Random Beacons

A random beacon is a service that periodically produces fresh, publicly available random values.

Key Properties

A random beacon should satisfy:

  • Unpredictability: No node can predict the output before it is published.
  • Unbiasability: No node can influence the distribution of the output. Strictly stronger than unpredictability, since an adversary may not predict the exact output but could still skew it.
  • Public verifiability: Any node can verify the output was correctly generated without trusting the operator.
  • Availability (guaranteed output delivery): The beacon produces output on schedule even if some nodes are faulty or adversarial.

Random Beacons in the Wild

Centralized

  • Lavarand: Randomness from lava lamps [1]
  • Randomness from atmospheric noise [2]
  • NIST interoperable randomness beacon [3]

Distributed

  • DRand (League of Entropy): Threshold BLS signatures; output is deterministic once \(t+1\) of \(n\) participants contribute, preventing bias or withholding by any single party [4], [5]
  • Ethereum RANDAO: Block proposers contribute BLS signatures; outputs are XORed. Vulnerable to last-revealer bias because a proposer can skip their slot to influence the result [6].
  • Chainlink VRF: On-chain verifiable randomness for smart contracts via VRFs with proof verification [7].

Construction Techniques

For a comprehensive survey, see [8].

  • Commit-reveal: Participants commit to hash of secret, then reveal. Output derived from all reveals (e.g., XOR). Vulnerable to last-revealer attack and abort.
  • Threshold cryptography: (e.g., threshold BLS in DRand). Output is deterministic once \(t+1\) honest shares are contributed, preventing bias. Requires a DKG (distributed key generation) phase.
  • VDFs (Verifiable Delay Functions): Require prescribed sequential time to compute, fast to verify (e.g., repeated squaring in groups of unknown order [9], [10]). Used as post-processing on a biasable source so the output is fixed before any party can react.
  • VRFs (Verifiable Random Functions): Secret-key holder produces pseudorandom output with proof of correctness. Used in Algorand [11] and Ouroboros Praos [12] for private leader election. A building block, not a standalone beacon.
  • PVSS (Publicly Verifiable Secret Sharing): Allows recovery of a participant's contribution if they go offline. Used in SCRAPE [13], RandHerd [14], and DFINITY's beacon [15].

Security Considerations

  • Last-revealer attack: In commit-reveal or XOR-based schemes (including RANDAO), the last party to reveal can choose to abort, gaining 1 bit of influence per abort. Motivates threshold and VDF-based designs.
  • Grinding attacks: Adversary tries many possible inputs to find a favorable output. Relevant to block-hash-based randomness. Ouroboros Praos mitigates this with VRFs.
  • Liveness attacks: Adversary refuses to participate to prevent output. Threshold schemes ($t$-of-\(n\)) tolerate up to \(n-t\) failures.
  • Front-running: If beacon output is visible before dependent transactions finalize, adversaries can act on it.

Applications

  1. According to [16], global coins can substitute a local coin and can speed up protocols.
  2. Asynchronous distributed protocols need randomness since no deterministic protocols exist due to [17]. So we can use the first application to speed up asynchronous protocols.
  3. The Ouroboros sequence of works, the only-known provably secure Proof-of-stake protocols, need randomness to ensure eventual consistency.
  4. Leader/committee election, e.g., Algorand uses VRFs for cryptographic sortition [11]
  5. Parameter generation - trusted setup ceremonies for zk-SNARKs use beacon outputs to ensure no party could have predicted the seed [18].

References

[1] 2025. “LavaRnd.” https://lavarand.org/.
[2] Mads Haahr. 2012. “True Random Number Service.” https://www.random.org/.
[3] Information Technology Laboratory Computer Security Division. 2021. “Interoperable Randomness Beacons: CSRC.” https://csrc.nist.gov/projects/interoperable-randomness-beacons.
[4] Drand. 2021. “Drand - A Distributed Randomness Beacon Daemon.” https://github.com/drand/drand.
[5] 2022. “Distributed Randomness Beacon Cloudflare.” https://www.cloudflare.com/leagueofentropy/.
[6] Kaya Alpturer, and S. Matthew Weinberg. 2024. “Optimal RANDAO Manipulation in Ethereum.” http://arxiv.org/abs/2409.19883.
[7] 2023. “Introduction to Chainlink VRF.” https://docs.chain.link/vrf/v2/introduction.
[8] Kevin Choi, Aathira Manoj, and Joseph Bonneau. 2023. “SoK: Distributed Randomness Beacons.” https://eprint.iacr.org/2023/728.
[9] Benjamin Wesolowski. 2018. “Efficient verifiable delay functions.” https://eprint.iacr.org/2018/623.
[10] Krzysztof Pietrzak. 2018. “Simple Verifiable Delay Functions.” https://eprint.iacr.org/2018/627.
[11] Yossi Gilad, Rotem Hemo, Silvio Micali, Georgios Vlachos, and Nickolai Zeldovich. 2017. “Algorand: Scaling Byzantine Agreements for Cryptocurrencies.”
[12] Bernardo David, Peter Gaži, Aggelos Kiayias, and Alexander Russell. 2018. “Ouroboros praos: An adaptively-secure, semi-synchronous proof-of-stake blockchain.” https://link.springer.com/chapter/10.1007/978-3-319-78375-8_3.
[13] Ignacio Cascudo, and Bernardo David. 2017. “SCRAPE: Scalable Randomness Attested by Public Entities.” http://link.springer.com/10.1007/978-3-319-61204-1_27.
[14] Ewa Syta, Philipp Jovanovic, Eleftherios Kokoris Kogias, Nicolas Gailly, Linus Gasser, Ismail Khoffi, Michael J Fischer, and Bryan Ford. 2017. “Scalable Bias-Resistant Distributed Randomness.” http://ieeexplore.ieee.org/document/7958592/.
[15] Timo Hanke, Mahnush Movahedi, and Dominic Williams. 2018. “DFINITY Technology Overview Series, Consensus System.” http://arxiv.org/abs/1805.04548.
[16] Marcos Kawazoe Aguilera, and Sam Toueg. 1998. “Correctness proof of ben-or’s randomized consensus algorithm.” https://ecommons.cornell.edu/entities/technical%20report/78842dc1-8e85-41ae-a081-7f6086a3f107.
[17] Michael J Fischer, Nancy A Lynch, and Michael S Paterson. 1985. “Impossibility of Distributed Consensus with One Faulty Process.” https://dl.acm.org/doi/10.1145/3149.214121.
[18] Sean Bowe, Ariel Gabizon, and Matthew D. Green. 2019. “A Multi-party Protocol for Constructing the Public Parameters of the Pinocchio zk-SNARK.” http://link.springer.com/10.1007/978-3-662-58820-8_5.