区块链入门教程以太坊源码分析以太坊随机数生成方式二。
激励
RNG的周期非常短,例如一个小时20个生成周期,如果没有周期的利润是0.001%,一个月的盈利会达到0.00001 20 24 30 = 0.144。 为了达到14.4%每个月的盈利,并且RNG平均有n个参与者,运行智能合约C的费用为 n 3 500 gasPrice + Ccost.(CCost是合约内部的gas消费,包括计算和存储)假设每个随机值平均有r个请求,每个请求的费用是 p ETH, 那么收入是 rp. 所以每个参与者每一次参与会收到rp - 1500n gasPrice - Ccost) / n。当前的gasPrice是10 szabo, 合约的消费大概是1500n gas, 所以大概的净收入是(rp/n-0.03)ETH. 假设每个RNG有10个参与者,并且抵押是1000ETH,所以如果RNG如果只请求一次,那么一次的费用是0.4 ETH, 如果请求是10次,那么一次请求的价格会被降到0.04ETH
The RANDAO acts as an infrastructure in the Ethereum system. It is called by other contracts. Contracts for different purposes require different random numbers: some need high security, such as lottery; some need steady responses and the request should be responded immediately, these contracts are normally low-value; some need a callback, they want to receive a notification with random numbers when numbers are ready.
Obviously it's impossible to meet different requirements in various scenarios with only one RNG contract, so a lot of contracts will be created with different initial parameters, but the basic rules are the same.
RANDAO作为以太坊系统的基础设施。被其他的合约调用。不同的合约因为有不同的目的所以需要不同的随机值:有些需要高度加密的,比如说抽奖;有些需要稳定的回应,并且要求立即作出回应,这些合约本身的价值不高;有些需要回调函数,当随机值已经生成的时候需要接收到通知。
很明显通过单一的RNG合约不可能满足所有的不同的请求,所以使用了不同的初始值创建了很多智能合约,不过他们基本的规则是相同的。
For example, if we need high security, we can substantially increase the pledge of the first phase. Thus, the cost of leading to failure of RNG process by not revealing s is greatly increased. And for the contracts without much interest involved, the minimum number of participants and the pledge can be lower.
Let's look at an example of a dApp betting on odd or even numbers, we'll show how to adjust the contract's parameters to meet the desired security level, by making the cost of cheating higher than expected earnings. Assuming the bet is 1000 ETH, the betting contract calls a RNG contract C1, if C1 failed to generate a random number at requested block height, then betting contract waits for the next random number of C1, until there is one generated.
比如,如果你需要高度安全,我们可以大大的增加第一阶段的抵押。这样不提供s的导致失败的概率会大大降低。对于那么资金不是很充足的合约,那么参与者的最小个数和抵押都可以降低。
让我们看一个dapp的例子,这个例子用来赌数的奇数和偶数,我们会显示如何调整合约的参数来匹配适合的安全程度,通过让造假的成本大大高于收益。假设打赌是1000ETH,这个打赌的合约调用了RNG的合约C1, 如果C1在请求的区块高度生成随机数失败了,打赌的合约会等待C1的下一个随机数,直到有一个生成成功。
Let's build the RNG contract C1, and set the pledged ETH of C1 to 2000. The gambler G plays the betting dApp but also participates in the contract. When he finds himself in a disadvantageous position before he reveals his secret number, he can choose not to reveal s, so that the RNG failed and he got another chance. But he will lose the 2000 pledged ETH, so although he can get 1000 ETH expected return, it is still a bad deal. However, G can reduce his losses on C1 by some means, such as participating in C1 using two accounts, sending two sha3(s). if in a disadvantageous position, G will keep only one account's secret, and if only one participant expect G participate to in C1, G will only lose 1000 ETH in C1, but G will get 1000 ETH as expected return, which is a worthy try.
