Are there some natural random events that could serve as a source of consensus?

[kfx2]

The simplest Proof-of-Stake protocol is one where the participants lock down their stakes, after which the system randomly assigns the block reward to one of them. However, this random selection of the next awardee must be done in a way that is independently verifiable by someone who does not trust the system. The obvious way is to use a pseudorandom number generator in a known state. If I'm not wrong, this is how some of the initial PoS coins actually did things. However, this approach makes the random selection not only verifiable, but also predictable, which in turn incentivizes the participants to game the system.

There are of course counters to such gaming, and there are far more complex PoS and dPoS protocols. However, if I'm not mistaken, none of them at the moment are generally accepted as superior to bitcoin's PoW.

So, I was wondering if instead of building more complicated protocols we could just find a natural source of random numbers that would be suitable for cryptocurrency mining? What I mean by that is: something that would not be predictable, but could serve as a source of consensus between multiple participants that do not trust each another.

The random events suitable for task should have the following properties:

• be observable by multiple independent observers, not restricted to a single location;
• be impossible to predict in practice;
• be convertible to a discrete value.

Ideally, they also should:

• either happen with a reasonably high frequency, or be measurable with a reasonably high frequency (on the order of seconds or minutes, not months or years);
• be measurable with today's technology.

Such as source could be simple a binary event, as long as everyone can agree on the outcome with a high degree of certainty. In contrast, a categorical value that depends on vague definitions is a bad choice.

The best I could come up with is some kind of astronomical measurement. In particular, I was thinking of the number of supernovae in the Milky Way (or in multiple nearby galaxies). It seems to be a discrete number, something that almost everyone could agree on, and unpredictable for all practical purposes. The drawbacks are that the frequency of new supernovae is low, and that we cannot reliably determine this number with the current technology. What do you think?

[1714150173]

1714150173

[1714150173]

1714150173

[1714150173]

1714150173

[1714150173]

1714150173

[1714150173]

1714150173

[joniboini]

What about ocean waves?

There are at least 4 kinds of waves[1] which can serve the same purpose as 6 numbers on a dice. Not really sure if this is feasible to do or if the benefits outweigh the cost. Still, ocean waves are not entirely "free" from manipulation.


[1] https://www.sciencelearn.org.nz/resources/121-behaviour-of-waves

[HeRetiK]

So, I was wondering if instead of building more complicated protocols we could just find a natural source of random numbers that would be suitable for cryptocurrency mining? What I mean by that is: something that would not be predictable, but could serve as a source of consensus between multiple participants that do not trust each another.

I don't think provable non-partisan randomness alone can make a consensus algorithm.

For PoW it's irrelevant, as there is no problem with the randomness of how blocks are found (apart from the issue of variance, which is a different matter). That is, the results of cryptographic hashes as used by PoW are already both unpredictable and easily verifiable.

The way I understand PoS and its derivatives it also seems to be more a question of variance, rather than unpredictability vs verifiability. However I'm not too familiar with PoS so that's all I dare say.

As far as globally witnessable sources of randomness are concerned -- How about solar activity?

[kfx2]

HeRetiK: yes, this idea as described above only applies to PoS.

There is a variation of the idea for PoW that allows to "duty-cycle" PoW (the motivation being a "greener" PoW or one suitable for energy-limited IoT devices). Imagine this protocol:
- everyone is in standby mode, waiting for a global random event to happen
- random events happens, producing the outcome "5".
- everyone starts searching for the nonce of the next block. The trick is that instead of finding the "normal" nonce such that

Code:

hash(nonce, block)

starts with enough zeros, they look for a nonce that  such that

Code:

hash(nonce + 5, block)

has the right property - with "5" being the number from previous step.
- someone finds the right nonce
- information about the winner is distributed in the network and everyone stops mining until the next random event

(To be clear, this is an academical / theoretical proposal, I don't actually want to say that any real coins should use this.)


ETFbitcoin

1. That sounds like another FOMO3D 
2. Not sure I understand this idea?

[d5000]

I doubt randomness that comes from real world which can't be verified without human involvement/input is practical for any decentralized consensus method. But i have 2 thought about this problem (in PoS coins) :
1. Assuming randomness source comes from blockchain/network data. If anyone can know who will selected as the one who create next block or/and get the reward, then many individuals/party will try to abuse the system by add necessary data to make them as winner and that would make each other calculation/prediction become incorrect and thus no one can manipulate it.

As far as I know, this is the way Peercoin-based coins select the "winner" from Peercoin 0.3 on. Thus, it has become extremely difficult to perform "stake grinding" (which is was the OP is wanting to combat).

Also I read opinions from other forum users with some knowledge in the area that Cardano's algorithm (short description) is pretty good, only that it's not suitable for low block intervals.

But there are much tougher problems with Proof of stake than the selection of randomness. The big problem is that there is no "objective" way to determine the longest chain if you were offline for a time. Thus all PoS coins depend on a relatively stable validator set which is always online. There are solutions for these problems making attacks unpractical in most cases, but PoW continues to be superior in terms of "objectivity".

[kfx2]

The big problem is that there is no "objective" way to determine the longest chain if you were offline for a time.

Why not use the chain with the most coins at stake? In PoW, one would use the chain with most amount of work.

[d5000]

The big problem is that there is no "objective" way to determine the longest chain if you were offline for a time.

Why not use the chain with the most coins at stake? In PoW, one would use the chain with most amount of work.

Because due to possible double spends, in the case of an attack, there could be several competing chains claiming to be the ones with "most coins at stake". Transaction and block timestamps can be faked, so there's no way to determine which chain is "legit" (i.e. which one has the "first" transaction in an double spend event).

So the only way to solve this is to establish a kind of "convention", where the legit chain is the chain where most transactions take place "de facto". TaPoS is a way to achieve this convention, another one are "decentralized checkpoints" (re-org limits). And there are BFT-based models, which typically require two thirds of the stake to "approve" blocks.

However, it is very difficult to exploit this problem without a large proportion of the stake. You can search the "bribe attack", the "long range attack" and the "history attack" for some ideas, but they are expensive and/or require social engineering.