🎲 drand & 🛰️ CryptoSat: Pioneering Space-Based Randomness
drand is the next generation distributed randomness service. It requires several independent organizations to run a node that contributes a part of the randomness to the network. So far, all of the nodes that participate in the League of Entropy’s drand network have been placed on Earth. But this has just changed! Temporarily for now, but hopefully more permanently in the near future. Read on to find out all the details.
What is CryptoSat?
CryptoSat builds and launches satellites that power blockchain and cryptographic protocols. Satellites are physically inaccessible and can serve as the most secure root-of-trust that guarantees the confidentiality and integrity of sensitive computations and data. Such tamper-proof satellites can serve numerous use-cases including transaction signing, trusted setups for cryptographic schemes, a randomness oracle, a time-oracle (VDF), and more.
What is drand?
drand is designed to be run by a network of nodes to produce verifiable, unpredictable, and non-biasable random values. The primary drand network is operated by a group of partners known as the League of Entropy (LoE). The LoE currently consists of 16 independent member organizations located on several continents and operating 23 nodes across different cloud providers, data centers, and geographies.
drand is based on a cryptography model called “Threshold Cryptography.” According to this model, a threshold
number of “partial signatures” need to be collected from different nodes to produce a valid signature for the whole group. In the LoE’s drand network, the threshold
is set to 50% of nodes +1, which gives a threshold
of 12 for a 23-node network.
The random numbers produced by drand are:
- Verifiable: Anyone can verify that a random value was indeed produced by the LoE group by checking the signature and re-deriving the randomness from it themselves.
- Unpredictable: A new random value can only be produced when a
threshold
number of parts (also called partials) of the final signature are collected and aggregated. - Non-biasable: It is impossible to influence any future random value without compromising a
threshold
number of nodes.
The LoE drand network has been running since August 2020, has produced more than 2M random values (emitted every 30 seconds) as of September 2022, and has had zero downtime.
⚗️ The Experiment
On March 16th, 2022, CryptoSat conducted a series of experiments aboard the International Space Station (ISS). These experiments tested the operational aspects of performing cryptographic operations from space, as a stepping stone towards running such operations in satellites. One important experiment was to run a drand node on a machine on the ISS and connect it to a drand node on the ground.
First, the two nodes performed a Distributed Key Generation (DKG) procedure. Then, the pair of nodes started periodically producing a random beacon. The experiment established the feasibility of placing a drand node in space, despite operational complexities.
Latency between nodes plays an important role in the drand network, and satellite networks may incur increased latency and delays due to the distance between terrestrial nodes and those on satellites. Spotty connectivity due to “line-of-sight” requirements can cause satellite nodes to disappear and experience severe bandwidth fluctuations.
drand was never before tested under such circumstances. The ISS experiment confirmed the feasibility of using the existing drand implementation on a space node, given unpredictable connectivity. However, the ISS experiment provided only limited insight into the long-term ongoing operation of a drand node in space, due to the very limited time frame of the experiment (under an hour). Spotty connectivity needs to be further simulated before deploying drand on an actual satellite.
❗ Importance and Next Steps
A signature from space: Any computer placed on Earth is vulnerable to physical force and penetration through physical access. Although it is very difficult to simultaneously compromise threshold
nodes and LoE partners use the highest security standards, a node that operates from space is physically unreachable. This is why CryptoSat’s node, which operates from space, is such an interesting addition to the League of Entropy.
The two teams plan to continue the collaboration and establish CryptoSat’s participation in the League of Entropy as a longer-term commitment. Several things stand out from this vision:
- Improved Security: Having a node outside of physical reach further enhances the bias-resistance and resilience of the drand network and randomness service.
- Latency Testing: We will be able to test whether higher latencies influence any part of the drand randomness service, including the DKG itself and the aggregation of partials.
- CryptoSat's Cryptographic Use Case: Running drand is generally lightweight in terms of CPU and bandwidth requirements but has increased availability requirements. Stress-testing cryptographic operations helps CryptoSat focus on increasing availability and showcasing progress through clear metrics.
- User Flexibility: Different users have different threat models. CryptoSat provides a node with unique security properties that can withstand coordinated attacks on multiple ground nodes, allowing users to choose whether their use-case requires beacons produced with the participation of CryptoSat.
🗺️ What’s Next on Our Roadmap?
In May 2022, CryptoSat launched its first satellite, Crypto1. While the ISS experiment was a valuable proof of concept for running drand in space, the real value comes from a truly physically isolated satellite supporting the drand protocol. Protocol Labs and CryptoSat are aiming to continue co-development towards a functional drand node running aboard a satellite. This requires some refactoring of the drand implementation to separate the cryptographic module that needs to run in space from the parts that communicate with other drand nodes.
As mentioned, the time-constrained ISS experiment doesn’t provide full insight into the ongoing operation of a node with spotty connectivity. We need to simulate a participant node that is only occasionally available to participate in beacon generation rounds, simulating the conditions of a satellite that is sometimes out of reach of any ground station.
The future is bright for this collaboration—not only for the two parties involved but most importantly for the users of drand as a randomness service! Reach out if you have ideas on how to add further value to our upcoming experiments, or if you want to get involved and contribute to drand’s vision. Make sure to join our drand Slack workspace, or reach out by email at: leagueofentropy [ at ] googlegroups.com.