This document provides an overview of the cryptographic building blocks that drand uses to generate publicly verifiable, unbiased, and unpredictable randomness in a distributed manner.
π³οΈ Threshold Cryptography
drand relies on threshold cryptography, where a minimum number of participants must work together to execute cryptographic operations. This approach avoids single points of failure and enhances security.
The drand beacon operates in two phases: 1.) the setup phase and 2.) the beacon phase.
1. Setup Phase
The setup phase creates a collective private and public key pair shared among participants. This is done through a Distributed Key Generation (DKG) process, ensuring that no individual node knows the entire collective private key. Each private key share is used for cryptographic threshold computations, such as generating threshold signatures.
π€ Secret Sharing
Secret sharing allows a secret value to be split into shares, which can be reconstructed only if a threshold of shares is available. drand uses Shamir's Secret Sharing (SSS) scheme, which is well-known for its reliability and security.
π€« Verifiable Secret Sharing
Verifiable Secret Sharing (VSS) ensures that participants can verify their shares, protecting against malicious dealers. drand uses Feldman's VSS scheme, an extension of SSS, to ensure the shared secret can be correctly reconstructed.
π Distributed Key Generation (DKG)
DKG creates a collectively shared secret without any single participant knowing it. drand uses Pedersen's DKG scheme, running multiple instances of Feldman's VSS in parallel to create a final share for each participant. This collective public key is then used in the randomness generation phase.
π¨ 2. Beacon Phase
In the beacon phase, drand uses pairing-based cryptography to generate publicly verifiable, unbiased, and unpredictable randomness. The process involves threshold Boneh-Lynn-Shacham (BLS) signatures.
π« Pairing-Based Cryptography
Pairing-based cryptography uses bilinear groups to create efficient cryptographic operations. drand currently uses the BLS12-381 curve.
π² Randomness Generation
To generate randomness, drand uses threshold BLS signatures. Each participant creates a partial signature, which are then combined to form a collective BLS signature. This signature is hashed to produce the final random value.
π Smaller Signatures for Resource-Constrained Applications
drand supports schemes, which are network-level configurations that determine the cryptographic methods and protocols used to generate randomness. These scheme aim to minimize the size of signatures, reducing storage requirements and improving efficiency.
βοΈ Chained and Unchained Modes
drand operates in two modes: chained and unchained. In chained mode, each random value depends on all previous values, ensuring security and consistency. In unchained mode, each random value is generated independently.
π Learning More
For more detailed information, refer to the drand project specifications and related research papers on scalable bias-resistant distributed randomness.