Researchers from Protocol Labs Explain how the Drand or Distributed Randomness Project can Help with Cybersecurity, Election Audits

David Dias, research engineer at Protocol Labs and the drand project lead, along with Nicolas Gailly, research scientist at Protocol Labs and the original author of drand, recently explained how they’re developing randomness solutions that are able to generate random numbers.

This is important because they may be used by cryptographic systems, cybersecurity solutions, election audits, among other use cases.

Protocol Labs is a research, development, and deployment lab for various blockchain or distributed ledger tech (DLT)-based network protocols. Projects include IPFS, Filecoin, libp2p, and others. The San Francisco-based organization supports the development of open-source software systems that aim to address key challenges and requirements with a special focus on enhancing user experience.

Crowdfund Insider: What is drand and why launch it in 2020?

Nicolas Gailly: Drand stands for “distributed randomness.” At its core, drand is a randomness beacon – a service that generates random numbers at set intervals for use by third-parties. Randomness beacons are used in everything from election audits and cybersecurity to statistical surveys and cryptography. And while there are quite a few randomness beacons out there, none of them offer the strong guarantees that drand provides (such as publicly verifiability and decentralization) or are production-ready.

Unlike other randomness beacons, drand’s randomness outputs are generated by combining randomness contributions from a large number of independent servers operating on a drand network. This network is distributed – meaning that it lacks a central point of control.

As a result, drand’s randomness outputs are secure; the distributed network that produces them simply can’t be co-opted or controlled by an individual bad actor. Drand’s randomness outputs are publicly verifiable, so anyone can easily check whether the numbers they receive from drand have been correctly generated by the set of participants and are therefore truly random and unbiased.

Maybe that doesn’t sound like a big deal, but it’s actually a major development in the world of randomness as a service. If you’re using random numbers for such high-stakes use-cases as cybersecurity or cryptography, you need some sort of ironclad assurance that the randomness values you use aren’t liable to tampering and manipulation.

And until now, there simply haven’t been any randomness beacons capable of providing that assurance. Drand is a first because it backs its randomness outputs with the security strengths of a fully distributed network and allows the user to verify its validity.

Drand started as a research project back in 2017 and launched as an experimental research network in 2019. What we’ve launched in 2020 is drand as a production-ready service composed of multiple independent organizations that generate and serve randomness across the Internet for any application to use. We wanted to launch it now so that Filecoin, the first major production-ready client of drand, can rely on it for its mainnet launch.

Crowdfund Insider: How does Filecoin’s adoption of drand set the network up for future success?

David Dias: Drand has a tremendous value for blockchain projects, as securing a sound randomness source is a key challenge in their deployment. Filecoin was early to recognize this value and decided to switch from on-chain randomness, which gives weaker guarantees than drand, and use drand for its leader election mechanism.

With drand, miners draw a private randomness value to see if they are eligible to mine a block or not. More specifically, each miner runs what’s called a Verifiable Random Function (VRF) and checks if the result lies within a threshold that depends on that miner’s relative power in the chain. In other words, when miners verify a block, they verify that the randomness is valid (using drand’s publicly verifiable guarantee) and check if they are eligible to mine that particular block.

Crowdfund Insider: The League of Entropy has many members spread all across the world, with the list still growing. What benefit does this provide for drand?

David Dias: The League of Entropy network consists of multiple independent organizations, each operating its own node, working together to generate randomness. In this way, the League of Entropy is exposed to different kinds of hardware, geographic locations, company policies, and even jurisdictions, which means that a malicious actor would need to compromise a number of separate nodes and face a diverse set of challenges making a successful attack extremely unlikely due to the exceptionally high cost involved. With more partners joining the network, the cost multiplies.

It’s also important to note that drand has gone through many upgrades, including 24/7 monitoring (and alerting) and separation of the drand node network and the drand distribution network. The former generates the randomness and the latter distributes it to users, making the network architecture of drand (and the League of Entropy deployment) much more robust. These upgrades force an attacker into the position of a bull in a china shop, tripping multiple alarms and getting caught rapidly.

Crowdfund Insider: Does the pandemic impact the need for drand?

Nicolas Gailly: Not really. There are still a lot of applications in the digital world and the real world that need to use randomness to avoid manipulation, even during these troubled times.

Crowdfund Insider: What future use case of drand gets you the most excited? Why?

Nicolas Gailly: We expect drand to be used for multiple kinds of applications that rely on cryptographic operations and require a randomness source. For example, in the blockchain space, drand’s randomness could be used as a seed for sharding, a technique meant to provide scalability for blockchains. Smart contracts could use drand to redistribute interest or lottery between participants fairly and automatically. Online poker companies could use drand to provide a better shuffling mechanism. Timestamping services can use drand to authenticate that a timestamp has been created after a certain time (drand provides a round-to-time guaranteed mapping).

It is also thrilling to imagine some real-world use cases for drand. Drand could be used for jury selection in trials, or for ballot recounting after an election for statistical sampling verification. It could even be used for randomized trials for new treatments in hospitals – the possibilities are truly endless. Whenever good publicly verifiable randomness is required, we can use drand and bring more transparency to the process.

Sponsored Links by DQ Promote


 

You may also like...

Send this to a friend