Abstract
We introduce Bicorn, an optimistically efficient distributed randomness protocol with strong robustness under a dishonest majority. Bicorn is a “commit-reveal-recover” protocol. Each participant commits to a random value, which are combined to produce a random output. If any participants fail to open their commitment, recovery is possible via a single time-lock puzzle which can be solved by any party. In the optimistic case, Bicorn is a simple and efficient two-round protocol with no time-lock puzzle. In either case, Bicorn supports open, flexible participation, requires only a public bulletin board and no group-specific setup or PKI, and is guaranteed to produce random output assuming any single participant is honest. All communication and computation costs are (at most) linear in the number of participants with low concrete overhead.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The original Unicorn proposal used modular square roots in a prime-order group. We consider using a modern VDF instead.
- 2.
Verifying “hash-to-prime” involves testing the primality of a number on-chain using Pocklington certificates. This costs between 2.3–4 million gas, depending on the size of the certificate. Table 2 reports costs with the smallest possible certificate.
References
Drand. https://drand.love/
Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Secure multiparty computations on bitcoin. In: IEEE Security & Privacy (2014)
Beaver, D., et al.: Strobe: stake-based threshold random beacons. Cryptology ePrint Archive (2021)
Beaver, D., So, N.: Global, unpredictable bit generation without broadcast. In: Eurocrypt (1993)
Bellare, M., Garay, J.A., Rabin, T.: Fast batch verification for modular exponentiation and digital signatures. In: Eurocrypt (1998)
Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_25
Bhat, A., Kate, A., Nayak, K., Shrestha, N.: OptRand: optimistically responsive distributed random beacons. Cryptology ePrint Archive, Paper 2022/193 (2022)
Bhat, A., Shrestha, N., Kate, A., Nayak, K.: RandPiper - reconfiguration-friendly random beacons with quadratic communication. Cryptology ePrint Archive, Paper 2020/1590 (2020)
Blum, M.: Coin flipping by telephone a protocol for solving impossible problems. In: ACM SIGACT News (1983)
Boneh, D., Bonneau, J., Bünz, B., Fisch, B.: Verifiable delay functions. In: CRYPTO (2018)
Boneh, D., Bünz, B., Fisch, B.: Batching techniques for accumulators with applications to IOPs and stateless blockchains. In: CRYPTO (2019)
Boneh, D., Bünz, B., Fisch, B.: A Survey of Two Verifiable Delay Functions. Cryptology ePrint Archive, Paper 2018/712 (2018)
Boneh, D., Drijvers, M., Neven, G.: Compact multi-signatures for smaller blockchains. In: Asiacrypt (2018)
Boneh, D., Naor, M.: Timed commitments. In: Annual International Cryptology Conference (2000)
Buchmann, J., Hamdy, S.: A survey on IQ cryptography. In: Public-Key Cryptography and Computational Number Theory (2011)
Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: Short proofs for confidential transactions and more. In: IEEE Security & Privacy (2018)
Bünz, B., Fisch, B.: Schwartz-zippel for multilinear polynomials mod n. Cryptology ePrint Archive, Paper 2022/458 (2022)
Camenisch, J., Drijvers, M., Hanke, T., Pignolet, Y.A., Shoup, V., Williams, D.: Internet computer consensus. In: ACM PODC (2022)
Cascudo, I., David, B.: Scrape: scalable randomness attested by public entities. In: ACNS (2017)
Cascudo, I., David, B.: Albatross: publicly attestable batched randomness based on secret sharing. In: Asiacrypt (2020)
Chen, M., et al.: Diogenes: lightweight scalable RSA modulus generation with a dishonest majority. In: IEEE Security & Privacy (2021)
