►
Description
The League of Entropy is a pretty epic name, and drand, its product has a pretty epic goal: being a source for unbiased randomness! And Protocol Labs has adopted the solution. Learn more about drand and how Filecoin is using it in this session.
A
A
So
as
a
quick
introduction
drain
is
a
distributed,
bias,
resistant,
unpredictable
and
publicly
powerful,
verifiable
source
of
randomness,
and
as
of
august
2021,
I
think,
a
few
months
ago,
diran
completed
over
1
million
rounds
of
running-ness
and
actually
already
has
16
independent
collaborators
partners
who
run
the
network.
So
in
today's
session
we
are.
A
I've
only
have
20
minutes
to
to
cover
so
I'll
not
be
able
to
go
into
a
lot
of
depth
about
drain,
in
particular,
as
I
would
like
to
cover,
I
would
say
more
of
the
breadth
as
to
how
what
drain
actually
is
and
how
it's
used
in
file
coin,
to
be
very
honest,
which
is
one
of
the
biggest
users
and
the
most
largest
production
user
of
of
drag.
So
today,
we'll
cover
just
go
through
some
introduction
about.
You
know
why.
A
Now,
if
I
in
this
example,
if
I
don't
really
have
a
reliable
source
or
if
the
number
is
not
truly
random,
all
the
following
computations
kind
of
are
pretty
much
pointless
and
meaningless.
So
why
do
we
need
good
running
around
this?
Randomness
is
has
many
use
cases
and,
as
we
have
seen
in
public
forums,
we
have
lotteries
juris
elections,
elections
that
happen,
the
the
selection
of
of
of
auditors,
the
selection
of
people
at
the
booth.
A
So
anytime,
you
actually
want
to
select
from
a
large
number
of
fair
play
or
even
players.
You
need
an
unbiased
and
a
fair
way
of
selecting
them,
so,
for
example,
in
cryptography
a
lot
of
the
protocols
they
actually
do,
the
leader
election
in,
like
proof
of
proof
of
stake,
bob
blockchains,
such
as
file
coin
or
even
for
for
the
tour
protocol.
A
They
they
actually
need
to
without
you
know,
select
a
particular
player
or
an
entity
or
a
particular
path
in
a
in
a
fairly
open
manner,
in
a
fairly
in
a
fair
manner.
So
there
are
things
like
even
in
statistics,
if
you,
when
you
want
to
when
you
have
a
large
data
set,
and
you
want
to
select
a
a
a
a
sample
from
the
particular
set.
A
You
need
to
do
that
in
an
unbiased
manner
as
well,
and
especially
nobody
should
be
able
to
predict
what
you
are
going
to
select
next,
otherwise,
the
entire
basis
for
the
computation
kind
of
falls
apart
so
but
the
but
the
point
is
running.
This
is
good,
but
why
do
we
need
good
running
running
this?
I
mean
there
are
a
lot
of
implications
of
of
having
bad
randomness.
I
mean,
as
we
can,
as
we
have
seen
in
in
lotteries
in
the
past.
A
There
are
millions
of
dollars
of
of
funds
have
actually
been
rigged,
because
someone
was
actually
able
to
essentially
hack
into
the
system
or
predict
the
future
values,
and
then
let
play
to
their
advantage.
So
we
saw
the
hot
lotto
for
a
fraud
scandal,
14
14
odd
million
dollars
in
kind
of
kind
of
rigged
away.
A
We
also
saw
in
the
case
of
linux
systems,
for
example,
where,
where
there's
actually
the
encryption
seed,
the
if
that
is,
if
that
can
be
predicted,
then
all
the
future
signatures
that
are
used
for
encryption
can
actually
be
forged
as
well
and
and
and
of
course,
it
leads
to
a
huge
vulnerability,
security
vulnerability
in
the
system.
So
what
we
talk
about
randomness
all
the
time,
but
we
didn't
ever
think
about
how
do
I
actually
get
this
randomness
like
who
do
I?
