Author: Sergio Demian Lerner 2016-05-24 14:36:35
Published on: 2016-05-24T14:36:35+00:00
The email conversation posted discusses the issue of using random numbers in Bitcoin. A proposed solution is the use of the Bitcoin Beacon paper, which suggests deciding a random bit on the majority 1s or 0s of least significant bits taken from last block hashes. The protocol πbeacon is also examined, which outputs unpredictable and publicly verifiable randomness. The paper shows that πbeacon can be instantiated via Bitcoin under sensible assumptions, but provides an impossibility result that stems from the similarity between the Bitcoin model and Santha-Vazirani sources for cases in which the adversary has an infinite budget. The email also discusses the potential security risks of using multiple block hashes as a source of randomness, which can be mitigated by every miner needing to be bribed to control the results of the random numbers. Additionally, Eric Martindale mentions OP_DETERMINISTICRANDOM from the Elements Project as a possible solution. Finally, Jeremy Rubin suggests adding OP_XOR back and then using something like Blum's fair coin-flipping over the phone for these use cases.
Updated on: 2023-06-11T05:31:07.486429+00:00