ITPub博客

首页 > 区块链 > 区块链 > 区块链入门教程以太坊源码分析以太坊随机数生成方式二

区块链入门教程以太坊源码分析以太坊随机数生成方式二

原创 区块链 作者:兄弟连区块链入门教程 时间:2018-10-26 16:22:06 0 删除 编辑

   区块链入门教程 以太坊源码分析以太坊随机数生成方式二。

激励

 

RNG 的周期非常短,例如一个小时 20 个生成周期,如果没有周期的利润是 0.001%, 一个月的盈利会达到 0.00001 * 20 * 24 * 30 = 0.144 。 为了达到 14.4% 每个月的盈利,并且 RNG 平均有 n 个参与者,运行智能合约 C 的费用为   n * 3 * 500 * gasPrice + Ccost. CCost 是合约内部的 gas 消费,包括计算和存储)假设每个随机值平均有 r 个请求,每个请求的费用是 p ETH, 那么收入是 r*p. 所以每个参与者每一次参与会收到 rp - 1500n * gasPrice - Ccost) / n 。当前的 gasPrice 10 szabo, 合约的消费大概是 1500n gas , 所以大概的净收入是 (rp/n-0.03 ETH. 假设每个 RNG 10 个参与者,并且抵押是 1000ETH ,所以如果 RNG 如果只请求一次,那么一次的费用是 0.4 ETH, 如果请求是 10 次,那么一次请求的价格会被降到 0.04ETH

 

 

The RANDAO acts as an infrastructure in the Ethereum system. It is called by other contracts. Contracts for different purposes require different random numbers: some need high security, such as lottery; some need steady responses and the request should be responded immediately, these contracts are normally low-value; some need a callback, they want to receive a notification with random numbers when numbers are ready.

 

Obviously it's impossible to meet different requirements in various scenarios with only one RNG contract, so a lot of contracts will be created with different initial parameters, but the basic rules are the same.

 

RANDAO 作为以太坊系统的基础设施。被其他的合约调用。不同的合约因为有不同的目的所以需要不同的随机值:有些需要高度加密的,比如说抽奖 ; 有些需要稳定的回应,并且要求立即作出回应 , 这些合约本身的价值不高 ; 有些需要回调函数,当随机值已经生成的时候需要接收到通知。

 

很明显通过单一的 RNG 合约不可能满足所有的不同的请求,所以使用了不同的初始值创建了很多智能合约,不过他们基本的规则是相同的。

 

 

For example, if we need high security, we can substantially increase the pledge of the first phase. Thus, the cost of leading to failure of RNG process by not revealing s is greatly increased. And for the contracts without much interest involved, the minimum number of participants and the pledge can be lower.

 

Let's look at an example of a dApp betting on odd or even numbers, we'll show how to adjust the contract's parameters to meet the desired security level, by making the cost of cheating higher than expected earnings. Assuming the bet is 1000 ETH, the betting contract calls a RNG contract C1, if C1 failed to generate a random number at requested block height, then betting contract waits for the next random number of C1, until there is one generated.

 

比如,如果你需要高度安全,我们可以大大的增加第一阶段的抵押。这样不提供 s 的导致失败的概率会大大降低。对于那么资金不是很充足的合约,那么参与者的最小个数和抵押都可以降低。

 

让我们看一个 dapp 的例子,这个例子用来赌数的奇数和偶数,我们会显示如何调整合约的参数来匹配适合的安全程度,通过让造假的成本大大高于收益。假设打赌是 1000ETH ,这个打赌的合约调用了 RNG 的合约 C1, 如果 C1 在请求的区块高度生成随机数失败了,打赌的合约会等待 C1 的下一个随机数,直到有一个生成成功。

 

Let's build the RNG contract C1, and set the pledged ETH of C1 to 2000. The gambler G plays the betting dApp but also participates in the contract. When he finds himself in a disadvantageous position before he reveals his secret number, he can choose not to reveal s, so that the RNG failed and he got another chance. But he will lose the 2000 pledged ETH, so although he can get 1000 ETH expected return, it is still a bad deal. However, G can reduce his losses on C1 by some means, such as participating in C1 using two accounts, sending two sha3(s). if in a disadvantageous position, G will keep only one account's secret, and if only one participant expect G participate to in C1, G will only lose 1000 ETH in C1, but G will get 1000 ETH as expected return, which is a worthy try.