让我们构建RNG智能合约C1, 并且设置抵押的值是2000。 赌徒G参与了dApp的赌注,同时参与了RNG的智能合约。在他提交s之前,发现自己处在不利的状态。他可以选择不提交自己的s,这样RNG会失败,他会得到下一个机会。 但是他会损失2000ETH的抵押,尽管他可以得到1000ETH的赌注,所以这样并不是一个好的交易。然而赌徒G可以使用其他的方式来减少损失,比如G可以使用两个账号参与RNG,发送两个sha3(s).如果在不利的状态,G会让一个账号不提交s,这样如果除了G之外只有另外一个其他的账号,G只会在G1上面损失1000ETH,但是G如果赌赢了可以得到1000ETH,所以也值得一试。
This issue can be fixed by confiscating the pledged ETH, and not return them to participants as bonus. so a contract with 1000 pledged ETH will meet the requirement of the betting dApp.
这种情况可以通过没收所有抵押来修复,不会把他们作为奖励返回。所以一个1000抵押的合约会符合赌博的要求。
Besides confiscation, another scheme can prevent such attacks by introducing an additional system: RANDAO membership. To become a member you must pay dues, anyone paid their dues is a member. Members have different levels according to the dues they paid. Membership does not belong to a contract, but instead functions like a passport to participate in some RANDAO contracts. If a breach of any contract happens, that person's membership will be ended and the dues will be confiscated. Now we can add an additional agreement to C1, C1 will only accept numbers committed by members whose level of investment is high enough (membership dues over 1000 ETH). This will ensure that nobody has a financial motive to try an attack.
除了没收,还有一个方案可以阻止这种攻击,那就是 RANDAO membership。 为了成为成员,你必须缴纳成员费用。根据成员缴纳的费用的多少把成员分成不同的等级, 成员系统不属于智能合约,而是作为一种类似护照的形式来参与一些RANDAO合约。 如果发生违约情况,这个成员的会员资格会被终止,成员会用会被没收。现在我们可以给智能合约C1增加一个额外的协议,C1只接受会员会用大于一定值的成员来参与。 这样来保证没有任何人会有财务动机来发动攻击。
QA: Quest and Answer
Q: Why not let the miners participate in RNG? Why not use tx hash, nonce and other blockchain data? A: Miners have the ability to manipulate these blockchain data, and thus can indirectly affect RNG. If RNG contains blockchain data, it will give the miners capacity to construct random numbers in their favor.
Q: 为什么不让矿工来参与到RNG中? 为什么不使用txhash,nonce或者其他区块链数据? A:矿工有能力才操纵这些区块链数据,而这些会对RNG产生影响。如果RNG包含了区块链数据,会给予矿工按照自己的行为构造随机数的能力。
Q: the miners can ignore certain transactions that contain random number they dislike, how to deal with that? A: That's why we need a time window period. A reasonable period should be greater than 6 blocks, we believe that nobody can produce 6 blocks in succession. So if the participant is honest, and he send numbers immediately as long as each time window open, he doesn't need to worry about being excluded.
Q: 矿工有能力忽略特定的包含了随机数的交易,如何处理这种情况? A: 这就是为什么我们需要时间间隔。 一个合理的时间间隔会大于6个区块,我们任务没有人能连续生成6个区块。 所以如果参与者是忠诚的,而且在时间窗口内发送了那个数字, 那么他不同担心会被矿工排除在外。
Q: Why use all numbers of all participants, rather than a subset? A: The rule to pick a subset is deterministic, so participants will try to take specified position of the collection by various means, if they succeed, they will know in advance what the random number is generating from subsets. If the rule to pick a subset is randomised, then we still have the problem of true randomisation.
Q: 为什么使用所有的参与者的所有的值,而不是其子集? A: 选择一个子集的规则是确定性的,所以参与者将尝试通过各种方式来采集指定的集合位置,如果它们成功,他们将事先知道从子集中产生的随机数。 如果选择一个子集的规则是随机的,那么我们仍然存在真正的随机化问题。
Q: Where does pledged dues go? A: It will be donated to a charity, or RANDAO to maintain funding. Q: 没收的费用去哪了。 会捐献给慈善机构,或者是RANDAO会维护一个基金。
Note: f(s1, s2, ..., sn) is a function with multiple inputs, for example r = s1 xor s2 xor s3 ... xor sn, or r = sha3(sn + sha3(sn-1 + ... (sha3(s2 + s1))))
有疑问加站长微信联系(非本文作者)