IOSG: Random numbers are an indispensable part of the Web3 world

Written by: Sally, IOSG Ventures

Randomness & Fate

Imagine a group of extremely wealthy yet extremely bored BTC whales decides to collectively put up 1000 BTC every year for a game of Russian roulette. They prepare a revolver, loading only one bullet into a six-chamber cylinder, and then point it at your head and pull the trigger. Each time the trigger is pulled, the outcome can be seen as a parallel universe, resulting in a total of six different outcomes corresponding to this single event, each with the same probability. Five of these parallel universes will make you rich overnight, even landing you on the cover of Forbes, while the remaining one will leave you dead in a humiliating manner.

Would you be willing to participate in this gamble? One round? Two rounds? Or would you try your luck every year?

Playing this game requires courage, and of course, some brainpower. An 83% win rate is quite high; such certainty is rare in life. But if some greedy fools choose to keep playing, then 20 years later, the vast majority of them should be able to find their names in the obituary column of the newspaper. In this hypothetical game of Russian roulette, the rules are very clear, the odds can be calculated, and the risks can be measured; all conditions and information have been disclosed in advance. However, in the real world, we often face dynamic games of asymmetric information. What governs our fate is not a revolver or a deck of cards. We do not know how many bullets are in how many chambers, nor do we know how many suits are in this deck. Under the conditions of infinite parallel universes and immense risks, our fate is unpredictable.

This precisely indicates that we live in a world full of randomness.

As Feynman said, nature only allows us to calculate probabilities. Once we possess the superpower to calculate "probability amplitudes," we can become prophets, predicting and even altering the future. In other words, whoever masters randomness holds the dice of fate and becomes God.

Randomness & Security

Translating this thinking into the crypto world, machines that generate random numbers can be seen as messengers conveying the divine oracle. It is precisely because of this role that oracles have earned their name. In previous articles about oracles, we pointed out that due to the transparency of blockchain systems, everything generated on-chain—algorithms, inputs, outputs—will be exposed to system participants. Therefore, random sequences generated directly on-chain can actually be predicted.

Some typical on-chain random number generation methods, such as future block hashes, have significant cheating potential and security vulnerabilities. For example, if a miner is playing a gambling game where the prize is 10 ETH, but the block reward is only 3 ETH, the miner has a clear incentive to cheat. They can influence the generation of random sequences by withholding blocks (Block Withholding Attacks), thereby gaining an advantage in the game. This is akin to you playing the same hand of poker with the miner, but they can change their hole cards. If such tamperable and predictable pseudo-random sequences are applied to various scenarios in Web3, we can easily imagine the enormous security risks and unfairness behind them: once a hacker or attacker finds the random algorithm and calculates the initial input value of the random sequence, whether it’s the distribution of NFT airdrops, the emergence of rare equipment in GameFi, or the generation of a user's personal wallet private key address, all could be manipulated and altered.

So what kind of random number is truly trustworthy and secure? Here, we need to first have a simple understanding of the classification of random numbers.

Generally, we divide random numbers into two types: True Random Numbers (TRN) and Pseudo-Random Numbers (PRN).

Among them, pseudo-random numbers can be further divided into weak pseudo-random numbers and strong pseudo-random numbers.

As the word "pseudo" suggests, pseudo-random numbers are not truly random. All random numbers generated on the blockchain are also "pseudo." Essentially, PRN is a sequence of seemingly random numbers output by computer software based on established mathematical formulas and algorithmic instructions, requiring an external initial value to act as a seed. Contrary to many people's natural understanding, computers are actually quite difficult to use for generating random conditions because they are inherently predictable devices. Components are deterministic, circuits are preset, and code and algorithm commands are explicit; under various fixed external conditions, we can completely pinpoint the sequence results through certain means (such as the cheating methods mentioned above). And results that can be calculated, well, how can they not be considered… pseudo-random?

True TRN is extracted from physical phenomena such as noise, chaotic phenomena, and quantum random processes, which can only be generated by introducing randomness into the computer. To put it bluntly, it’s like connecting a large die from off-chain to the computer.

In nature, TRN must possess three characteristics simultaneously: randomness, unpredictability, and irreproducibility:

• Randomness: The sequence is completely chaotic, with no statistical bias, but this does not mean it cannot be seen through.
• Unpredictability: Even knowing the past sequence, one still cannot predict the next generated sequence.
• Irreproducibility: It is impossible to reproduce the exact same sequence unless the original sequence is saved.

Strong PRN only possesses the first two characteristics, while weak PRN only possesses the characteristic of randomness, making it easy to see through.

When we say a random number is trustworthy and secure, at the very least, it means it cannot be seen through. Therefore, TRN with unpredictability and strong PRN can be used as trustworthy random numbers in smart contracts. Weak PRN cannot be applied to cryptographic scenarios such as key generation, password generation, etc.

As for how to generate trustworthy and secure random numbers, the most direct and efficient method currently is to link oracles to external APIs and generate cryptographic authentication. For example, Chainlink's Verifiable Random Function (VRF) service connects to external APIs in the test network, verifies the generated strong PRN using public keys and the smart contract's seed, and then transmits it to the smart contract (see the workflow below). Chainlink's VRF service mainly adopts a subscription account charging method, where users can obtain the random numbers it provides by sending subscription requests after depositing sufficient LINK tokens into their accounts.

