- Programs in Ethereum have to be deterministic since they run on multiple nodes, and everyone running the EVM has to get the same result. This prevents the implementation of a true random number generator for Ethereum-based DApps.
- A common method of implementation for the random number generator is by using deterministic, miner-defined parameters such as difficulty or timestamp:
pragma solidity^0.4.24;
// Contract to generate random number
// Uses timestamp and difficulty
// Not recommended
contract RNG {
function generateRandom() view returns (uint) {
return uint256(keccak256(
abi.encodePacked(block.timestamp, block.difficulty)
));
}
}
- Modify this further to generate a random number from the block hash of a future block, which is harder to predict. This is commonly used across various Ethereum DApps.
- Consider the example of a decentralized lottery that selects the winner based on a future block. The winning lottery number can be determined in such a way:
pragma solidity^0.4.24;
contract Lottery {
// Structure of a bid
struct Bid {
uint num;
uint blockNum;
}
// Mapping to store bods
mapping(address => Bid) bids;
// Function to select the winner based on future block hash
function isWon() public view returns (bool) {
uint bid = bids[msg.sender].num;
uint blockNum = bids[msg.sender].blockNum;
require(blockNum >= block.number);
uint winner = uint(keccak256(
abi.encodePacked(blockhash(blockNum + 3))
));
return (bid == winner);
}
}
- To bring in more randomness, implement and use an external service for generating a random number. A contract can read this data with the help of Oracle services.
Oracle services help Ethereum smart contracts to read data from the World Wide Web. For example, it can query an API and return the result. It is different from the Oracle database. For more information, refer to the Fetching data from APIs using solidity recipe from Chapter 7, Advanced Solidity.
- It is also required to trust the third-party service to provide valid results every time. If the service is compromised, it is more harmful to use the service than build one in the contract itself.
- There are a lot of proposals, and research is happening in this field, and one of the recent proposals from the Ethereum community is RANDAO: A DAO working as the RNG of Ethereum.
- RANDAO is a DAO that allows anyone to participate, and the random number is generated by all participants together. It includes three phases.
- In the first phase, ask the participant to send a transaction to the contract with a certain amount of Ether as a pledge in a specified time period (for instance, a six-block period, approximately 72 seconds) and the result of sha3(s), where the value of s is not revealed by the participant.
- In the second phase, ask anyone who submitted the result of sha3(s) to send a transaction with the number s to contract C within a specified time period. Use the contract to check whether s is a valid number by comparing the result of sha3(s) with the previously committed data. Save valid s values to the collection of s to generate a random number.
- Use the contract to generate the random number from collected seed s values and write it to storage. The result will be sent to all contracts that requested the random number.
- Finally, send back the pledge and the profit to the participants from the contract. Calculate the profit from the fees that are paid by other contracts for consuming the random number and divide it into equal parts.
- The choice depends completely on the targeted users and the use case. The trade-off has to be considered while choosing one option over the other.