# RNG exploitability analysis assuming pure RANDAO-based main chain

I agree that this scheme, if not perfect is better than the one with low-influence functions described in the mauve paper (https://cdn.hackaday.io/files/10879465447136/Mauve%20Paper%20Vitalik.pdf, p5). Because a low influence function increases the difficulty for one party to “reroll” the random number as their contribution to the number alone is probably not enough to change it. However, it increases the effect of a collusion attack.

Low Influence Function Issues

If we make a random number using the proposed low influence function of the mauve paper (i.e. making a majority vote on each bit of the seed), a small part of the validators can give the same random number contribution (their preimage) making it highly likely to have the seed be this random number contribution.
For example assume there is 100 participants and 20 of them form a cartel and collude by having 1111111… as their preimage.
If the 80 others don’t colluded, the sum of their vote for each bit will be a binomial distribution of mean 40 and standard deviation 4.47.
Adding that to the 20 colluding participants (mean 20, standard deviation 0), the amount of bitwise vote for 1 will have a mean of 60 and a standard deviation 4.47, so it’s highly unlikely (p=0.016) for a bit to get more 0 votes than 1 votes.
So the low influence functions can be attacked easily by a minority of participants if they can coordinate.
They then could choose their preimage such that we enter into a loop where only cartel participants are drawn.

Topic Proposal

The topic proposal can still be attacked by collusion of the stakers as described in my first post. The problem with those attacks is that they are self-reinforcing, even if initially not revealing due to a collusion (or simply having a big stake) only gives you a really small edge, you will then be drawn slightly more than the others stakers. This then means that you (as a large staker or a cartel) will then be able to make slightly more blocks, thus getting a slightly higher edge due to the cases where it’s better not to reveal.
So the edge you get will grow faster and faster due to this positive (from the cartel point of view) retro-action. So from a seemingly small starting edge, we can end up to a cartel getting to make most of the blocks.

I think if we want a random number generator which can’t be manipulated, we really need to use more advanced techniques like threshold signatures (since we are in the honest majority model anyways) or sequential proof of work.