Additionally, API3 recently chose to collaborate with the quantum optics team at the Australian National University (ANU) to provide quantum random number generation (QRNG) services for dApps and various Web3 products, delivering TRN based on quantum phenomena verified on-chain to requesters (see the workflow below). QRNG is currently the only service mechanism that generates TRN, and according to its white paper, QRNG can prevent witch attacks to the greatest extent, and this feature is completely free to use.

Randomness & Web3

Having understood the definition and source of trustworthy random numbers, let's discuss a more practical question: what is the use of random numbers in Web3?

In fact, random numbers are indispensable in almost all Web3 scenarios and use cases.

1. GameFi

There are numerous situations in games where probability distribution is required, with RPG games being a typical example. Some characters are extremely rare, possessing unique attributes, while others are quite common. Generally, the rarer the character, the higher its value, and the more it can help users achieve significant economic returns. For instance, in Axie, each Axie character has six components, each with different attributes and abilities. Game developers must create a fair distribution mechanism for characters to provide users with a personalized gaming experience.

In PVP battles, the chances of players winning and the amount of rewards they earn depend on the opponents they are matched with. If the game's matchmaking mechanism is unfair, it could lead to player attrition. In exploration games, the chances of players obtaining rare items and equipment while exploring the map also require a fair probability model. In card games, the order in which players use their cards largely determines the outcome of the match. In shooting games, the hit rate and the choice of respawn locations can significantly affect the player's gaming experience.

Ultimately, all the games mentioned above need to inject a certain level of unpredictability to enhance gameplay. The generation of unpredictability inevitably requires the introduction of trustworthy random numbers.

2. NFT

Similar to how character attributes in GameFi have different compositions, the details of NFTs are also made up of various attributes. For example, BAYC NFTs include seven different attributes: background, clothing, earrings, eyes, fur, hats, and mouths, and the rarity of these attributes essentially determines the value of the NFT. The distribution of rarity and the total cap on attributes can be resolved using trustworthy random numbers.

Moreover, as more NFT communities are established and grow, project teams often distribute random NFT airdrop rewards during special holidays or upon reaching certain milestones to stimulate member loyalty and activity. How to determine which addresses receive airdrops and ensure the fairness of the airdrops requires project teams to carefully execute based on certain distribution mechanisms. Trustworthy random numbers can be seen as a good solution in such scenarios. In fact, most NFT airdrop incentive activities today are integrated with services like Chainlink VRF.

3. DeFi

In DeFi protocols like Olympus and algorithmic stablecoin protocols, their staking mechanisms often have a rebase process to address share dilution issues or incentivize specific market behaviors, such as maintaining price stability. One "sensitive" variable of the rebase mechanism is its cycle time.

If the set rebase cycle time remains unchanged for a long time, it could be exploited by short-term arbitrageurs. Therefore, the design of the rebase mechanism can apply trustworthy random numbers to determine the approximate cycle for change adjustments.

In some innovative Yield Farming protocols, their reward mechanisms also introduce a certain level of volatility to increase user participation. Users who contribute more and have higher participation rates will have different annualized returns compared to ordinary or less active users. Thus, the distribution of rewards in the liquidity pool and the fluctuations in returns will require the use of random numbers for adjustment and modeling.

4. DAO

In DAO governance, members often need to make key decisions for the organization. A large DAO community may establish a board of directors or core management team to execute daily decisions more efficiently. The selection and supplementation of these boards and managers require a fair and transparent mechanism, and introducing trustworthy random numbers can be considered an optimal and convenient choice for establishing such mechanisms.

Additionally, in DAOs that involve managing large amounts of funds or specialize in investments, random numbers can also be used to enhance the security of member authentication systems, preventing hackers or malicious attackers from reverse-engineering the authentication process, thus ensuring the safety of the DAO's treasury.

5. Application of VRF in L1 Consensus Mechanism

A significant issue that new public chains face is the reduced security after sharding. Before sharding, all validators in the network jointly verify all transactions; however, after sharding, these validators are evenly distributed to verify each shard, significantly increasing the likelihood of each shard being forked (51% attack). A good solution to this security issue is to prevent attackers from predicting the validators of each shard in advance, which requires the introduction of a certain level of randomness and unpredictability. NEAR achieves this by randomly assigning validators through VRF services, thereby hiding the specific shard information that validators are verifying.

In Conclusion

The allure of randomness lies in its implication of uncertainty, representing a possibility. Possibilities can bring us hope, but they can also instill fear, which is why the debate between determinism and indeterminism continues to this day. Whether God throws dice or not is not that important. Perhaps everything in the world is irreversibly moving towards the law of large numbers, perhaps all fateful encounters are merely probabilistic coincidences, and perhaps you, I, and he are just fools randomly wandering in Web3.

But not knowing the answer is always much more interesting than getting a wrong one. As Carlo Rovelli mentioned in his book: "What's nonapparent is much vaster than what's apparent."

Stay foolish, and revere randomness.