2025-11-19T17:40:14.815126

Adding All Flavors: A Hybrid Random Number Generator for dApps and Web3

Chodavarapu, Karanjai, Fan et al.
Random numbers play a vital role in many decentralized applications (dApps), such as gaming and decentralized finance (DeFi) applications. Existing random number provision mechanisms can be roughly divided into two categories, on-chain, and off-chain. On-chain approaches usually rely on the blockchain as the major input and all computations are done by blockchain nodes. The major risk for this type of method is that the input itself is susceptible to the adversary's influence. Off-chain approaches, as the name suggested, complete the generation without the involvement of blockchain nodes and share the result directly with a dApp. These mechanisms usually have a strong security assumption and high complexity. To mitigate these limitations and provide a framework that allows a dApp to balance different factors involved in random number generation, we propose a hybrid random number generation solution that leverages IoT devices equipped with trusted execution environment (TEE) as the randomness sources, and then utilizes a set of cryptographic tools to aggregate the multiple sources and obtain the final random number that can be consumed by the dApp. The new approach only needs one honest random source to guarantee the unbiasedness of the final random number and a user can configure the system to tolerate malicious participants who can refuse to respond to avoid unfavored results. We also provide a concrete construction that can further reduce the on-chain computation complexity to lower the cost of the solution in practice. We evaluate the computation and gas costs to demonstrate the effectiveness of the improvement.
academic

Adding All Flavors: A Hybrid Random Number Generator for dApps and Web3

Basic Information

  • Paper ID: 2510.12062
  • Title: Adding All Flavors: A Hybrid Random Number Generator for dApps and Web3
  • Authors: Ranjith Chodavarapu (Kent State University), Rabimba Karanjai (University Of Houston), Xinxin Fan (IoTex), Weidong Shi (University Of Houston), Lei Xu (Kent State University)
  • Classification: cs.CR (Cryptography and Security)
  • Publication Date: October 20, 2024
  • Paper Link: https://arxiv.org/abs/2510.12062v1

Abstract

Random numbers play a critical role in decentralized applications (dApps), particularly in gaming and decentralized finance (DeFi) applications. Existing random number generation mechanisms can be broadly categorized into on-chain and off-chain approaches. On-chain methods typically rely on the blockchain as the primary input source but face risks of input manipulation by adversaries; off-chain methods, while independent of blockchain nodes, usually involve strong security assumptions and high complexity. To mitigate these limitations, this paper proposes HRNG, a hybrid random number generation solution that leverages IoT devices equipped with Trusted Execution Environments (TEEs) as randomness sources and employs a suite of cryptographic tools to aggregate multiple sources for the final random number. The approach guarantees unbiasedness of the final random number with only one honest source and can be configured to tolerate denial-of-service attacks from malicious participants.

Research Background and Motivation

Problem Definition

Random numbers play a critical role in blockchains and dApps, serving not only in blockchain construction itself (such as proof-of-stake implementation) but also in dApps deployed on top (such as games and NFTs). A good random number should satisfy two fundamental requirements:

  1. Unpredictability: Its value cannot be known before publication, nor can future random numbers be inferred from historical information
  2. Unbiasedness: Values should follow a uniform distribution, meaning each value has an equal probability of being selected

Limitations of Existing Approaches

On-chain Random Number Generation:

  • Uses block content (such as block headers, block height, timestamps, etc.) as randomness sources
  • Advantages: dApps can easily verify and consume generated random numbers
  • Disadvantages: Seeds are susceptible to adversarial manipulation and exploitation

Off-chain Random Number Generation:

  • Generates random numbers independently of blockchain content, sharing results directly with dApps
  • Advantages: Avoids risks of on-chain data manipulation
  • Disadvantages: Process is opaque to dApps, requires strong security assumptions, and exhibits high complexity

Research Motivation

Existing approaches all have significant limitations and cannot simultaneously satisfy requirements for security, verifiability, and practicality. This paper aims to design a hybrid solution that combines the advantages of different types of random number generators while minimizing associated limitations.

