What is True Randomness, Anyway?

cover.png

We are very near to the launch of the Offshift Mainnet, and if you have been keeping up with our dev updates and blog posts, you must be pretty savvy to crypto by now. In this edition of “Things on George’s Mind,” I will be talking about the true foundation of cryptography, the most publicly overlooked subject, and one of the trickiest challenges facing programmers in the blockchain space today: true randomness.

Randomness is a very straightforward concept: simply ask your friend to think of a random number and they’ll produce one for you. It’s an easy concept to grasp, but there’s a vast (and very interesting) world behind the curtains.

Let’s begin with a relationship that is rooted deep in our social fabric: that between randomness and fairness. If something or someone is picked at random for whatever purpose (lotteries, bingo, the next card on the board, red or black, and so on) we tend to feel the process has been conducted fairly. In fact, we tend to lean on this relationship in coping with losing outcomes (if it was random, it was fair after all).

Besides lotteries and the like, there are instances in our daily lives in which we resort to this relationship between fairness and randomness to make a choice when we are in a bind. The most famous methodology for random decision-making is of course the coin flip.

When we are presented with an uncertain boolean dilemma - that is, a decision involving dichotomous alternatives such as selecting between 2 different restaurants to eat dinner - a coin flip is generally perceived as fair because we cannot determine the outcome beforehand.

Here’s the thing: while this is true to some extent, it is not fully accurate to say that we cannot determine the outcome beforehand. Bear with me on this because the distinction is not trivial.

For something to be labeled as random, the outcome must be non-deterministic, meaning that it’s impossible to determine the correlatory effect between various starting variables and the outcomes they produce.

Now back to coin flips. In this regard, a coin flip is both random and not random at the same time - it’s really a matter of perspective!

What makes the coin flip fair (for humans, that is) - and therefore what ensures a random outcome - is ignorance. Humans literally ignore the state of the variables that affect the outcome of the flip. The cause-effect dynamics of related forces are clear and known, but they remain outside the realm of human perception before and during the flip.

A coin flip is a deterministic event because the physical variables that affect the outcome of the flip are known. Anyone who knows the state of all relevant variables before the flip (applied force, shape of the coin, weight, spin, g-force, characteristics of the ground, etc.) can easily predict the outcome of the flip with absolute accuracy.

Now being realistic, no one can determine any of those variables when a coin is spontaneously flipped, and the flip is therefore perceived as being fair amongst humans - at least, for human purposes. (But if you’re interested, scientists discovered that a Canadian half dollar coin has a 51% chance of landing heads up. Meanwhile, the 1 Euro coin has an 80% of landing heads up, but it has to hit the ground first - no open-palm catching permitted.)

If we were in the seventies, when deals were closed with firm handshakes and stern eye contact, the coin flip would be more than reliable as a means of producing randomness. But in the world we live in today, we have to shift our focus to the digital domain - the world of hardware and software.

Hardware and software perform computation and ensure that for a given input, an identical output will always be produced - a simple but extremely important assumption. In fact, that assumption is the very foundation of our digital world; programmers and engineers are able to perform incredibly complex and articulated tasks based on this assumption alone.

Given our discussion on randomness, you might be wondering:

If hardware and software are meant to be extremely predictable in producing consistent output, how is it possible for a computer to generate a random number?

Quite simply, it’s not.

When you consider that all the access cookies, cryptography, and any form of digital security come from essentially adding a random variable to a specific function, it is safe to say that the strength of the randomness generator that is integral to each function makes up the majority of the security we depend on in our digital lives.

Computers can be reduced to little more than a switch. Either electricity flows and generates 1s, or it stops and generates 0s - an extremely deterministic model. Yet, there must be some way to produce randomness in the digital world, otherwise our current systems would not function. Evidently, a solution has to have been found.

To be honest, the previous statement is once again imprecise: there are temporary solutions in place, and there are solid and proven ways to generate numbers which are “just random enough,” but the challenges involved with randomness are ever-evolving, and solutions are nowhere near set in stone.

The first meaningful, market-ready method for producing randomness involved recording a hardware state, using software to translate a sequence of the hardware’s states into numbers, and using those numbers to generate random values. So far so good, until people realized it wasn’t in fact random because a hardware state is still somewhat deterministic - be it fan noises, audio, hdd, or mouse movements. In reality, with the same hardware and the same set of operations to perform, an individual could employ the same starting variables and the same environment to replicate the same internal state, compute it with the same algorithm, and generate the same output value.

It is also important to consider that an individual does not need to be able to replicate any digits to perfection, as computers generate only 1s and 0s. For example, it would suffice to acknowledge that a certain randomness function generates more 1s than 0s for a given input. Already, an individual has gained some ground on cracking the code, and has effectively reduced its randomness.

From here comes the concept of pseudorandomness. Something is pseudorandom if it is deterministic in theory, but can be considered random for a specific purpose because there is sufficient ignorance as to the state of its starting variables.

When it comes to computers, pseudorandomness is protected by the ability to manage access controls very efficiently: rather than attempting to develop some tricky and clever way to manipulate a hardware state that translates precisely into specific output values, an elaborate and impenetrable defense is built around the hardware (both physically and digitally) so that it is effectively impossible to know the state of the starting variables.

So while the output number is not generated at random, it is sufficiently random for human purposes because there exists no reliable way to penetrate the defenses that protect the starting variables before they are input into the algorithm.

But George, what about h4x0rs 1337???

