How to use SHA3 to make a random number in Serpent?

LukeDLukeD Member Posts: 23
edited May 2014 in Smart Contracts and Dapps
In Denny's Lotto, McKinnon has the following code:

[0x20] (prevhash)
[0x40] (coinbase)
[0x60] (SHA3 0x20 0x40) ;Random lottery
[0x80] (MOD @0x2) ;DRAW!

However, in Serpent, sha3(v) has only 1 argument, not 2. and when I try the following code, I get a in MinkChalk type error because sha3 apparently doesn't return an integer:
random_number = sha3(block.prevhash) % 10

Does anyone know the correct way to use sha3 to make a random number in Serpent?


  • LukeDLukeD Member Posts: 23
    Another problem, how can I generate a second random number? I'd like to do something like:
    random_number_2 = sha3(block.prevhash + 1) % 10
    but the previous hash is not an integer.
  • JasperJasper Eindhoven, the NetherlandsMember Posts: 514 ✭✭✭
    You can use all the values as an integer. Even strings. So that latter code would work.

    I think in LLL you have to specify which bytes you want the checksum of (i had to refer to VM.h to check.)
    So (SHA3 0x20 0x40) uses 0x40 == 4*16 = 64 bytes starting from the address 0x40. The two lines before that set it to the previous hash and address of the miner.

    Serpent makes that easier for you, but sha3bytes can still do the other method. I think that would actually be needed for some things.. Also it is still early days as evidenced in that i had to look in the code again to see it.

    The method that Denny's Lotto uses is to use the block.prevhash at some future time, this is psuedorandom. If you use the one at the current time, it is also psuedorandom but the result is known already.

    But using the previous hash has the problem that miners can affect probabilities by failing to provide the blocks, if the block reward is smaller than bets they lose due to the block. A solution is to both figure out random values R1,R2 and when betting provide SHA3(R1),SHA3(R2), and play the game by releasing R1,R2 afterward and combining those in the contract. Then neither can know the other guys' random value, and the miner cant do anything. Of course forfeiting should be losing.

    However, that is inconvenient. We figured we could do the above cryptographic commitment scheme with a few people, and then have everyone be able to use it. This is the idea behind RANDAO.(afaik it doesnt run yet) You would essentially subscribe to the RANDAO and it would call you back with a random value. Though i suppose 'raw' usage where you call it directly and get a random value directly is also possible.(with more security concerns being the users' responsibility.) You pay a little for using it. The RANDAO has a scheme were multiple people put in stake(bigger than the block reward) and a SHA3(RANDVAL) and they then must provide RANDVAL, or lose the stake. They get a part of the earnings if they succeed.

    tl;dr when Ethereum is live you probably just subscribe to a random data feed for random seeds.
Sign In or Register to comment.