Core Contributions

  1. Proposes the HRNG Hybrid Random Number Generation Framework: Utilizes IoT devices equipped with TEEs as true random number generators (TRNGs), combined with cryptographic tools for multi-source aggregation
  2. Designs Robust Security Mechanisms: Guarantees unbiasedness of the final random number with only one honest source and can tolerate malicious participants
  3. Provides Concrete Optimized Constructions: Leverages the homomorphic properties of Pedersen commitment schemes to significantly reduce on-chain computational complexity and Gas costs
  4. Offers Complete Security and Performance Analysis: Provides theoretical security proofs and detailed performance evaluations

Methodology Details

Task Definition

Design a decentralized random number generation system that provides secure, verifiable, and cost-effective random number services for dApps. The system must:

  • Input: Random number requests from dApps (including source quantity and aggregation method specifications)
  • Output: Final random numbers satisfying unbiasedness and unpredictability
  • Constraints: Tolerate partial malicious participants while ensuring verifiability

System Architecture

The HRNG system comprises five main participants:

  1. IoT Devices: Equipped with TEEs, utilizing hardware to generate true random numbers
  2. Gateways: Act as proxies for IoT device groups with stronger computational/communication capabilities
  3. Random Number Pool: Stores information submitted by gateways, allowing blockchain nodes/gateways to retrieve information
  4. dApps: Applications deployed on the blockchain that require random numbers as input
  5. Blockchain: Serves as an immutable ledger storing necessary information and executing specific computations to support protocol operation

Protocol Flow

Phase One: Publishing the Random Number Pool

  • IoT devices utilize TEEs to generate random numbers nin_i and digital signatures σdi(ni)\sigma_{d_i}(n_i)
  • Gateways collect random numbers generated by connected IoT devices and process them using commitment schemes
  • Gateways execute the commitment algorithm: ci=Commit(ni,ri)c_i = \text{Commit}(n_i, r_i)
  • Use (k,t)(k,t)-threshold secret sharing schemes to distribute commitment opening information among gateways in the system

Phase Two: dApp Request

  • dApps create random number requests containing source quantity and aggregation method specifications
  • The system verifies two standards for requests:
    1. Involves sufficient number of gateways (based on security assumptions)
    2. Aggregation algorithm can tolerate biased inputs (such as XOR operations)

Phase Three: Responding to Requests

  • Gateways cooperatively respond to dApp requests
  • Utilize threshold properties to recover committed random numbers
  • Even with a minority of malicious gateways, commitment numbers can be correctly opened

Phase Four: Constructing Final Random Numbers

  • Blockchain constructs the final random number according to the predefined aggregation method in the dApp request
  • Any third party can verify that the final random number was obtained according to the predefined method

Technical Innovations

  1. Hybrid Architecture Design: Combines advantages of TRNG, PRNG, on-chain and off-chain methods
  2. TEE+DePIN Technology Fusion: Leverages decentralized physical infrastructure networks to address the introduction of physical randomness sources
  3. Commitment Schemes + Threshold Secret Sharing: Ensures hiding and binding properties while providing fault tolerance
  4. Homomorphic Aggregation Optimization: Leverages additive homomorphic properties of Pedersen commitments to significantly reduce computational costs

Experimental Setup

Security Assumptions

  • Compromised IoT Devices: Assumes TEE hardware can be broken but is difficult to compromise at scale, with only a subset of IoT devices in the system being compromised
  • Compromised Gateways: Assumes a subset of gateways in the system are malicious but not all
  • Trusted Random Number Pool: Assumes the random number pool is a reliable storage system
  • Trusted Blockchain: Follows common assumptions in blockchain systems

Evaluation Metrics

  • Security: Resistance to active and passive attacks
  • Computational Cost: On-chain and off-chain computational complexity
  • Communication Cost: Communication overhead related to threshold secret sharing
  • Gas Cost: Actual deployment costs on Ethereum EVM

Implementation Details

  • Uses Pedersen commitment schemes on elliptic curves
  • Precompiled contracts based on alt_bn128 elliptic curve
  • XOR aggregation algorithm ensures that a single unbiased input guarantees unbiased output

Experimental Results

Security Analysis

Active Attack Protection:

  • System enforces validation of dApp random number requests, ensuring adversaries cannot control all inputs
  • XOR aggregation operations guarantee that no single input can affect the unbiasedness of aggregated output

Passive Attack Protection:

  • Two-phase design ensures adversaries don't know which random numbers will be included in aggregation during phase one
  • Threshold secret sharing ensures random numbers can be recovered even if some gateways refuse to respond

Performance Evaluation

Computational Cost Analysis:

  • Off-chain computation: ng×ni×nrn_g \times n_i \times n_r commitment operations and secret sharing operations
  • On-chain computation: \ell commitment opening operations and 1\ell-1 XOR operations

Optimization Effects: After utilizing homomorphic properties of Pedersen commitments:

  • Non-optimized version: 12,158812,158 \cdot \ell - 8 Gas
  • Optimized version: 166+11,984166 \cdot \ell + 11,984 Gas

When aggregating 12 random numbers, the optimized version consumes only approximately 10% of the Gas cost of the non-optimized version.

