Author: Matthew Roberts 2016-05-20 10:57:46
Published on: 2016-05-20T10:57:46+00:00
Bitcoin has proposed OP_PRANDOM, a new op code that pushes a pseudo-random number to the top of the stack based on the next N block hashes. This new feature will make deterministic, verifiable, and trustless pseudo-random numbers available for use in the Script language possible and would allow for the creation of decentralized lotteries without complicated multi-party computation protocols. The op code could also be used for cryptographically secure virtual asset management such as rewards in video games and other applications. However, there is a risk that a participant in a contract may attempt to bribe a miner for control over the results of the random numbers, which makes the inclusion of multiple block hashes as a source of randomness necessary. The risk approaches zero as N goes up. Since the random numbers are based on a changing blockchain, it's problematic to use the next immediate block hashes before the state is “final.” A safe default for accepting the blockchain state as final would need to be agreed upon beforehand; otherwise, multiple random outputs could become valid simultaneously on different forks. A simple solution is not to reveal any commitments before the chain height surpasses a certain point. Only one version will eventually make it into the final chain anyway. Pay-to-script-hash can be used to protect the details of contracts that use OP_PRANDOM from the prying eyes of miners. However, it is uncertain how secure this new feature is or whether its a good idea so it has been posted for feedback.
Updated on: 2023-06-11T05:30:38.633906+00:00