Hi there, is there a means to get a random number in a teal smart contract? Is there something like a VRF primitive we can use? Chainlink VRF does this, and I’m wondering if it’s something we would have something similar at our disposal on the Algorand blockchain. Any ideas or first steps for research would be very appreciated.
Currently TEAL does not provide an opcode for random number generation nor verification of a VRF.
I think that currently the best two options are:
- If the contract is for something like a bet over a coin toss, the parties involved may commit to random values (e.g., using SHA256), and then reveal the committed value. The randomness consists in the XOR of all those committed values. If a party does not reveal its value in time, some slashing must be performed.
- Have an external oracle. There are multiple ways to implement an oracle. One very simple way nowadays may just to have an application that stores the oracle value in its global state
If this is not confidential, what kind of dapps are you building?
Notes:
- The “seed” used for the sortition (stored in each block) is not uniformly random.
- TEAL is for layer-1 smart contracts. Layer-2 smart contracts will allow for much more complex smart contracts.
Are these still the best options, and if so can you expand upon this part?
I expect things to change soon but right now these are still the best options.
For the external oracle, you need a trusted party (for example a multisig account with public keys of different companies) calling regularly a smart contract to update its global state to contain the last random value for example. The trusted party needs to be trusted to actually provide real randomness. One way is to use for example the NIST Beacon: https://beacon.nist.gov/home or other beacons, which has the advantage of allowing everyone to check that the trusted party did not cheat (= transparency / auditability).
(But you still need to trust the trusted party to call regularly the smart contract and to not being willing to be got cheating.)
how would an oracle update a global state for the contract?
Do you know if there has been some update on random number generator within the contract?
I would like to have the option to use following use case:
- state created: Application is created. The new random algorand address is created, and public key is readable from the app state.
- interaction: Creator change the app state to visible. app decodes its secure content and reveal the private key
- state visible: Anybody can read the private and public key
This usecase is valid for the Vote Coin voting system to securly create encryption key and auditable proof that nobody has access to the decryption key until the time comes. After the time comes (after voting session ends), everybody can use the private key to decrypt the voting session votes. Encryption in vote coin is already implemented, but it relies now on the questioner to securly store the encryption mnemonics…
Random number generator is in progress
However, that would not allow the kind of applications you want where the application has for some time a secret (if I understand correctly).
In Algorand, like in all the blockchains I am aware of, all the smart contract state is completely public. You cannot store private keys.
Algorand Inc and Foundation researchers have actually proposed solution to this problem of storing secret information on a blockchain/in a smart contract: Cryptology ePrint Archive: Report 2020/464 - Can a Public Blockchain Keep a Secret?, Cryptology ePrint Archive: Report 2021/210 - YOSO: You Only Speak Once / Secure MPC with Stateless Ephemeral Roles, …
but this is not yet available and is longer term.
The only solution I see for you right now is to get trusted parties to off-chain generate a secret key. Threshold cryptography can be used to allow various level of trust: for example you may need to only have to trust 3 parties out of 5.
Note that you can also adapt https://vote.heliosvoting.org/ to the blockchain if you want the votes to never be revealed. Helios uses threshold cryptography too.
I wish you would promote vote coin encryption standard the same way someday
Regarding the subject… You can store encrypted application state… In reach all variables are at the start encoded until you decide to decode them… I dont see a point why you should not be able to generate random seed by blockchain, algorand account from it and publish only public key… With the app call to change the state to decode the encrypted data…