December 30, 2017 at 13:12Programming a random number generator on Ethereum
When developing smart contracts on Ethereum, it is usually considered that relying on a block hash as a source of randomness is unreliable, since a miner can influence the result by choosing a block hash (see Private Information and Randomness , How do you get a random number in a contract? )
How great is the opportunity for the miner to increase his chances of winning in a game in which you need to guess the block hash with a certain number (or some number produced from the block hash)?
The probability of guessing a random number in the range from 0 to 9 is 1/10
Suppose, for simplicity, that a block hash is also a number from 0 to 9.
That is, suppose we get a number from 0 to 9 depending on the block hash, or in other words, bring the block hash to a number from 0 to 9.
For example, like this:
function blockHashToNumberFrom0to9(uint blockNumber) public view returns (uint){
uint random_number = uint(block.blockhash(blockNumber))%10;
return random_number;
}Suppose I am a miner with such processing power that every 5th block in the network is mined by me, i.e. my chances are that I will mine the next block 2/10.
For example, one of the largest pools (see https://etherscan.io/stat/miner?range=1&blocktype=blocks ), found a way for all participants in the pool to agree on a common lotto rate, and try to influence the result. In this case, of course, one should neglect the possible loss of mining income.
Say I made a bet, and I want to influence the result.
If I simply mine a block with a random hash, this does not affect the result, but suppose I, having calculated the first possible block, reject it, and until the next block I find the block I need. What are my chances that I will find two valid blocks with different hashes faster than the rest of the network will mine a block (one) for this block number?
My chances of finding two blocks in a row: 2/10 * 2/10 = 4/100
What are the chances that my second block will be exactly the one I need?
We reason as follows:
The odds of getting the same number are 1/10 * 1/10 = 1/100
The chances that another number will fall 1-1 / 100 = 99/100
The chances are that this number will be the one you need 99/100: 9 = 11/100
The chances are that these events will coincide, that is, that I will find two blocks in a row before the rest of the network finds one and my second block will be the one I need: 4/100 * 11/100 = 44/10000
In total, choosing the block myself, I increase my chances in the game by 44/10000:
0.1 + 0.0044 = 0.1044
In other words, my chance of winning instead of 10% will be 10.44%
The chances are that I will find a third valid block earlier than the rest of the network will find one and this block will be the one I need, etc. are calculated in the same way: we add odds in which the probability is displayed by a fraction whose numerator will be greater by units, and the denominator will be greater by tens, i.e. this in total will not increase the probability by more than 1/10000, in other words, when rounding to two decimal places, it will be the same number: ~ 10.44%
For a player who miners every 10 blocks in the network: ~ 10.11%
However, we proceeded from the fact that: "My chances are that I will find two valid blocks with different hashes faster than the rest of the network will mine a block (one) for this block number? 2/10 * 2/10 = 4/100" Is this the probability that generally two blocks in a row by this miner will be found. The likelihood that this will be done faster than the rest of the network will find one is even less.
Accordingly, if the result is set not by the hash of one block, but by hashes of a certain number of consecutive blocks (say, we implement the “5 of 36” lottery, where 36 double-digit digits are obtained from hashes of 72 consecutive blocks), then the miner's ability to influence the result is even less. Thus, if we take the hashes of several consecutive blocks as a source of randomness, the chances of an individual miner to influence the result are so small that in most cases they can be neglected, even if we are talking about drawing cash (ETH) prizes.
It would be interesting to the opinion of the community how correct such reasoning is.
UPD:
I think an important point .