A
Should
I
get
it
from
one
particular
entity,
or
should
I
do
it
by
myself
or
should
I
go
out
and
see?
If
there
are,
you
know
a
an
abundance
of
other
people
who
can
actually
help
me
get
some
good
randomness.
So
surprisingly,
we
found
that
there
was
not
really
a
very
good
or
a
reliable
source
of
randomness
and
that's
exactly
what
we
decided
that
hey.
We
actually
want
to
plug
this
gap,
starting
with
filecoin
when
filecon
was
getting
launched.
A
We
said
we
want
to
make
sure
that
we
are
relying
on
a
good
source
of
random
randomness,
which
has
these
particular
properties,
the
properties
of
being
unpredictable
of
being
bias.
Resistant
that
means
no
one
particular
party
can
actually
predict
what
sort
of
or
determine
the
types
of
values
that
can
actually
be
generated.
It
should
be
publicly
verifiable
because
all
blockchains,
like
filecoin
as
a
blockchain,
for
example,
is
a
public
public
system.
A
We
didn't
really
want
to
use
one
single
source
or
organization
or
entity
as
a
source
for
the
randomness,
so
we
want
to
make
sure
this
is
actually
is
put
together.
The
random
values
are
put
together
and
sourced
from
multiple
of
multiple
places
and
from
parties
who
are
fairly
independent
of
each
other
and,
of
course,
as
with
any
internet
service.
We
want
this
to
be
highly
available.
A
Who
who
I
need
to
rely
upon
to
get
to
capture
those
random
values
and
then
generate
a
final
final
value
and
by
generating
a
threshold
signature,
we
can
actually
derive
verifiable
randomness
in
a
decentralized
way.
We'll
talk
about
that
further.
So
here
there
are
two
parts:
two
phases
for
for
generating
the
randomness
one
is
the
distributed
key
generation
process
in
which
all
the
participants
who
actually
want
to
participate
in
a
particular
round
or
to
generate
to
generate
random
values.
A
They
need
to
first
agree
upon
a
predetermined
set
of
parameters,
and
the
second
part
is
where,
once
those
parameters
are
determined
and
the
initial
setup
is
complete,
they
actually
move
to
generating
randomness
at
a
predefined.
You
know
interval
so
to
speak
or
frequency
where
they
combine
their
own
individual
partial
signatures
and
they
generate
one
final,
one
final
value
so,
and
this
is
supposed
to
be
a
light,
fit
and
fast
protocol
in
which
nobody,
we
don't
really
want
at
every
interval
that
individuals
will
actually
have
to
wait
for
for
each
other.
A
So,
instead
of
that,
we
basically
rely
on
achieving
a
minimum
threshold.
So
if
we
have-
and
we
can
talk
about
that
next
so
drain
is
fundamentally,
as
I
said,
a
software
run
by
an
independent
set
of
nodes
like
there
are
a
bunch
of
servers.
Independent
servers
running
all
over
the
world
which
collectively
produce
randomness
now
decentralized,
randomness,
like
I
mentioned,
is,
is-
is
produced
using
threshold
cryptography,
in
which
I
can.
A
I
only
need
to
have
a
threshold,
typically
n
by
the
total
number
divided
by
two
plus
one,
like
a
majority
of
the
of
the
number
of
generating
nodes,
and
they
this
is.
We
are
able
to
bind
or
combine
together
the
independent
entropy
sources
or
randomness
sources
into
a
publicly
verifiable
one
right,
and
that
is,
and
for
that
purpose
we
use
the
vls
signature,
and
we
can
talk
about
that
a
bit
further
right
now,
dram
has
been
running
for
over
a
year
and
it's
it's
a
production
grade
service.
A
So
it's
tested
it's
audited
and
it's
globally
deployed
and
the
best
part
is
you
can
actually
access.
Dram's
randomness
using
just
a
kernel,
called
call
to
the
public
apis
that
we
have.
