Cryptology ePrint Archive: Report 2015/1015

On Bitcoin as a public randomness source

Joseph Bonneau and Jeremy Clark and Steven Goldfeder

Abstract: We formalize the use of Bitcoin as a source of publicly-verifiable randomness. As a side-effect of Bitcoin's proof-of-work-based consensus system, random values are broadcast every time new blocks are mined. We can derive strong lower bounds on the computational min-entropy in each block: currently, at least 68 bits of min-entropy are produced every 10 minutes, from which one can derive over 32 near-uniform bits using standard extractor techniques. We show that any attack on this beacon would form an attack on Bitcoin itself and hence have a monetary cost that we can bound, unlike any other construction for a public randomness beacon in the literature. In our simplest construction, we show that a lottery producing a single unbiased bit is manipulation-resistant against an attacker with a stake of less than 50 bitcoins in the output, or about US$12,000 today. Finally, we propose making the beacon output available to smart contracts and demonstrate that this simple tool enables a number of interesting applications.

Category / Keywords:

Date: received 18 Oct 2015

Contact author: jbonneau at cs stanford edu

Available format(s): PDF | BibTeX Citation

Version: 20151019:205945 (All versions of this report)

Short URL: ia.cr/2015/1015

Discussion forum: Show discussion | Start new discussion