On-chain Distributed RNG using ZK?

I am looking to create a simple smart contract based algorithm that provides common random number generation, provided that t out of N participants are honest, where t * 2 > N

The algorithm has the following properties

  • at the end, all honest participants know the common random number R
  • malicious participants are not able to influence R or make the algorithm stuck.

Preliminary setup

Each participant j register her public keys P[j] with a smartcontract DRNGManager.

Together with the public key P[j] each participant submits to DRNGManager a ZK proof that P[j] is valid and that she knows the corresponding private key.

Commit phase (10 minutes)

Each participant j generates a random EC polynomial of degree t POLY[j]().
The participant then generates a vector of polynomial evaluations A[i] = [POLY[j](i)] at N integer points i.

The participant will then encrypt the evaluations to obtain a vector of encrypted polynomial evaluations G_[j] = [Encrypt(POLY[j](i))].
It then submits to DRNGManager

  • vector G[j][i]

  • commitment to POLY[j]

  • a ZK-proof that G[j][i] were correctly generated from POLY[j].

DRNGManager verifies ZK-proof on receipt

After the commit phase, DRNGManager will contain j valid vectors G[j], where j >= t.

Reveal phase. (10 minutes)

Each participant j will be able to decrypt and reveal to DRNGManager a vector of points POLY[j](i). The participants will then submit these vector to DRNGManager together with a ZK proof that reveal was done correctly.

After the reveal phase, DRNGManager will include k reveals, where k >= t.

RNG computation phase. For each committed polynomial POLY[j], each participant is then able calculate random number R[j] = POLY[j](0). The common random is then XOR of all R[j]

1 Like