Cherniaeva, A., Shirobokov, I., Shlomovits, O.: Homomorphic encryption random beacon. Cryptology ePrint Archive, Paper 2019/1320 (2019)
Couteau, G., Klooß, M., Lin, H., Reichle, M.: Efficient range proofs with transparent setup from bounded integer commitments. In: Eurocrypt (2021)
Das, S., Krishnan, V., Isaac, I.M., Ren, L.: Spurt: scalable distributed randomness beacon with transparent setup. Cryptology ePrint Archive, Paper 2021/100 (2021)
Fuchsbauer, G., Kiltz, E., Loss, J.: The algebraic group model and its applications. In: CRYPTO (2018)
Guo, Z., Shi, L., Xu, M.: SecRand: a secure distributed randomness generation protocol with high practicality and scalability. IEEE Access 8, 203917–203929 (2020)
Kiayias, A., Russell, A., David, B., Oliynykov, R.: Ouroboros: a provably secure proof-of-stake blockchain protocol. In: CRYPTO (2017)
Lenstra, A.K., Wesolowski, B.: A random zoo: sloth, unicorn, and TRX. Cryptology ePrint Archive, Paper 2015/366 (2015)
Micciancio, D.: The RSA group is pseudo-free. In: CRYPTO (2005)
Pietrzak, K.: Simple verifiable delay functions. In: ITCS (2018)
Pippenger, N.: On the evaluation of powers and monomials. SIAM J. Comput. 9(2), 230–250 (1980)
Qian, Y.: Randao: Verifiable random number generation (2017). https://randao.org/whitepaper/Randao_v0.85_en.pdf
Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock puzzles and timed-release crypto (1996)
Schindler, P., Judmayer, A., Stifter, N., Weippl, E.: Hydrand: efficient continuous distributed randomness. In: IEEE Security & Privacy (2020)
Schoenmakers, B.: A simple publicly verifiable secret sharing scheme and its application to electronic voting. In: CRYPTO (1999)
Schwartz, J.T.: Fast probabilistic algorithms for verification of polynomial identities. J. ACM (JACM) 27(4), 701–717 (1980)
Syta, E., et al.: Scalable bias-resistant distributed randomness. In: IEEE Security & Privacy (2017)
Thyagarajan, S.A.K., Castagnos, G., Laguillaumie, F., Malavolta, G.: Efficient CCA timed commitments in class groups. Cryptology ePrint Archive, Report 2021/1272 (2021)
Trevisan, L.: Extractors and pseudorandom generators. J. ACM 48(4), 860–879 (2001)
Trevisan, L., Vadhan, S.: Extracting randomness from samplable distributions. In: FOCS (2000)
Wesolowski, B.: Efficient verifiable delay functions. In: Eurocrypt (2019)
Wood, G., et al.: Ethereum: a secure decentralised generalised transaction ledger. In: Ethereum Project Yellow Paper (2014)
Zippel, R.: Probabilistic algorithms for sparse polynomials. In: Symbolic and Algebraic Manipulation (1979)
Acknowledgments
Kevin Choi, Arasu Arun and Joseph Bonneau were supported by DARPA under Agreement No. HR00112020022. Nirvan Tyagi was supported via a Facebook Graduate Fellowship, and part of this work was done while he was a visiting student at Stanford University. Joseph Bonneau and Arasu Arun were also supported by a16z crypto research. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the United States Government, DARPA, a16z, Facebook or any other supporting organization.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 International Financial Cryptography Association
About this paper
Cite this paper
Choi, K., Arun, A., Tyagi, N., Bonneau, J. (2024). Bicorn: An Optimistically Efficient Distributed Randomness Beacon. In: Baldimtsi, F., Cachin, C. (eds) Financial Cryptography and Data Security. FC 2023. Lecture Notes in Computer Science, vol 13950. Springer, Cham. https://doi.org/10.1007/978-3-031-47754-6_14
Download citation
DOI: https://doi.org/10.1007/978-3-031-47754-6_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-47753-9
Online ISBN: 978-3-031-47754-6
eBook Packages: Computer ScienceComputer Science (R0)