🎲
Randomness Oracle
This article describes usage and deployment addresses of the DIA randomness oracle.
Randomness is the property of lacking any sensible predictability. It is very difficult to create random events on-chain due to the deterministic nature of any EVM or EVM-like environment.
Centralized randomness is suspectible for attacks by the randomness source, as a single non-random outcome cannot be distinguished from a random one. Thus, having a single RNG provide randomness via an oracle is not enough.
DIA provides randomness as a guest oracle using the distributed random beacon provided by drand.love. It is generated by a network of participants (the League of Entropy) and updated in discrete rounds.
Random numbers can be very relevant for on-chain applications such as games, lotteries, prediction markets, or NFT launches.
Relying on pseudo-random values like the last blockhash can be manipulated by miners and is not advisable.
Drand run distributed nodes to produce their randomness beacon. Drand uses Pedersen's DKG (Distributed Key Generation) protocol to create collective private/public key. Participants in their Leagure of Entropy then generate randomness in rounds and broadcast it together with its signature.
DIA uses the drand.love public randomness beacon, and updates its oracle with round number, randomness and signature. Anyone can access published random values via round ID.
{
"round": 1597683,
"randomness": "24138936fcbf7fc3951c928158be6998cee3af622142d0790333608d17a5c5f6",
"signature": "8c04905c0adf34f1fb007915d9ccc7d07b97305fc63952726f9367c87f36ab687c5e190c151f6ac4d760a9e009fc54230adb8513885449d649a229bc727be9ff347bdbce1c609cebf993b6ae57133fbcf23f96b15dbd3510cb5f2ade6b30b647",
"previous_signature": "ada42197a2db89866da4c44348f77f7868e41e961ec32e636b912d43c625386afae9e54944ac573047dbd227ee495b52059586c8d8cd0edfe18cc15ca0666a66651da1d62b12af2d0fac19735bed9298690a593571965c3ad7c7b11947e76ec0"
}
The DIA randomness smart contract is structured as follows
pragma solidity ^0.8.0;
contract DIARandomOracle {
struct Random {
string randomness;
string signature;
string previousSignature;
}
mapping (uint256 => Random) public values;
uint256 public lastRound = 0;
address public oracleUpdater;
event OracleUpdate(string key, uint128 value, uint128 timestamp);
event UpdaterAddressChange(address newUpdater);
constructor() {
oracleUpdater = msg.sender;
}
function setRandomValue(uint256 _round, string memory _randomness, string memory _signature, string memory _previousSignature) public {
require(msg.sender == oracleUpdater,"not a updater");
require(lastRound<_round, "old round");
lastRound = _round;
values[_round] = Random(_randomness, _signature, _previousSignature);
}
function getValue(uint256 _round) external view returns (Random memory) {
return values[_round];
}
function updateOracleUpdaterAddress(address newOracleUpdaterAddress) public {
require(msg.sender == oracleUpdater,"not a updater");
oracleUpdater = newOracleUpdaterAddress;
emit UpdaterAddressChange(newOracleUpdaterAddress);
}
function getRandomValueFromRound(uint256 _round) external view returns (string memory) {
return values[_round].randomness;
}
function getRandomValueFromRoundWithSignature(uint256 _round) external view returns (Random memory) {
return values[_round];
}
function getLastRound() public view returns(uint256) {
return lastRound;
}
}
Users can call
getLastRound()to obtain the ID of the latest published round. To obtain the randomness of a certain round, users can call getRandomValueFromRound(uint256 _round)using the obtaines round ID.The signature can also be requested by calling
getRandomValueFromRoundWithSignature(uint256 _round). Please be aware that you should always let all inputs commit before any randomness is used in a later round. For example, if you build a lottery, only call randomness after the last participant has committed their stake. To show this in an example, we will build a simple dice game.
Imagine a simple game where two players play against each other. Both throw a dice and the user with the higher rolled number wins. In case of a draw, nobody wins. Both players need to "seed" the game with an initial number between 1 and 6, that will be added to the randomness (modulo 6). It is a fair game where everyone has a 50% chance of winning.
pragma solidity ^0.8.0;
import "../DIARandomOracle.sol";
contract DiceGame {
address public randomOracle;
uint256 seed1 = 0;
uint256 seed2 = 0;
uint256 latestRoundId = 0;
constructor(address oracle) {
randomOracle = oracle;
}
function getRandomValue(uint256 _round) public view returns (string memory) {
return DIARandomOracle(randomOracle).getRandomValueFromRound(_round);
}
function commitPlayer1(uint256 seed) external {
require(seed > 0, "Seed must be between 1 and 6");
require(seed < 7, "Seed must be between 1 and 6");
seed1 = seed;
latestRoundId = DIARandomOracle(randomOracle).getLastRound();
}
function commitPlayer2(uint256 seed) external {
require(seed > 0, "Seed must be between 1 and 6");
require(seed < 7, "Seed must be between 1 and 6");
seed2 = seed;
latestRoundId = DIARandomOracle(randomOracle).getLastRound();
}
function rollDice() public view returns (uint) {
require(seed1 > 0, "Player 1 needs to commit their seed!");
require(seed2 > 0, "Player 2 needs to commit their seed!");
uint _round = latestRoundId + 10;
require(DIARandomOracle(randomOracle).getLastRound() >= _round, "Wait for the randmoness round to roll your dice.");
string memory rand = getRandomValue(_round);
uint256 player1result = (uint256(keccak256(abi.encodePacked(rand))) + seed1) % 6;
uint256 player2result = (uint256(keccak256(abi.encodePacked(rand))) + seed2) % 6;
seed1 = 0;
seed2 = 0;
if (player1result > player2result) {
return 1;
} else if (player2result > player1result) {
return 2;
} else {
return 0;
}
}
}
Both players need to commit their seeds. The latest published roundID is stored for the duration of the game. When both committed their values and the wait time of 10 rounds has passed, the dice can be rolled and the player ID of the winner is returned (or 0 in case of a draw).
Make sure to never directly query the latest randomness value, otherwise the miner and the randomness oracle can interfere with the result. Always commit values before the randomness is used in a later round.
Currently, DIA has deployed a few demo oracles in the following chains:
Please note: These demo oracles are NOT intended to be used in live production.
DIA's Demo Oracles are for testing purposes only. Demo oracles are upgraded and exchanged continuously.
For production oracles, you can request them to be oraclised with custom parameters to best suit your specific use case by contacting the team on Discord.
Blockchain | Smart Contract Address |
|---|---|
Astar Network | |
Shiden Network | soon |
Aurora | |
Aurora Testnet | |
Evmos | |
Evmos Testnet | |
Fuse | |
Moonbeam Alpha | |
Polygon Mumbai |
It is important to understand the risks of the randomness oracle before using it and to be able to mitigate them.
An extensive risk evaluation of the underlying drand.love protocol can be found in their documentation. All risks listed there also affect the randomness guest oracle, as it serves as a underlying data provider.
Additionally, there are new risks introduced by using the oracle.
Risk | Possible Mitigation |
|---|---|
Oracle stops serving data | Check that the oracle has recent updates in its history. |
Specific Round is missed by the oracle | Have your dApp use the next round if a certain round is unavailable (but later ones exist). |
Oracle serves compromised data | Check the associated BLS signature provided by drand (Note: Currently not availabe on most EVMs). |
The highly regarded Orbital Apes community has built a decentralized raffle platform leveraging DIA’s verifiable and distributed randomness oracle on Evmos. Learn more in the use case study.
Last modified 27d ago