Manipulating and Fixing the RANDAO, Ethereum's Distributed Randomness Beacon Protocol
István András Seres
Abstract:
Randomness is indispensable for consensus (see the FLP theorem). Ethereum uses a distributed randomness protocol, called RANDAO, to select block proposers pseudorandomly. The RANDAO protocol secures (crypto)assets worth billions of US dollars. Observe that economically rational validators are incentivized to manipulate the RANDAO protocol, in order to be able to propose more blocks. In the first part of the talk, we present a new class of RANDAO manipulation strategies, called forking attacks. Forking attacks are powerful and have negative externalities for the whole network as they reduce the chain's throughput by the continuous removal of honest blocks via forking from the canonical chain. In the second part of the talk, we report ongoing work to fix the RANDAO protocol by redesigning its current design. This new RANDAO design is a 2-step protocol that is provably unbiasable enabled by a recently introduced novel cryptographic tool primitive, called Homomorphic Signature-based Witness Encryption (HSWE).
Bio:
István András Seres is a research assistant in the Computer Science Department, at Eötvös Loránd University. He holds a BS in Mathematics from Eötvös Loránd University (Budapest, Hungary) and MS in Computer Science from Universitat des Saarlandes (Saarbrücken, Germany) and Universitá degli Studi di Trento (Trento, Italy). He earned his PhD in Computer Science in 2023 at Eötvös Loránd University under the supervision of Péter Burcsi. He completed research internships at IMDEA (Madrid, Spain) and at a16zcrypto (New York City, USA). His research focuses on the security and privacy challenges of cryptocurrencies. He is particularly interested in practical cryptographic problems that spur theoretical research. Outside of work he is an enjoyer of baroque music, jazz, and an avid clarinet player.