Researchers from NGD and the R3E developer community are poised to unveil a novel random number provider protocol for BFT consensus-based blockchains such as Neo N3 and Neo X. This new protocol deviates from the traditional “commit-execute” models, offering a significant boost in response times, security, and reduced on-chain data requirements.
The findings will be presented by Jimmy Liao, the primary author of the research paper and core developer for the Neo blockchain. Liao will showcase the research at the 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks in Brisbane, Australia. The paper passed a rigorous peer-review by experts in the field in order to present at the conference, a premier event in the network and information security industry.
Smart contracts and random numbers
Random number generators play a pivotal role in the functionality of blockchain technologies, particularly in applications where unpredictability is crucial. Smart contracts on platforms like Ethereum and Neo use RNG for various purposes including gaming, gambling, and decentralized finance (DeFi) applications. These applications rely on RNG to ensure fairness and unpredictability in outcomes, be it for randomizing player actions in games or for creating unpredictable financial simulations in DeFi scenarios.
The reliability of RNG can have far-reaching implications on the security of blockchain applications. A notable instance of RNG failure was observed in 2018 with lottery dApps on the EOS platform. Due to predictable random number generation, a hacker was able to exploit the system to predict winning numbers and siphon funds illegally.
The BFTRand protocol
The research paper introduces BFTRand, a novel random number provider protocol designed to address the deficiencies in previous systems. Unlike traditional methods, BFTRand generates low-latency random numbers directly during contract execution. This is achieved via a BLS-powered distributed randomness beacon that is generated with each block, from which multiple random numbers can be derived for use in smart contracts. This approach greatly enhances the speed and reduces the cost of random number consumption, while ensuring that the numbers remain unpredictable.
The team’s work extends beyond the development of BFTRand. They conducted a comprehensive analysis of RNG security within smart contracts, identifying a new potential risk dubbed the “Post-reveal Undo” attack. This type of attack involves an adversary attempting to reverse a transaction upon receiving an unfavorable random number. The research further solidifies the security of BFTRand by establishing stringent criteria for random number security, including the requirements of pseudo-randomness, uniqueness, availability, and irreversibility.
Comparison of Random Number Protocols for blockchain
Performance evaluations of BFTRand have demonstrated its superiority over existing “commit-execute” systems such as Chainlink VRF. In terms of transactions per second and computational overhead, BFTRand significantly outperforms traditional models while retaining security guarantees by completing within a single consensus round.
The original announcement may be read at the following link: