Get Truly Random number

[cschuchardt88]

Summary or problem description
Using/Hashing Nonce as a seed for a new random number is not ideal. It can be predicted. And you don't get huge numbers, defeats the purpose of using BigInteger. yes Nonce uses Random. but that uses system time as a seed, and since timestamp is on the block that number can be predicted as well. Also using Murmur128 is bad and can be reversed.

Also anyone can set the transaction Nonce to whatever they want

neo/src/Neo/Wallets/Wallet.cs

Line 561 in d63eb1d

Nonce = (uint)rand.Next(),

Wikipedia MurmurHash

Unlike cryptographic hash functions, it is not specifically designed to be difficult to reverse by an adversary, making it unsuitable for cryptographic purposes.

Do you have any solution you want to propose?
Update The GetRandom to use a truly random number for BigInteger

neo/src/Neo/SmartContract/ApplicationEngine.Runtime.cs

Line 304 in d63eb1d

buffer = Cryptography.Helper.Murmur128(nonceData, ProtocolSettings.Network + random_times++);

to

Buffer = new BigInteger(RandomNumberGenerator.GetBytes(32), isUnsigned: true).ToByteArray();

Where in the software does this update applies to?

• Neo library

[roman-khimov]

It can't work this way, different nodes would get different numbers and different execution results for the same input resulting in different state.

[cschuchardt88]

maybe remove this functionally all together and add a native contract on the blockchain. Will that work?

[Jim8y]

No, that will be precalculatable, attackers does not even need to predict. Current random solution is temporary, we are working on a BLS solution or other distributed random beacon solution.#2749 #2477 #2456 neo-project/neo-modules#637

[cschuchardt88]

@Liaojinghui the sounds of it, they are still going to use nonce but with BLS. But you can still make transaction manually and set the nonce to lets say "ZERO". Wouldn't that defeat the purpose of GetRandom. Users are expecting something made by a random number generator with a decent random algorithm?

Edit: let's say we have a game on the blockchain that uses "GetRandom" and it's as a gambling game. One could set nonce manually and beat the odds or break it. It's a little far out their yes.

[Jim8y]

we dont use transaction Nonce for random number generation.

[cschuchardt88]

@Liaojinghui In new or old implementation? at least it called nonceData, look like it uses the hash with nonce to make a ulong

neo/src/Neo/SmartContract/ApplicationEngine.cs

Line 167 in d63eb1d

this.nonceData = container is Transaction tx ? tx.Hash.ToArray()[..16] : new byte[16];

neo/src/Neo/SmartContract/ApplicationEngine.cs

Line 172 in d63eb1d

*(ulong*)p ^= persistingBlock.Nonce;

[Jim8y]

Its not related to the transaction nonce. random number is sort of related to the tranaction hash, not nonce.