On July 21, Protocol Labs and members of the League of Entropy (LoE) performed a key generation ceremony to kick off a new production network running version 1.0 of the distributed randomness (drand) protocol. With this upgrade, drand now exists as a production service for high-entropy, publicly verifiable randomness, which is a critical facet of cybersecurity.
Founded in 2019 by Protocol Labs, Cloudflare, EPFL, Kudelski Security, and the University of Chile, the LoE launched as a research network dedicated to providing “a new solution to a long-standing problem in cryptography.” After nearly a year in the research stage, Protocol Labs and collaborators decided it was time to turn drand into a production-grade public service. With the LoE Mainnet upgrade, a set of new organizations joined the League to increase its robustness and quality of service. The current set of members now includes C4DT, ChainSafe, cLabs, Emerald Onion, Ethereum Foundation, IC3, PTisp, Tierion, and UCL.
# Where it all began
Drand began as an experimental project in the Decentralized and Distributed Systems lab (DEDIS) at the Ecole Polytechnique Fédérale de Lausanne (EPFL), by Nicolas Gailly, a PhD student at the time, now research engineer at Protocol Labs, under the direction of Bryan Ford.
“Drand was inspired by a collaboration with Dfinity, and started as a fun project to implement and play with,” Gailly said. “It’s really exciting (and not trivial!) to grow the project from being experimental to a full-blown, production-ready public service. Having so many top-level organizations now joining the League of Entropy enables the network to become this foundational randomness-as-a-service that applications could rely upon.”
What began as a “fun project” has grown into something with transformative potential. We believe that drand can become a foundational protocol for the internet. We need a global randomness beacon, and the randomness options currently available are either biasable, not verifiable, or centralized, all of which can impact security and trust, or they are simply not ready for high-stakes production use. Drand eliminates these shortcomings by creating a reliable, verifiable, independent source of randomness for blockchains and other applications that is ready for use.
# Why randomness matters
Randomness is at the core of many critical operations and protocols that we rely on every day (e.g. the cryptography of secure communications, the execution of public lotteries, etc.). Random systems generate results that have a uniform distribution of probability and are stochastically independent from each other. We encounter randomness with every dice roll and coin toss: when you flip a fair coin, both heads and tails have equal or uniform probabilities (uniform distribution), and you can’t predict the outcome of any individual coin toss on the basis of past results (stochastic independence).
Because randomness has the power to make some digital processes resistant to manipulation, we rely on it for everything from cryptography and cybersecurity to election audits and online gambling. A cryptographic system is only as secure as the keys it generates. And cryptographic keys are secure only if the source values used to generate them are properly random. In other words, randomness is the key to secure cryptography.
However, not all randomness is created equal. The quality of randomness is measured by its unpredictability, a property of randomness called “entropy.” Since computers are deterministic systems, it is algorthmically impossible to create true, high-entropy randomness using a computer algorithm. But even physical randomness is easily biased if it’s generated by a single source. This is why many random number generators rely on additional input from outside sources of entropy, such as small changes in user mouse movement or keystroke timing.
If you can control, manipulate, or otherwise influence a source of randomness, you can bias apparently random outcomes in your favor, as a recent high-profile case of lottery fraud reveals quite clearly. For many use cases, like election auditing and cryptography, randomness also needs to be publicly verifiable. With so many factors at play, it is easy to see that we don’t just need randomness; we need good randomness: high-entropy, unbiasable, and verifiable. And that kind of randomness is harder to produce than you might think.
# What makes drand special?
For years there was no service available that could produce this kind of randomness at scale. Drand has changed that. Drand is a distributed randomness beacon that provides unbiasable, verifiable, high-entropy, decentralized randomness as a public service.
Unbiasable: Drand’s generation of randomness begins with an initial multi-party computation to establish a distributed key, after which drand nodes operated by independent parties periodically broadcast information that gets aggregated into a final random beacon whose validity can be easily verified by users. Because subsequent rounds of randomness depend on the initial key sharing, the values are unable to be biased, even if a malicious actor happens to compromise a threshold majority of nodes.
Verifiable: Each randomness value can be verified by a single public key which has been generated collectively by all collaborators in the network. Each valid randomness value guarantees that at least half of the collaborators communicated to generate it, and anyone with the public key can both verify that the message is correct and confirm the time it was generated.
High-entropy: As mentioned earlier, randomness generated from a single source is more easily predicted, and single-source randomness generators already seed randomness from other sources. Drand-generated randomness depends on input from all nodes in the network, providing high entropy randomness not generated from multiple sources.
Decentralized: Because drand relies on multiple nodes operated by separate independent parties, compromising a single node (or even multiple nodes below an established threshold) does not compromise the integrity of the network. In order to compromise the security of the network, a malicious actor would have to compromise a large number of nodes. David Dias, who assembled and led the Protocol Labs drand team to mainnet launch, notes, “In a drand network, there is no single point of failure or bias that could corrupt or otherwise compromise drand’s randomness."
This multi-party generation of randomness is what makes drand the first truly bias-resistant, trustless, and decentralized source of good randomness available. “All that added bias resistance and security,” Dias continues, “is what will be a game changer for the internet.”
As the largest existing drand network, the League of Entropy also employs a decentralized governance model to further ensure that no single entity retains complete control over the drand network.
# The future of drand and the LoE
With the launch of the League of Entropy Mainnet, Filecoin became the first production user of drand. Filecoin will use drand as an off-chain source of randomness for leader election. With its first major user established, Protocol Labs believes more will follow. There are many use cases for randomness, and a fully decentralized unbiasable network offers benefits previously unavailable at scale.
The League of Entropy will continue to expand its membership, which will improve the robustness and reliability of the network. Additionally, the decentralized governance model increases trust of the network since, as mentioned, no single entity is generating randomness. The governance model also establishes rules and procedures to ensure the League operates effectively continues to improve the production quality of drand. Protocol Labs is both excited and proud to help drive this project into the future.
# The Randomness Summit – August 13
On the heels of this major network launch, the drand team, ETHGlobal, Protocol Labs Research, and ResNetLab are pleased to announce a one-day virtual summit on state of the art and future directions for randomness beacons.
Register now to learn from top cryptographers and randomness beacon experts, League of Entropy members, and drand developers. The Ethereum and Filecoin project leads will also be talking about the critical role of randomness in the operation of their networks.
That’s all for now, but there will be more to come in the weeks and months ahead. We hope you’ll join us at drand’s new online home to stay informed of future news and updates to the project.