Our Proposed Protocol

In this section we discuss our proposal that is built on the RANDAO protocol to meet our requirements mentioned in the previous section.

Our protocol involves a process known as a RANDAO round, which consists of the three phases mentioned earlier. The result of a RANDAO round is a randseed, which is used by smart contracts to generate random numbers.

Within this protocol, both the commit and reveal phases last for N time units, with N being an adjustable parameter. The duration of these time units can be configurable and quantified in either seconds or by the number of blocks. For instance, in the RNGDAO implementation, a single unit of time equates to one block, which is expected to take around 1 second.

In this setting, a RANDAO round has a duration of 2N units of time. The first RANDAO round begins at time T(0) and the second round begins at time T(1), and so on. The difference between T(n) and T(n+1) is exactly one unit of time. This is known as the RANDAO pipeline, which consists of several RANDAO rounds running in parallel. Each RANDAO round has two adjacent rounds, one that starts 1 unit of time earlier and one that starts 1 unit of time later, except for the very first round.

In the RANDAO pipeline, a new RANDAO round begins at every unit of time. After time T(2N-1), a RANDAO round also ends at every unit of time. This means that the RANDAO pipeline can produce a randseed for every unit of time. If the duration of a unit of time is less than or equal to the duration of a block, the protocol can generate a random number for every block.

When a party joins the proposed protocol, they participate in all active rounds, not just a single RANDAO round. When submitting sha3(s) values, the transaction includes multiple values for all active rounds that are still in the commit phase. Similarly, when revealing s values, the transaction includes multiple values for all rounds that are in the reveal phase and have been previously committed.