Author: Sergio Demian Lerner 2016-05-24 14:30:30
Published on: 2016-05-24T14:30:30+00:00
A protocol named πbeacon is examined in a paper by Iddo Bentov, Ariel Gabizon, and David Zuckerman that outputs unpredictable and publicly verifiable randomness. Bitcoin can be used to instantiate πbeacon under sensible assumptions. However, an impossibility result exists in case the adversary has an infinite budget as it stems from the similarity between the Bitcoin model and Santha-Vazirani sources. A hybrid protocol that combines trusted parties and a Bitcoin-based beacon is also provided. In a discussion on bitcoin-dev mailing list, Eric Martindale suggests taking a look at OP_DETERMINISTICRANDOM from the Elements Project as it aims to achieve a similar goal. Matthew Roberts explores the idea of using multiple block hashes as a source of randomness, but Johnson Lau points out that this does not make it any safer since the miner of the last block always determines the results. To protect the details of contracts using OP_PRANDOM from miners, pay-to-script-hash can be used, but there is still a non-zero risk of participants attempting to bribe a miner.
Updated on: 2023-06-11T05:30:55.832759+00:00