So
how
does
grant
work
very
quickly?
Like
I
mentioned
a
distributed
key
generation
ceremony,
the
the
the
parties,
who
are
the
nodes
that
come
together
or
have
decided
to
join
the
join
the
network,
create
a
network.
A
They
actually
define
the
threshold
parameter,
the
minimum
number
of
nodes
that
need
to
generate
randomness
and
the
period
or
the
interval
at
which
this
randomness
is
going
to
be
generated,
and
once
each
node
in
this
process,
they
generate
their
own
keys
source
from
their
own,
a
variety
of
ways
of
generating
randomness.
Somebody
is
using
a
lava
lamp.
A
Somebody
else
can
use
a
cha-cha
charger
protocol
and,
and
each
of
them
can
actually
use
their
independent
sources
of
randomness
to
generate
their
own
signatures
and
once
those
once
that
initial
setup
is
complete,
we
can
start
generally
generating
randomness.
Add
return
like
on
a
continual
basis,
so
at
every
epoch,
which
is
basically
the
expiration
of
a
particular
interval
in
the
case
of
file
coin,
that
is
actually
is
30
seconds.
A
Each
node
broadcasts
their
partial
signature
to
the
rest
of
the
network
and
each
node
in
that
particular
network
and
when
I
say
to
the
rest
of
the
network,
means
at
least
a
threshold
t
number
of
nodes
who
need
to
receive
that
the
signatures
and
each
node
amongst
those
t
collects
these
signatures
and
then
uses
the
the
bls
the
bone,
linshakam
bls
signature
method
to
actually
verify
that
all
the
different
partial
signatures
are
valid.
And
if
this
signature
is
correct,
then
the
randomness
is
simply
the
hash
of
that
particular
bls
signature.
A
So
it's
a
fairly
simple
and
a
highly
performant
system.
So
I
probably
skip
this
in
the
interest
of
time.
But
drain
is
also
a
a
chain.
It's
not
exactly
a,
I
would
say,
a
blockchain
system
which
relies
on
incentives.
It's
an
incentive,
free
system,
but
it
does
have
the
same
concepts.
The
concepts
of
a
blockchain
in
which
the
the
values
of
the
previous
rounds
is
actually
used
to
generate
the
value
for
the
next
one.
A
This
can
actually
enable
us
to
mitigate
front-running
attacks
and
maybe
and
those
so
those
things
so
so
stay
tuned
with
this.
I
want
to
jump
into
the
the
league
of
entropy
and
and
discuss
about
why
this
came
through.
So
as
you
as
we
all
know,
35
years
ago,
the
internet
needed
a
way
to
tell
just
be
able
to
tell
the
time
or
agree
upon
time.
A
So
so
people
actually
built
a
foundational
internet
protocol
to
synchronize
distributed
clocks
and
provide
a
publicly
available
network
clock,
so
to
speak
right
with
very
little
skew,
and
that
was
that's
ntp.
The
network
time
protocol
right
in,
in
which
there
are
layers
and
layers
of
distribution
of
generation
and
distribution
infrastructure,
and
that
is
that
that
that
distribute
this
information
over
packet
switch
available
agency
data
networks.
So
it's
similar
to
that
today,
the
internet
needs
a
way
to
get
randomness
just
how
we
want
to
get
time.
A
Well,
here
we
go
so
here
is
where
the
league
of
entropy
kind
of
helps
us
out.
They
actually
came
in
and
to
suppose
to
save
the
world
pretty
much
from
the
lack
of
good
entropy,
good,
random,
randomness
and,
and
essentially
the
intent
was
to
create
something
very
similar
to
ntp.
A
foundational
internet
protocol
called
so
in
this
case
we
call
it
drand,
which
is
a
a
randomness
generation
and
a
randomness
distribution
network
that
can
be
that
can
be
that
can
be
scaled
across
the
across
the
internet.
So
we
have
three
layers.
