Cryptology ePrint Archive: Report 2015/1015
On Bitcoin as a public randomness source
Joseph Bonneau and Jeremy Clark and Steven Goldfeder
Abstract: We formalize the use of Bitcoin as a source of publicly-verifiable randomness. As a side-effect of Bitcoin's proof-of-work-based consensus system, random values are broadcast every time new blocks are mined.
We can derive strong lower bounds on the computational min-entropy in each block: currently, at least 68 bits of min-entropy are produced every 10 minutes, from which one can derive over 32 near-uniform bits using standard extractor techniques. We show that any attack on this beacon would form an attack on Bitcoin itself and hence have a monetary cost that we can bound, unlike any other construction for a public randomness beacon in the literature. In our simplest construction, we show that a lottery producing a single unbiased bit is manipulation-resistant against an attacker with a stake of less than 50 bitcoins in the output, or about US$12,000 today. Finally, we propose making the beacon output available to smart contracts and demonstrate that this simple tool enables a number of interesting applications.
Category / Keywords:
Date: received 18 Oct 2015
Contact author: jbonneau at cs stanford edu
Available format(s): PDF | BibTeX Citation
Version: 20151019:205945 (All versions of this report)
Short URL: ia.cr/2015/1015
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]