Randomness from block-hash vs. corrupt miners

HippoClipHippoClip Member Posts: 16
I have seen a few game-Dapps (e.g., lotteries) that extract randomness for the game from the least significant bits/bytes of the hash of some blockheader in the blockchain. One complaint I have seen is that miners trying to win the game could choose to only submit blocks with least significant bits/bytes that let them win. I.e., the miners can try to influence the randomness.

I would like to know if anyone has seriously analyzed this complaint? It seems to me that it is not necessarily something to worry about unless the reward is very large.

For concreteness lets assume a game where players pay a small fee to play and have to guess the least significant byte of the hash of some future block header (say a block header 1000 blocks in the future). If a player guesses correctly he wins x Ether. Now a miner could try to mine the given block so that the least significant byte matches his guess in order to win the x Ether with certainty. However, in doing so the miner is trying to mine a block that is roughly 256 times harder to mine than a regular block. Almost certainly some other miner will mine a regular block before this happens.

My point is that the reward x would have to be enormous (I suppose around 256 times the block reward) in order for this attack to be profitable for the miner. However, my intuition could of course be wrong.

Does anyone have some thoughts about this problem?

I am new to Ethereum and this board, so please excuse me if this has been discussed before.

Comments

  • astroastro Member Posts: 16
    Probably not the right place for this post, but the subject is an interesting one. Miners are monetarily incentivized to solve blocks, so the game reward would at minimum have to be higher than the block reward. Otherwise there's no point in risking the loss of the block reward.

    If the jackpot is sufficiently large, it could certainly be a problem, but the fast block times also introduce a race condition. You only have ~12 seconds to get multiple solutions before someone else finds a block and you've lost both the mining reward and the game. So really, this could be a viable strategy for _specific_ games where you're gambling on a distribution over time, but if winning depends on a single block, it's highly unlikely you'll be able to mount a proper attack.
  • HippoClipHippoClip Member Posts: 16
    edited May 2016
    You are right that if we consider a repeating game, e.g., a weekly lottery, the attack should work over time. It should however be possible to adjust the probabilities so that the attack works so rarely that it will not make up for the miners lost block rewards.

    A way to strengthen this effect, that I was considering, would be to pay the miner that mines the block used in the game a small fraction of the games reward. Doing so could make the attack unprofitable for the miner regardless of the games reward.

    One thing I have not taken in to account is the effect of uncle blocks. And also I am not sure how things would look in a Proof-of-Stake model either.
Sign In or Register to comment.