drand Explained (What is “drand”?)

drand (lower case, pronounced "DEE-rand") is a distributed randomness beacon daemon written in the Go programming language. It generates collective, publicly verifiable, unbiased, and unpredictable random values at fixed intervals using advanced cryptographic techniques.

drand serves as a critical Internet-wide infrastructure, providing randomness to applications much like the Network Time Protocol (NTP) provides timing information. It ensures randomness is verifiable and decentralized, making it ideal for a wide range of applications, from blockchain systems to anonymity networks.

Randomness plays a crucial role in various aspects of modern life, from voting systems and traffic management to financial services. However, its most critical application is in cryptography.

Current Randomness Generators

Several systems have tried to provide strong randomness, but each has its limitations. As an example:

NIST Randomness Beacon: The United States' National Institute of Standards and Technology (NIST)' has a project that aims to produce randomness by using quantum entanglement. While this is an excellent way to produce incredibly random numbers, there is no way for an end-user to verify that the numbers they are getting from NIST are random. Users have to trust that the system is providing genuinely random numbers.
Bitcoin is also able to produce random numbers. However, the cryptocurrency is fairly centralized, with power coming from a handful of mining pools.
Randhound is the most robust random number generator created so far. It claims to be scalable, bias-resistant, unpredictable, verifiable, and decentralized. However, tests have shown that it offers probabilistic guarantees, meaning that an attacker could have the system lean towards favorable numbers. Randhound is also hard to set up and takes a while to generate an output. It is the conceptual predecessor of drand.

Features of Good Randomness

To prevent manipulation, a strong public random number generator should be:

Unpredictable: Impossible to predict the next number.
Publicly Verifiable: Anyone can verify the randomness is really random.
Bias-Resistant: Cannot be influenced to produce specific outcomes.
Decentralized: Produced by a set of independent, unrelated parties.
Always Available: Reliably capable of providing random numbers.

drand aims to fulfill all these criteria.

How drand Works

drand generates randomness without allowing any party to predict or bias the output. Here's a simplified overview:

Network Setup: A drand network consists of nodes running the drand protocol. These nodes agree on a threshold parameter and generate partial signatures.
Randomness Generation: Nodes broadcast parts of their signatures, which are collected until they reach the threshold. The final signature, a Boneh–Lynn–Shacham (BLS) signature, is verified by the network and hashed to produce the random value. Because secure signature schemes need to produce unpredictable signatures, this method is secure.

For more details, refer to the project specifications.

Public Randomness

drand's primary function is generating public randomness. The process involves:

Setup Phase: Nodes generate a long-term public/private key pair and perform a distributed key generation (DKG) protocol to create a collective public key and individual private key shares.
Generation Phase: Nodes initiate randomness generation rounds, sign messages using their private key shares, and reconstruct the full BLS signature. This signature is hashed to ensure no bias, producing the final random value.

This randomness is useful for applications like lotteries, sharding, and consensus protocols.

Importance of Decentralized Randomness

Decentralized randomness is crucial for many systems that rely on fair and unpredictable outcomes. For example, Proof-of-Stake (PoS) blockchains use randomness to elect miners, ensuring security and fairness. Unlike centralized solutions, drand offers a verifiable and unbiased source of randomness, enhancing reliability and security.

Origins of drand

drand was developed in 2017 in the DEDIS Lab at EPFL, spearheaded by Nicolas Gailly. The project built upon earlier work in decentralized randomness by researchers at Yale University and EPFL.

The DEDIS team collaborated with DFINITY to optimize the cryptographic techniques used in drand, resulting in a more efficient and reliable randomness generation protocol.

drand Network and Adoption

drand gained support from prominent organizations such as Cloudflare, Kudelski Security, Protocol Labs, Universidad de Chile, and many others. These collaborations have helped establish a robust drand network, hosted by a voluntary consortium known as the League of Entropy, which launched its production-ready mainnet in 2019.

Today, drand is used in various applications, including leader election in consensus mechanisms, providing randomness for smart contracts, and more.

Acknowledgments

Special thanks to contributors and collaborators who have supported drand’s development, including @paulmillr and @herumi for cryptographic library support, and teams from the DEDIS lab and from Protocol Labs.

💌 Get in touch!

If you have any questions or comments, you can reach the drand team at [email protected], [email protected] or join the drand Slack workspace.

Current Randomness Generators​

Features of Good Randomness​

How drand Works​

Public Randomness​

Importance of Decentralized Randomness​

Origins of drand​

drand Network and Adoption​

Acknowledgments​

💌 Get in touch!​