Depending on human errors to have a subset of numbers instead of random values which make it possible to crack the code cannot be considered a reliable methodology.

If getting to know that coin flips aren’t fair and computers can’t generate random values didn’t shock you, get this: for many years, Cloudflare, the beloved web security service that most of us enjoy without ever knowing we are using it, has protected our digital infrastructure by generating random values from a lava lamp.

You might be thinking, “No way, you have to be making that up!” Well, OK - it’s not one lava lamp - it’s a whole wall of lava lamps. And the lava lamps are still used with great success, as they secure as much as 10% of the internet (and I would bet that the percentage of sites we actually use that integrate Cloudflare amounts to far more than 1 in 10). The lava lamps operate in Cloudfare’s San Francisco office, and here’s how the whole process works: images are read by computer as a very large - a very, very large - set of digits. The computer’s camera records the movements of lava bubbles and feeds them into a software program that translates the movements into very large numbers that are then used to strengthen the randomness of algorithms.

If you feel brave enough to dig into this, have a look at Cloudflare’s blog post.

Another honorable mention with a similar “wow” factor is random.org, whose methodology for generating random outputs is quite cool as well. They use atmospheric noise such as thunderstorms. It’s undoubtedly awesome to think about, and if you look at the site there’s much more than just thunderstorms; they offer useful resources and information about randomness as well as tools to play around with and integrate with your own applications.

Ok, now let’s move on to blockchain (finally, right). What’s more random than a block hash? Ehh, it’s yet another painful, nuanced answer - but that’s randomness for you.

Here’s an example I like from Chainlink’s official blog, “Chainlink VRF: On-chain Verifiable Randomness.”

Chainlink’s article warns that relying too much on block hashes can be detrimental. Miners operate honestly as long as they are incentivized to do so, but things can change if they receive additional rewards for tampering with block hashes. From Chainlink’s blog:

..suppose a contract makes decisions based on the parity of the last bit in the hash of the block at a certain height. This looks like a 50/50 outcome, but consider that a miner (or coalition of miners) who produces one third of the blocks on average may decide to throw out winning blocks for which the last bit of the block hash is one, forgoing the block reward of approximately 2-3 ETH. In this case, the miner could bias the zero outcome from a reliable 50% likelihood to a 2/3rds likelihood, leading to the loss of user funds from any smart contract relying on this method of randomness generation. If the contract’s zero-bit behavior would benefit the miner by more than 12-18 ETH, this behavior would be economically rational, creating an upper limit for the value that a contract using this method should be securing.

But what is the alternative? Unfortunately, it requires relying on off-chain solutions where malicious actors or compromised central authorities may tamper with data before it even reaches the blockchain.

So to recap, you can’t trust block hashes (where there are sufficient monetary incentives to compromise miners), and you can’t trust off-chain data (and you shouldn’t) - so then how can you obtain random outputs for your smart contracts? That’s where Chainlink VRF comes into play. It’s on-chain and is therefore trustless, and is sufficiently random to play the role it’s designed to serve. In addition to checking out the article above, I highly suggest having a look at Chainlink’s “Introduction to Chainlink VRF.” There’s a reason we’re working with these guys.

We’ve gone the distance, but the main question still remains unanswered: does true randomness exist or not?

Given all the topics we covered until now, here’s the shocking answer: yes!

Scientists have demonstrated that quantum decay is a random event. Let’s take the Carbon-14 atom for example (I’ve chosen it because it’s used in archeology to date artifacts, and you now have something to impress your relatives with at Christmas - thank me later).

Carbon-14 completes its half life in about 5,730 years - with a few decades of tolerance in either direction. Over the course of a half-life, 1kg of Carbon-14 becomes 0.5kg. Of course, whether you have lost 50% of your original Carbon-14 to decay or you have retained 50% of your Carbon-14 is a matter of your personal predisposition. But if you examine individual Carbon-14 atoms over time, the probability that each individual atom will decay relative to any other at any given moment is absolutely random.

And when I say absolutely, I am not exaggerating in the slightest. Albert Einstein himself had a psychological breakdown over this theory.

Einstein’s famous quote “he [God] does not play dice,” was originally written in a reply to a letter from Max Born, whose presentation of quantum theory Einstein refuted aggressively. Einstein’s line of scientific philosophy was grounded in the causality native to Newtonian physics, which offered no room for uncertainty or randomness of any kind.

Born’s perspective conjectured that in the quantum realm all outcomes are probabilistic - that is, for any given input a certain outcome is probable but never guaranteed, and there’s no way to know in advance. Ultimately, Born won out, and quantum physicists today accept uncertainty and randomness as inherent qualities in the universal substrate.

From lava lamps to Chainlink to Einstein, we managed to tackle a heavy and difficult question while building knowledge on a number of important and relevant subjects.

Next time you find yourself engaging in any of these subject matters, ask yourself: “What’s the strength of this randomness generator?” If you submit your question to the universe out loud, it will also make you look smart.

Merry Christmas,

George


About Offshift

Offshift is leading private decentralized finance (PriFi) with the world’s first Private Derivatives Platform. It leverages zero-knowledge (zk) proofs and sources reliable, real-time price feeds from Chainlink’s decentralized oracle network to enable users to mint zkAssets, an unprecedented line of fully private synthetics. Offshift’s mostly anonymous team has developed a trusted reputation for their thorough privacy research, development and execution.

To learn more and get involved, visit the links below:

Website | Telegram | Discord | Twitter | Instagram | YouTube | Buy XFT