A
We
have
drain
nodes,
we
have
drain
relays
and
we
have
d-rank
clients
and
we'll
talk
about
that
a
bit
more,
but
a
very
quick
overview
of
the
leak
of
entropy.
The
league
of
entropy
is
a
global
drain
network
composed
of
multiple
independent
diversified,
diversified,
like-minded
savvy
organizations
who
who
came
together
in
2019
june,
2019
to
form
you
know
the
network.
A
What
I
was
talking
about
in
threshold
cryptography
is
the
minimum
set
of
of
independent
parties
that
need
to
come
and
agree
upon
to
create
a
network
of
of
end
of
t
signatures
of
threshold
t
signatures.
So
today
we
started
we
started
with
10,
but
today
we
have
16
members
and
we
are
in
in
the
process
of
onboarding
more
and
we
have
23
drain
nodes.
The
actual
sources
of
randomness,
in
which,
in
this
case
obviously
means
that
we
only
need
a
threshold
of
12
to
kind
of
agree
upon.
A
The
final
signatures,
so
the
goal
of
the
league
of
of
the
league
of
entropy,
is,
is
to
provide
a
randomness
as
a
service
to
the
public
and
it's
free
completely
free
anybody
can
access
it
just
the
way.
Dns
ntp,
certificate
authorities
and
certificate
transparency
are
all
publicly
available
and
consumable
protocols.
Drandt
can
become
the
foundational
internet
protocol
for
rendered
randomness
and
with
the
evolution
of
web
3.0.
A
It
actually
makes
sense
that
you
know
we
come
together.
Different
people
come
together
instead
of
trying
to
trying
to
pick
each
other
apart.
I
think
we
should
come
together
and
and
and
participate
in
this
extensible
and
pluggable
network
called
like
brand,
for
example.
So
in
this
case
the
most
a
key
aspect
of
this
I
would
say,
which
I
I
would
highlight-
is
the
decoupling
between
the
distribution
network.
So
d-rand
is
a
production-ready
network,
but
how
do
we
scale
it?
How
do
we
make
sure
that
it's
actually
secure?
A
How
do
we
make
sure
that
we,
this
has
enough
liveness
or
enough
reach
across
the
world,
so
decoupling
the
distribution
network
from
the
source
of
randomness
generation,
which
are
the
dna
nodes?
It
was
an
architectural
choice
that
we
made
and
it's
worked
out
very
well
for
us.
We
actually
rely
upon
you
know,
relays
drain
relays,
both
http
relays
and
gossip
sub
relays,
as
well
as
cdns
to
cash
values
for
for
for.
A
If
anybody
who
wants
to
access
past
rounds
and,
of
course,
with
anything
of
internet
grade,
we
want
to
have
continuous
monitoring
but
the
most.
But
the
most
important
aspect
here
is
that
it's
a
decentralized
network
which
means
that
it's
a
highly
resilient
system
so
out
of
the
23
nodes
that
I
mentioned,
we
only
need
12
to
be
actually
be
available
and
and
be
be
available
to
participate
in
the
creation
of
a
new
network
and
failure.
A
So
it's
a
it's
a
lot
more
fault
tolerance,
so
to
speak,
I
probably
for
the
lack
of
time
I'll
probably
skip
over
the
the
architecture.
I
think
I
already
mentioned
this,
so
you
can
follow
up
in
the
in
the
slides
later
on
or
we
can
take
up
questions
next
time.
So,
most
importantly,
dram
has
a
solid
governance
model.
We
want
to
make
sure
that
we
actually
have
a
set
of
participants
who
that
are
that
are
diverse
in
nature,
which
means
that
they
they
operate
in
different
geographies.
They
are
under
different
government
jurisdictions.
A
They
have
their
own
different
interests,
not
everybody
wants
to.
You
know
mine
bitcoin,
for
example.
