Alturki, M.A., Roşu, G. (2020). Statistical Model Checking of RANDAO’s Resilience to Pre-computed Reveal Strategies. In: Sekerinski, E., et al. Formal Methods. FM 2019 International Workshops. FM 2019. Lecture Notes in Computer Science(), vol 12232. Springer, Cham. https://doi.org/10.1007/978-3-030-54994-7_25
Download citation
DOI: https://doi.org/10.1007/978-3-030-54994-7_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-54993-0
Online ISBN: 978-3-030-54994-7
eBook Packages: Computer ScienceComputer Science (R0)