 

让我们构建 RNG 智能合约 C1, 并且设置抵押的值是 2000 。 赌徒 G 参与了 dApp 的赌注,同时参与了 RNG 的智能合约。在他提交 s 之前,发现自己处在不利的状态。他可以选择不提交自己的 s ,这样 RNG 会失败,他会得到下一个机会。 但是他会损失 2000ETH 的抵押,尽管他可以得到 1000ETH 的赌注,所以这样并不是一个好的交易。然而赌徒 G 可以使用其他的方式来减少损失,比如 G 可以使用两个账号参与 RNG ,发送两个 sha3(s). 如果在不利的状态, G 会让一个账号不提交 s ,这样如果除了 G 之外只有另外一个其他的账号, G 只会在 G1 上面损失 1000ETH ,但是 G 如果赌赢了可以得到 1000ETH ,所以也值得一试。

 

This issue can be fixed by confiscating the pledged ETH, and not return them to participants as bonus. so a contract with 1000 pledged ETH will meet the requirement of the betting dApp.

 

这种情况可以通过没收所有抵押来修复,不会把他们作为奖励返回。所以一个 1000 抵押的合约会符合dubo的要求。

 

Besides confiscation, another scheme can prevent such attacks by introducing an additional system: RANDAO membership. To become a member you must pay dues, anyone paid their dues is a member. Members have different levels according to the dues they paid. Membership does not belong to a contract, but instead functions like a passport to participate in some RANDAO contracts. If a breach of any contract happens, that person's membership will be ended and the dues will be confiscated. Now we can add an additional agreement to C1, C1 will only accept numbers committed by members whose level of investment is high enough (membership dues over 1000 ETH). This will ensure that nobody has a financial motive to try an attack.

 

除了没收,还有一个方案可以阻止这种攻击,那就是 RANDAO membership 。 为了成为成员,你必须缴纳成员费用。根据成员缴纳的费用的多少把成员分成不同的等级, 成员系统不属于智能合约,而是作为一种类似护照的形式来参与一些 RANDAO 合约。 如果发生违约情况,这个成员的会员资格会被终止,成员会用会被没收。现在我们可以给智能合约 C1 增加一个额外的协议, C1 只接受会员会用大于一定值的成员来参与。 这样来保证没有任何人会有财务动机来发动攻击。

 

 

## QA: Quest and Answer

 

Q: Why not let the miners participate in RNG? Why not use tx hash, nonce and other blockchain data? A: Miners have the ability to manipulate these blockchain data, and thus can indirectly affect RNG. If RNG contains blockchain data, it will give the miners capacity to construct random numbers in their favor.

 

Q: 为什么不让矿工来参与到 RNG 中? 为什么不使用 txhash,nonce 或者其他区块链数据 ?  A: 矿工有能力才操纵这些区块链数据,而这些会对 RNG 产生影响。如果 RNG 包含了区块链数据,会给予矿工按照自己的行为构造随机数的能力。

 

Q: the miners can ignore certain transactions that contain random number they dislike, how to deal with that? A: That's why we need a time window period. A reasonable period should be greater than 6 blocks, we believe that nobody can produce 6 blocks in succession. So if the participant is honest, and he send numbers immediately as long as each time window open, he doesn't need to worry about being excluded.

 

Q: 矿工有能力忽略特定的包含了随机数的交易,如何处理这种情况? A: 这就是为什么我们需要时间间隔。 一个合理的时间间隔会大于 6 个区块,我们任务没有人能连续生成 6 个区块。 所以如果参与者是忠诚的,而且在时间窗口内发送了那个数字, 那么他不同担心会被矿工排除在外。

 

Q: Why use all numbers of all participants, rather than a subset? A: The rule to pick a subset is deterministic, so participants will try to take specified position of the collection by various means, if they succeed, they will know in advance what the random number is generating from subsets. If the rule to pick a subset is randomised, then we still have the problem of true randomisation.

 

Q: 为什么使用所有的参与者的所有的值,而不是其子集? A: 选择一个子集的规则是确定性的,所以参与者将尝试通过各种方式来采集指定的集合位置,如果它们成功,他们将事先知道从子集中产生的随机数。 如果选择一个子集的规则是随机的,那么我们仍然存在真正的随机化问题。

 

Q: Where does pledged dues go? A: It will be donated to a charity, or RANDAO to maintain funding. Q: 没收的费用去哪了。 会捐献给慈善机构,或者是 RANDAO 会维护一个基金。

 

Note: f(s1, s2, ..., sn) is a function with multiple inputs, for example r = s1 xor s2 xor s3 ... xor sn, or r = sha3(sn + sha3(sn-1 + ... (sha3(s2 + s1))))


来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/31557831/viewspace-2217685/,如需转载,请注明出处,否则将追究法律责任。

请登录后发表评论 登录
全部评论

注册时间:2018-10-11

  • 博文量
    79
  • 访问量
    45058