Key Experimental Findings

  1. Linear vs. Constant Complexity: Non-optimized HRNG Gas costs grow linearly with the number of aggregated random numbers, while optimized HRNG remains nearly constant
  2. Security-Efficiency Balance: More random numbers participating in aggregation improve security, and the optimized design makes the cost of this security improvement manageable
  3. Practicality Verification: Actual deployment costs in the Ethereum environment demonstrate the feasibility of the scheme

Related Work

Off-chain Random Number Generation

  • Randao: Random number generation mechanism used in Ethereum 2.0 beacon chain, employing commit-reveal methods
  • Near Protocol: Random beacon scheme inheriting RanShare randomness properties, tolerating up to 2/3 malicious participants
  • Chainlink VRF: Decentralized oracle network solution based on verifiable random functions

On-chain Random Number Generation

  • ERC721R Standard: Uses on-chain metadata (block headers, block height, timestamps, etc.) to generate random numbers
  • Existing Scheme Problems: Extremely susceptible to adversarial exploitation with insufficient security

Advantages of This Work

Compared to existing methods, HRNG provides a complete combination of true randomness sources, full verifiability, and adversary tolerance capabilities.

Conclusions and Discussion

Main Conclusions

  1. Feasibility of Hybrid Approach: HRNG successfully combines advantages of different RNG types while minimizing their respective limitations
  2. Security Guarantees: Under reasonable security assumptions, the system can resist both active and passive attacks
  3. Significant Optimization Effects: Homomorphic aggregation technology substantially reduces on-chain computational costs
  4. Practicality Verified: Actual evaluation in the Ethereum environment demonstrates the deployability of the scheme

Limitations

  1. TEE Dependency: While considering TEE compromise scenarios, the approach still relies on the fundamental security of TEE technology
  2. Network Assumptions: Requires sufficient numbers of honest gateways and IoT devices
  3. Complexity: Higher system complexity compared to simple on-chain approaches
  4. Latency Considerations: Multi-phase protocols may introduce additional delays

Future Directions

  1. More Efficient Aggregation Schemes: Explore other aggregation methods with favorable mathematical properties
  2. Dynamic Participant Management: Research mechanisms for dynamic participant joining and leaving
  3. Cross-chain Compatibility: Extend to other blockchain platforms
  4. Incentive Mechanism Design: Design economic incentives to ensure honest participant behavior

In-Depth Evaluation

Strengths

  1. Strong Innovation: First to combine DePIN technology with random number generation, proposing a novel hybrid architecture
  2. Solid Theoretical Foundation: Provides complete security analysis and mathematical proofs
  3. Comprehensive Practicality Considerations: Significantly reduces actual deployment costs through homomorphic aggregation optimization
  4. Complete System Design: Detailed descriptions from architecture design to concrete implementation
  5. Comprehensive Evaluation: Multi-dimensional assessment including security, performance, and costs

Weaknesses

  1. Limited Experimental Validation: Lacks verification from large-scale actual deployments
  2. Insufficient Comparative Experiments: Limited direct comparisons with mainstream existing schemes (such as Chainlink VRF)
  3. Idealized Security Assumptions: Some security assumptions may be overly idealistic in practical environments
  4. Insufficient User Experience Considerations: Limited discussion on end-user usability

Impact

  1. Academic Contribution: Provides new research directions for blockchain random number generation
  2. Practical Value: Offers dApp developers new random number service options
  3. Technology Advancement: Promotes TEE technology applications in blockchain domains
  4. Reproducibility: Provides sufficient technical details to support subsequent research

Applicable Scenarios

  1. High-Security dApps: Such as large-value DeFi protocols and high-value NFT games
  2. Scenarios Requiring Verifiable Randomness: Such as decentralized lotteries and fair gaming
  3. Cost-Sensitive Applications: Optimized Gas costs make it suitable for scenarios with frequent random number requirements
  4. Cross-chain Random Number Services: Can serve as universal random number infrastructure

References

Key references include:

  • Original Pedersen commitment scheme paper (Pedersen, 1991)
  • Threshold secret sharing related research
  • Chainlink VRF technical documentation
  • Ethereum random number generation mechanism research
  • TEE security analysis related literature

Overall Assessment: The proposed HRNG scheme makes significant contributions in both theoretical innovation and practical applicability. Through clever hybrid design, it addresses key problems in existing random number generation schemes. While there is room for improvement in certain aspects, it is overall a high-quality research work with important significance for advancing blockchain random number generation technology.