Random number generation is crucial for many blockchain applications. It is critical in ensuring fair creation of features for NFTs, outcomes on blockchain-enabled games (eg: loots, card shuffling, die rolling), assignment of tasks in DAOs, and so on. The outcomes have real financial consequences on users, making it critical that their source of randomness is secure and non-gameable. With the ever-growing number of applications and ever-increasing value at stake, it is imperative that a reliable source of randomness is available.
Enter Secret Oracles (“Scrt-RNG”) on Secret Network. Leveraging the decentralization of Secret Network as well as the power of privacy-preserving smart contracts, randomness can be generated by Secret Oracles – empowering the next generation of applications on Secret Network.
Secret Oracles are a decentralized, trustless source of private randomness achieved by crowd-sourced entropy to produce random numbers which are permisionless in their accessibility by other Secret Network addresses (including other privacy-preserving smart contracts).
Secure Random Generation
Security is a significant challenge for RNGs operating completely on-chain. This is because blockchains are deterministic with no inherent randomness. Any pseudo-random number algorithm is only as secure as the entropy source which its randomness is based on. Therefore, the key for any RNG generator is having a frequent and consistent source of entropy.
DDT5
The Secret Oracle solution is to crowdsourced entropy combined with price feed entropy. Every transaction with Secret Oracles changes the seed stored in the randomness contract. As a result of the crowdsourced infrastructure, the more Secret Oracles are used, the more secure they become.
Secret Oracles implementation of crowdsourcing entropy is only possible on Secret Network because Secret Network has four important features:
- Private: all large-scale implementations of RNGs today produce random numbers on transparent blockchains. Consequently, random number outputs are recorded on-chain and publicly viewable for as long as the blockchain exists. This transparency limits possible use cases; applications that require private random numbers cannot use these RNGs. Scrt-RNG will provide a solution by transmitting encrypted random numbers which are only viewable to the user. Importantly, if a smart contract interacts with the Scrt-RNG protocol, the random number output will not be viewable by any (human) user, unless the user’s smart contract specifically allows this.
- Secure: high-security random numbers enable high stakes applications. Security in blockchain applications exists when attacks are expensive and complex. On-chain randomness has previously been possible on Secret Network, but existing implementations are typically exposed to various attack vectors that limit either the types of application, or the size of stakes before it becomes economically feasible for attackers to manipulate the RNG. Example attack vectors include querying random numbers in quick succession (if the generator uses a query function), using a third contract to stall the transaction if the outcome is not favorable, and running a hard fork to pre-determine the outcome. With Scrt-RNG, performing such attacks will be more complex, if not impossible. This enables higher-stakes applications to be deployed on Secret Network, and eventually, the wider Cosmos ecosystem when Scrt-RNG becomes available through Cosmos’ IBC.
- On-chain (= no service fee): large-scale random number generators today have a significant off-chain element, as it is challenging (if not impossible) to implement an on-chain RNG on a transparent blockchain without compromising security. Consequently, the most utilized RNG today, Chainlink’s VRF, requires an oracle node to generate random numbers off-chain which are then published on-chain and verified to be legitimate using cryptographic proofs. For this service, users pay a fee (currently 2 LINK for an Ethereum address for every random number request, which is $31 at today’s prices). Scrt-RNG will be implemented such that no oracle nodes or incentivization tokens are necessary. As a result, the only fee that users pay for random numbers is the gas fee.
- Decentralized: Scrt-RNG will be implemented as one or more smart contracts. Once deployed, the core algorithm will be immutable and available to anyone with a Secret address (and later on, to the wider Cosmos ecosystem). This high degree of decentralization eliminates any central point of failure and offers a trustless source of randomness.
Scrt-RNG’s solution
Two-transaction model: The first transaction creates the random number and the second transaction retrieves it. Having two transactions is required to solve a vulnerability in 1-transaction models — where an attacker can stall a transaction by intentionally creating an error if the random number output is undesirable.
Pooled entropy: Scrt-RNG will generate numbers based on a seed stored in the contract. This design works on Secret Network because a contract’s storage is encrypted and not retrievable (unlike in transparent blockchains). The seed changes every time a user interacts with the protocol. Hence, there is a good reason for applications to use Scrt-RNG rather than creating copies, as using Scrt-RNG allows entropy to be pooled together to increase the security of the random number generator.
Contract-friendly: handle functions are required to enforce seed change with every interaction. However, contracts cannot process the response from another contract. To solve this, the application can create a Binary that stores all the required information that the application will need after receiving the random number (eg: computed values of variables) as a Binary (“cb_msg”). Cb_msg can be any arbitrary code that is sent in the first transaction and echoed back to the user in the second transaction. The contract can later use cb_msg to continue executing from where it left off together with the newly-received random number.
Multiple options: Scrt-RNG will have two different generators to cater to a broader set of use-cases, allowing users to choose the appropriate trade-offs for their specific applications. I described the two-transaction model above. An alternative one-transaction model will be available, offering a solution for applications that cannot work with two transactions. This generator benefits from the same entropy pool, but is not impervious to some of the attacks described earlier.
Architecture of the 1-transaction model:
Architecture of the 2-transaction model:
As the Secret Network infrastructure continues to become more feature-rich, Secret Oracles will look to continue improving on the design, especially with regards to security. Private and secure randomness is important to the ecosystem, and as value at stake increases, even narrow attack vectors start becoming problematic. Scrt-RNG is designed with this in mind, so future contracts or upgrades can benefit from the existing entropy pool.
The first implementation of Secret Oracles is planned for mainnet launch in February 2022 on Secret Network, providing secure and private on-chain randomness to any Secret address. Following the infrastructure upgrade on Secret Network, Scrt-RNG will be available to other IBC-enabled blockchains through direct contract-to-contract interactions.
What’s Next?
Stay tuned for Secret Apps that use the full power of Secret Oracles! Developers, entrepreneurs, and community members from around the world continue to build the next generation of Web3 privacy-preserving applications built on Secret Network. There are countless use-cases, unique to Secret Network, left to explore. Keep following the official announcements channels (like Discord and Twitter) and the Secret Blog to stay up-to-date with more Secret Features such as this one! Who knows what secret are in store for the community…🤫
Onwards & Upwards!
To discuss Secret Network and Secret Apps, visit our community channels:
