Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ERC-1756: Practical Randomness via Dual Contract #1756

Closed
yhuag opened this issue Feb 16, 2019 · 3 comments
Closed

ERC-1756: Practical Randomness via Dual Contract #1756

yhuag opened this issue Feb 16, 2019 · 3 comments
Labels
stale

Comments

@yhuag
Copy link

yhuag commented Feb 16, 2019
edited 

eip: <to be assigned>
title: Practical Randomness via Dual Contract
author: Yao-Chieh Hu (@yhuag) <yhuag@connect.ust.hk>, Ting-Ting Lee (@tina1998612) <tleeae@connect.ust.hk>
status: Draft
type: Standards Track
category: ERC
created: 2019-02-17

Simple Summary

A proposal for achieving "nearly" non-predictable randomness via two smart contracts.

Abstract

There are two smart contracts: Main.sol and Randomness.sol.

Main.sol generates a random number by submitting a main_seed to Randomness.sol, which is derived from msg.data, msg.sender, and an arbitrary number salt. Randomness.sol takes in main_seed to mix with its rand_seed inside a random function that is embedded with a func_seed. During each round of the random number generation, the rand_seed is updated according to main_seed.

Correctness

Since that we only expose the Main.sol code, the Randomness.sol code remains invisible. The security level escalates from known-plaintext attack to ciphertext-only attack. Any attempt towards the Randomeness.col can only change the state of it without making it a feasible "key-value" pair in any time of future.

Though we are free to get the private rand_seed in the Randomness.sol (I wrote a tutorial for that if interested), it could be hard to retrieve the func_seed inside the random function.

The Randomness.sol's random function has been made as owner only via OpenZeppelin's Ownable.sol, so it makes it harder for submitting an external attempt for trials.

Disclaimer

Please think twice before using it on some profitable projects. I am really looking forward to any comment and suggestion. Thanks. :)

Specification

Main.sol

pragma solidity ^0.4.25;

import { Ownable } from "./openzeppelin-solidity/contracts/ownership/Ownable.sol";
import { Randomness } from "./Randomness.sol";

contract Main is Ownable {

  Randomness randomnessContract;

  // ... SOME CRAZY LOGICS

  // Random Function (free to use it any where)
  function _random(uint256 _salt) internal returns (uint256) {
    return uint256(randomnessContract.rand(
      keccak256(
        abi.encodePacked(
          msg.data,
          msg.sender,
          _salt
        )
      )
    ));
  }
}

Randomness.sol

THIS SHOULD BE HIDDEN FROM THE PUBLIC

pragma solidity ^0.4.25;

import { Ownable } from "./openzeppelin-solidity/contracts/ownership/Ownable.sol";

contract Randomness is Ownable {

  bytes32 private rand_seed = "hحَi";

  function rand(bytes32 key) public onlyOwner returns (bytes32) {
    rand_seed ^= key;
    // That super wierd string below is the func_seed
    return keccak256(abi.encodePacked(key, rand_seed, "台灣きन्दी한حَNo.1 :) "));
  }
}

Copyright

Copyright and related rights waived via MIT.
@yhuag yhuag changed the title ERC-1751: Practical Randomness via Dual Contract ERC-1756: Practical Randomness via Dual Contract Feb 16, 2019
@gorgos
Copy link

gorgos commented Mar 25, 2019

You realize that

THIS SHOULD BE HIDDEN FROM THE PUBLIC

is not possible for a public blockchain?

See Random Number Generation for Solidity Smart Contracts for more details.

What if we add a private seed to the contract? The resulting random number can be computed with a passed variable and the privately stored seed as inputs. However, this approach does not consider the impossibility to store private data inside a public network. Despite Ethereum having a concept of private memory in smart contracts, this storage can still be read by anyone running an Ethereum node. Reading private or internal state can be achieved by web3.eth.getStorageAt. Therefore, it merely increases the effort for someone trying to predict the randomness.

-->

Please think twice before using it on some profitable projects.

👍 👍

@github-actions
Copy link

There has been no activity on this issue for two months. It will be closed in a week if no further activity occurs. If you would like to move this EIP forward, please respond to any outstanding feedback or add a comment indicating that you have addressed all required feedback and are ready for a review.

@github-actions github-actions bot added the stale label Nov 20, 2021
@github-actions
Copy link

github-actions bot commented Dec 4, 2021

This issue was closed due to inactivity. If you are still pursuing it, feel free to reopen it and respond to any feedback or request a review in a comment.

@github-actions github-actions bot closed this as completed Dec 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gorgos @yhuag