The problem with random number generators? They aren’t that random

In the metaverse, randomness is in desperate demand — but genuinely usable random-number generators are few and far between

OPINION
article-image

Midjourney modified by Blockworks

share

If there is one constant within the human experience, it would be that our everyday lives inevitably unfold into a progression of vibrant, unpredictable and seemingly unimportant occurrences. 

Randomness is a fundamental aspect of life; as we open our doors in the morning, we have no way of knowing exactly what the clouds will look like, or how many people will be on the road as we travel to work — and to be frank, most of us probably wouldn’t care. 

Randomness is as inconsequential as it is ubiquitous, at least in the physical world. 

But in the nascent metaverse, randomness is in desperate demand. Today, randomly-generated numbers are universally required in nearly every aspect of Web3 development, from private key generation to community governance, lottery selections and game building. Randomness underpins blockchain security, enables virtual landscape generation and ensures fair play outcomes. Put simply, it serves as the foundational bedrock for a secure and vibrant Web3 experience. 

And yet, genuinely usable pseudo-random number generators are often hard to come by. Many currently available generators are easily broken when manipulated to suit a given need — which can lead to dangerous security flaws — or produce numbers that are not verifiable. This lack goes far beyond mere inconvenience, with implications that could impact community confidence, metaverse innovation, user experience and trust in the metaverse as a whole. 

The problem with random number generators? They aren’t that random

It’s so intuitive as to feel obvious: Random number generators should, in theory, generate random numbers. However, fabricating unpredictability is easier said than done for computers, which fundamentally operate on deterministic logic. 

As technologist James Bridle aptly put the matter in an article for Slate, “The problem modern computers have with randomness is that it doesn’t make mathematical sense […] There would always be some underlying structure to the randomness, some mathematics of its generation, which would allow you to reverse-engineer and re-create it. Ergo: not random.”

Many of the generators available to metaverse innovators today do not deliver true randomness. True random number generators (TRNGs) use an unpredictable physical occurrence (i.e., coin flips, atmospheric noise etc.) to generate numbers, while pseudo-random number generators (PRNGs) leverage algorithms to produce number sequences that appear — and can sometimes be verified as — random.

While the appeal of a TRNG is undeniable, such tools aren’t practical for daily use. True number generators are notoriously inefficient and expensive to operate, requiring a massive volume of information entropy. PRNGs, which deliver random numbers more cheaply and efficiently, present an appealing alternative. However, finding a PRNG suitable for Web3 development isn’t easy. 

Common PRNGs are laden with risks. Predictability is one: If an adversary determines a generator’s initial seed value, they can forecast all ensuing numbers. And, because many PRNGs are centralized (e.g., rely on a single entity or server), they feature a single point of failure and are thus more vulnerable to exploitation. In Web3 contexts, these vulnerabilities can be weaponized to alter game outcomes, skew gambling results or compromise any application relying on randomness. 

Of course, a generator doesn’t need to be exploited to be untrustworthy. PRNGs often lack transparency and verifiability; this lack of proof can shake users’ faith that experiential outcomes are fair. And, if PRNGs do not undergo sufficient testing or evaluation for security vulnerabilities, they may be more prone to flaws and breakage. The risk magnifies if a PRNG is adapted beyond its original intended function.

To summarize: Predictability begets vulnerability, centralization poses security concerns, lack of verifiability threatens blockchain transparency and breakability means potential functional flaws. Conventional PRNGs leave developers vulnerable to exploitation and put their hard work at critical risk. Analogous to building with weak concrete, an app created with an unreliable PRNG is a ticking time bomb. 

If developers aren’t free to develop, we will not have a metaverse. Today, innovators face functional, financial and reputational risks if they construct apps, games or services with run-of-the-mill PRNGs. If their creation breaks down, they will be held accountable — if not legally, then in the court of public opinion — for any lapse in service and user losses.

Read more from our opinion section: DeFi has a reputation problem

In committing to a project, developers make an investment of their time and resources — and like any investor, they need to have a reasonable belief that their investment can deliver returns. PRNG vulnerabilities can shake that confidence, or worse, discourage creators from creating in the first place. 

For a metaverse innovator, building a Web3 app without a reliable, flexible and verifiable PRNG is a bit like a construction firm choosing to build a house with substandard concrete. The house might look beautiful at first — but it could topple in time. How many innovators who otherwise choose to explore Web3 are currently sitting on their hands, unwilling to take the risk? 

The metaverse won’t manifest to its full potential until innovators are empowered to build it. Creators need access to PRNGs that are decentralized, unpredictable, audited and verifiable. Developers require software development kits (SDKs) that are designed with Web3 use cases in mind, include trustworthy randomness generators, and can deliver security, unbiased outcomes and user trust. 

Randomness will never be quite as ubiquitous in the metaverse as it is in the physical world — but at the very least, Web3 architects shouldn’t need to put themselves at risk to access it.



Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Permissionless is a conference for founders, application developers, and users. Come meet the next generation of people building and using crypto.

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

4.png

Research

This months PPGC covered four main areas. Firstly, debriefing the progress and status of the mainnet implementation of the Ahmedabad hard fork. Secondly, a retrospective on the testnet phase of the Ahemdabad Hard Fork. Thirdly, an update on PIP-36 which involves replaying failed state syncs. Lastly, PIP-47 which pushes upgrades to the Polygon Protocol Council.

article-image

Spain-based Banco Bilbao Vizcaya Argentaria has been working in the new Visa Tokenized Asset Platform sandbox

article-image

The retail crowd is engaging with Robinhood both on and off chain, general manager Johann Kerbrat said

article-image

Gurbir Grewal, who has been at the agency almost as long as Gensler has been chair, will depart on Oct. 11, 2024

article-image

The stablecoin’s supply has declined about 50% in the last month, from $660 million to $320 million

article-image

Plus, Sky’s soaring stablecoin and simpler bitcoin staking