Paper 2017/216

SCRAPE: Scalable Randomness Attested by Public Entities

Ignacio Cascudo and Bernardo David


Uniform randomness beacons whose output can be publicly attested to be unbiased are required in several cryptographic protocols. A common approach to building such beacons is having a number parties run a coin tossing protocol with guaranteed output delivery (so that adversaries cannot simply keep honest parties from obtaining randomness, consequently halting protocols that rely on it). However, current constructions face serious scalability issues due to high computational and communication overheads. We present a coin tossing protocol for an honest majority that allows for any entity to verify that an output was honestly generated by observing publicly available information (even after the execution is complete), while achieving both guaranteed output delivery and scalability. The main building block of our construction is the first Publicly Verifiable Secret Sharing scheme for threshold access structures that requires only O(n) exponentiations. Previous schemes required O(nt) exponentiations (where t is the threshold) from each of the parties involved, making them unfit for scalable distributed randomness generation, which requires t=n/2 and thus O(n^2) exponentiations.

Note: Added full benchmarks of proposed protocols and notes about instantiating the pairing based protocol over asymmetric bilinear groups.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Major revision. ACNS 2017
Publicly Verifiable Secret SharingRandomness GenerationGuaranteed Output DeliveryCoin Tossing
Contact author(s)
bernardo david @ iohk io
2017-05-02: revised
2017-03-04: received
See all versions
Short URL
Creative Commons Attribution


      author = {Ignacio Cascudo and Bernardo David},
      title = {SCRAPE: Scalable Randomness Attested by Public Entities},
      howpublished = {Cryptology ePrint Archive, Paper 2017/216},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.