1.0 ABOUT (What is “drand”?)

drand (lower case, pronounced "DEE-rand") is a distributed randomness beacon daemon written in the Go programming language. It generates collective, publicly verifiable, unbiased, and unpredictable random values at fixed intervals using advanced cryptographic techniques.

drand serves as a critical Internet-wide infrastructure, providing randomness to applications much like the Network Time Protocol (NTP) provides timing information. It ensures randomness is verifiable and decentralized, making it ideal for a wide range of applications, from blockchain systems to anonymity networks.

Randomness plays a crucial role in various aspects of modern life, from voting systems and traffic management to financial services. However, its most critical application is in cryptography.

For example, WPA2, the widely used security protocol for Wi-Fi networks, relies on randomness. When a laptop connects to a Wi-Fi network, both the laptop and the Wi-Fi access point generate large random numbers to perform a secure handshake. This ensures that communications cannot be eavesdropped. If these random numbers were predictable, an attacker could intercept the connection.

Current Randomness Generators

Several systems have tried to provide strong randomness, but each has its limitations. As an example:

• NIST Randomness Beacon: The NIST Randomness Beacon provides cryptographic randomness in real-time. However, it is centralized and not verifiable by the public, which poses trust and reliability concerns.

Features of Good Randomness

To prevent manipulation, a strong random-number generator should be:

• Unpredictable: Impossible to predict the next number.
• Publicly Verifiable: Anyone can verify the randomness.
• Bias-Resistant: Cannot be influenced to produce specific outcomes.
• Decentralized: Produced by a set of independent, unrelated parties.
• Always Available: Reliably capable of providing random numbers.

drand aims to fulfill all these criteria.

How drand Works

drand generates randomness without allowing any party to predict or bias the output. Here's a simplified overview:

1. Network Setup: A drand network consists of nodes running the drand protocol. These nodes agree on a threshold parameter and generate partial signatures.
2. Randomness Generation: Nodes broadcast parts of their signatures, which are collected until they match the threshold. The final signature, a Boneh–Lynn–Shacham (BLS) signature, is verified by the network and hashed to produce the random value.

For more details, refer to the project specifications.

Public Randomness

drand's primary function is generating public randomness. The process involves:

• Setup Phase: Nodes generate a long-term public/private key pair and perform a distributed key generation (DKG) protocol to create a collective public key and individual private key shares.
• Generation Phase: Nodes initiate randomness generation rounds, sign messages using their private key shares, and reconstruct the full BLS signature. This signature is hashed to ensure no bias, producing the final random value.

This randomness is useful for applications like lotteries, sharding, and consensus protocols.

Importance of Decentralized Randomness

Decentralized randomness is crucial for many systems that rely on fair and unpredictable outcomes. For example, Proof-of-Stake (PoS) blockchains use randomness to elect miners, ensuring security and fairness. Unlike centralized solutions, drand offers a verifiable and unbiased source of randomness, enhancing reliability and security.

Origins of drand

drand was developed in 2017 in the DEDIS Lab at EPFL, spearheaded by Nicolas Gailly. The project built upon earlier work in decentralized randomness by researchers at Yale University and EPFL.

The DEDIS team collaborated with DFINITY to optimize the cryptographic techniques used in drand, resulting in a more efficient and reliable randomness generation protocol.

drand Network and Adoption

drand gained support from prominent organizations such as Cloudflare, Kudelski Security, Protocol Labs, Universidad de Chile, and many others. These collaborations have helped establish a robust drand network, hosted by a voluntary consortium known as the League of Entropy, which launched its production-ready mainnet in 2019.

Today, drand is used in various applications, including leader election in consensus mechanisms, providing randomness for smart contracts, and more.

Acknowledgments

Special thanks to contributors and collaborators who have supported drand’s development, including @paulmillr and @herumi for cryptographic library support, and teams from the DEDIS lab and from Protocol Labs.