So
there's
a
lot
of
pro
bono
work
here
as
well
involved,
because
we
want
to
have
stewards,
long-term
stewards
of
the
protocol
and,
of
course,
we
also
want
them
to
be
able
to
run
their
infrastructure,
the
drain
nodes
and
relays
on
infrastructure
that
is
diverse,
which
across
on-premise
infrastructure
or
cloud-based
infrastructure.
So
to
speak,
so
yeah
we
are.
A
We
are
accepting
accepting
applications,
so
please
reach
out
to
us
on
the
email
provided
here
and
we
will
be
very
happy
to
talk
to
you
and
and
take
the
next
steps
very
quickly.
I
want
to
talk
about
file
coin.
I
think
I'm
not
going
to
go
into
a
lot
of
detail
about
file
coin,
because
this
event
has
plenty
of
other
opportunities
for
you
to
learn
about
file
coin,
but
where
does
foil
coin
get?
Why?
A
Where
does
it
need
running
running
this?
So
filecoin
is
a
has,
has
multiple
different
requirements
for
for
randomness,
I
mean
it's
actually
all
over
a
lot
of
different
requirements,
which
some
of
these
are,
which
I
mentioned
on
this
on
this
slide
here.
So
as
an
example
for
today,
we'll
actually
focus
on
we'll
actually
focus
on
the
leader
election
mechanism
that
is
actually
used
and
and
for
the
leader
election
process.
A
So
the
deer
and
random
signatures
are
the
source
for
the
seed
for
for
file
coin
and
the
the
the
reason
here
is
that
we
honestly
want
to
have
certain
properties
that
we
exhibit,
such
as
the
secrecy,
the
the
identity
of
the
leader,
that
is
to
be
elected
on
the
file
coin.
For
the
for
creating
a
new
file
count
block
cannot
be
known
ahead
of
time
and
cannot
be
diverged
to
anybody
else.
This
particular
seed
should
make
sure
that
the
process
is
verifiable.
A
That
means
the
elected
leader
is
able
to
prove
that
that
they
have
actually
won
that
particular
election
or
the
particular
round
in
a
fair
and
verifiable
manner.
It
should
be
fair,
like
I
mentioned,
so,
which
means
that
the
the
function
that
the
seat
should
be
able
to
be
used
in
a
in
a
vrf
in
which
they
are
able
to
win
the
creation
of
a
new
block
proportional
to
their
weight.
A
So
if
they
are,
if
they
have
a
a
very
a
low
weight,
for
example,
they
obviously
will
not
be
able
to
win
that
particular
election.
You
know
that
particular
block
creations
for
the
particular
epoch
and,
of
course,
this
entire
process
should
be
efficient,
which
means
that
we
don't
want
to
have
communications
happening
between
various
miners,
which
means
that
the
source
of
randomness,
the
seed
that
each
miner
is
going
to
use
it
needs
to
be
that
vrf
needs
to
be
needs
to
be
run
in
its
in
in
by
miners.
A
A
We
actually
have
random
values
associated
with
each
of
the
headers,
the
the
the
file
coin
headers
and
each
of
the
each
of
the
randomness
values
that
are
in
the
falcon
headers
are
actually
sourced
and
correspond
to
the
to
a
to
a
30
second
interval,
epoch,
the
epoch
or
so
of
d-rand.
So
when
drag
actually
emits
that
particular
final
signature,
that's
actually
consumed
by
file
coin
and
it's
to
create
its
own
in
its
in
its
blocks
and-
and
it's
then
basically
mapped
to
a
dram
round.
A
So
each
epoch
in
file
coin
is
mapped
to
a
drain
round
and
then
these
particular
drain
runners,
randomness
values,
are
used
to
for
the
for
the
vrf
function
that
I
mentioned
about
for
leader
election
and
proof
of
stake
that
I
mentioned
it's
very
similar
to
stake.
But
here
the
stake
is
actually
a
storage
power.
So
what
this
means
is,
as
with
any
proof
of
stake,
blockchain
the
random
seed
when
it
is
actually
used.