You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: pages/entropy/protocol-design.mdx
+8-4Lines changed: 8 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -27,6 +27,8 @@ Each random number in the sequence can then be verified against the previous one
27
27
28
28
Pyth Entropy uses automatic callbacks to simplify the flow:
29
29
30
+
-**Request**: To produce a random number, the following steps occur.
31
+
30
32
1. The user U draws a random number $x_U$, and submits it to the contract. The contract generates the hash $h_U = \mathrm{hash}(x_U)$ and records both $x_U$ and $h_U$. The contract uses [`constructUserCommitment`](https://github.com/pyth-network/pyth-crosschain/blob/7bccde484f01c19844b7105d63df207a24018957/target_chains/ethereum/contracts/contracts/entropy/Entropy.sol#L628-L632) to generate the user's commitment.
31
33
2. The contract [remembers $h_U$ and assigns it an incrementing **sequence number $i$**](https://github.com/pyth-network/pyth-crosschain/blob/7bccde484f01c19844b7105d63df207a24018957/target_chains/ethereum/contracts/contracts/entropy/Entropy.sol#L232-L246), representing which
32
34
of the provider's random numbers the user will receive. $x_U$ is recorded in the [event logs](https://github.com/pyth-network/pyth-crosschain/blob/7bccde484f01c19844b7105d63df207a24018957/target_chains/ethereum/contracts/contracts/entropy/Entropy.sol#L300-L306).
@@ -35,11 +37,13 @@ Pyth Entropy uses automatic callbacks to simplify the flow:
35
37
5. If both of the above conditions are satisfied,
36
38
the random number $r = \mathrm{hash}(x_i, x_U)$ is generated and a callback is made to the requesting contract.
37
39
38
-
This protocol has the same security properties as the 2-party randomness protocol above: as long as either
39
-
the provider or user is honest, the number $r$ is random.
40
-
41
40
In this flow, providers can refuse revealing $x_i$ if the final random number $r$ is not in their favor, or
42
41
they may be able to access $x_U$ before on-chain submission (e.g. via mempool) and rotate their commitments to influence the random number $r$.
43
42
Of course, both of these behaviors are detectable and protocols can blacklist providers that exhibit them.
44
43
45
-
Pyth Network deployed a default entropy provider. The code of default provider can be found [here](https://github.com/pyth-network/pyth-crosschain/tree/7bccde484f01c19844b7105d63df207a24018957/apps/fortuna).
44
+
This protocol has the same security properties as the 2-party randomness protocol above: as long as either
45
+
the provider or user is honest, the number $r$ is random.
46
+
47
+
Note that providers need to be careful to ensure their off-chain service isn't compromised to reveal the random numbers -- if this occurs, then users will be able to influence the random number $r$.
48
+
49
+
There are two separate default deployed providers, one for mainnet chains and one for testnet chains. The code of default deployed provider can be found [here](https://github.com/pyth-network/pyth-crosschain/tree/7bccde484f01c19844b7105d63df207a24018957/apps/fortuna).
0 commit comments