Bitcoin Forum

I've been musing about various different (non POW) consensus design mechanisms and have come across the need to use random numbers in order to select the winner of a block reward.

However, it strikes me that using something like the block hash or any other combination of things any given node could generate when attempting to submit a block would be subject to forgery - the node picks a particular hash, or combination of hashes which produce a winner for the random number generator.

Then I thought about including a small POW to make forging harder, but it then struck me that unless the POW is at maximum difficulty, this would only reduce the forgeability (since you could sybil attack it with many results if the POW was easy enough) not prevent it.

So, the question is: do unforgeable, node side random numbers rely on POW at maximum network difficulty? How do POS chains deal with this?

Just to be clear, is the question, How do I get a random number from a POS chain ?

If so.. I would go with,

You take the last 64 blocks, and take 1 bit from each block, the first bit of the header hash, stick all of these together and come up with one 64 bit number.

Even if you controlled the last 8 blocks, that would only be 256 different permutations you could try, to find one that favoured you.

Then, you could spread this out to use 64x64 blocks instead, by hashing each 64 blocks to get 1 hash, and then 1 bit from each of those.. Surely that would be pretty hard to game ?




 

The ultimate question is whether the only truly ungameable random numbers in a p2p network come from POW at network difficulty?

Your proposal sounds like an improvement from just picking the hash of the last block.