Decentralized Random Number Generation
- Some players, randers, submit random numbers, one at a time (plus a fixed deposit and gas costs for each submitted random number). Every submitted random number is pushed to a (cyclical) fixed-sized array. The rander whose random number gets booted off of this array upon a random number submission gets their deposit returned. Other players, preders, submit a prediction window (an array of predictions) along with 1 wager per unit length in the array (1 deposit per prediction). Finally, there are customers, who pay the smart contract a fixed amount C to automatically have a random number sent to their address or some location of their choosing.
- Randers and preders can submit random numbers and predictions, respectively, at any time, but each may only be entitled to disbursed when a customer places an order. Cases:
- The last submitted random number DOES NOT match a prediction. Thus, the most recent randers are entitled to 1/(1+i) of C, where i ranges from 1, 2, ..., N for some fixed integer N. Excess customer payment not disbursed to randers (namely the amount N - ∑^N_i N/(1+i)) contributes to a pot of ether. For example, the rander who submitted a random number and deposit most recently (closest to when a customer paid for a random number) receives 1/2 of C. The rander who submitted the previous random number is entitled to 1/3 of C even if their random number has not been sent to a customer. Preders don't lose anything; Preders are returned their wager (less gas).
- The last submitted random number DOES match a prediction. Thus, all preders who submitted a prediction that matches the random number sent to the customer split C and receive their wager back in full. Furthermore, the first preder to submit the correct guess gets the ether pot. Note that there is nothing preventing any preder from "investing" in a particular value for a random number multiple times over using different public addresses.
- In both cases, the customer receives the last submitted random number.
Randers are incentivized to constantly submit random numbers of maximal entropy to maximize their chance of not matching a predictor while maximizing their chance to earn income from C. Preders are incentivized to correctly guess the next random number that will be utilized.
If volume is low, or too many people freely take the random numbers submitted by the randers (by accessing the smart contract's logs), then preders are incentivized to act as customers and pay for random numbers themselves. But this opens an opportunity for randers to profit - all they need to do is submit a truly random number to optimize their chances of beating the opportunistic preder to profit.
Read these to understand why a rander, under pressure from preders, is incentivized to submit samples from the uniform distribution:
-
https://math.stackexchange.com/questions/275652/equivalence-between-uniform-and-normal-distribution
-
https://math.stackexchange.com/questions/1156404/entropy-of-a-uniform-distribution
Kenny Peluso
MIT