The problem with random number generators? They aren’t that random

In the metaverse, randomness is in desperate demand — but genuinely usable random-number generators are few and far between

OPINION
by Felix Xu /
article-image

Midjourney modified by Blockworks

share

If there is one constant within the human experience, it would be that our everyday lives inevitably unfold into a progression of vibrant, unpredictable and seemingly unimportant occurrences. 

Randomness is a fundamental aspect of life; as we open our doors in the morning, we have no way of knowing exactly what the clouds will look like, or how many people will be on the road as we travel to work — and to be frank, most of us probably wouldn’t care. 

Randomness is as inconsequential as it is ubiquitous, at least in the physical world. 

But in the nascent metaverse, randomness is in desperate demand. Today, randomly-generated numbers are universally required in nearly every aspect of Web3 development, from private key generation to community governance, lottery selections and game building. Randomness underpins blockchain security, enables virtual landscape generation and ensures fair play outcomes. Put simply, it serves as the foundational bedrock for a secure and vibrant Web3 experience. 

And yet, genuinely usable pseudo-random number generators are often hard to come by. Many currently available generators are easily broken when manipulated to suit a given need — which can lead to dangerous security flaws — or produce numbers that are not verifiable. This lack goes far beyond mere inconvenience, with implications that could impact community confidence, metaverse innovation, user experience and trust in the metaverse as a whole. 

The problem with random number generators? They aren’t that random

It’s so intuitive as to feel obvious: Random number generators should, in theory, generate random numbers. However, fabricating unpredictability is easier said than done for computers, which fundamentally operate on deterministic logic. 

As technologist James Bridle aptly put the matter in an article for Slate, “The problem modern computers have with randomness is that it doesn’t make mathematical sense […] There would always be some underlying structure to the randomness, some mathematics of its generation, which would allow you to reverse-engineer and re-create it. Ergo: not random.”

Many of the generators available to metaverse innovators today do not deliver true randomness. True random number generators (TRNGs) use an unpredictable physical occurrence (i.e., coin flips, atmospheric noise etc.) to generate numbers, while pseudo-random number generators (PRNGs) leverage algorithms to produce number sequences that appear — and can sometimes be verified as — random.

While the appeal of a TRNG is undeniable, such tools aren’t practical for daily use. True number generators are notoriously inefficient and expensive to operate, requiring a massive volume of information entropy. PRNGs, which deliver random numbers more cheaply and efficiently, present an appealing alternative. However, finding a PRNG suitable for Web3 development isn’t easy. 

Common PRNGs are laden with risks. Predictability is one: If an adversary determines a generator’s initial seed value, they can forecast all ensuing numbers. And, because many PRNGs are centralized (e.g., rely on a single entity or server), they feature a single point of failure and are thus more vulnerable to exploitation. In Web3 contexts, these vulnerabilities can be weaponized to alter game outcomes, skew gambling results or compromise any application relying on randomness. 

Of course, a generator doesn’t need to be exploited to be untrustworthy. PRNGs often lack transparency and verifiability; this lack of proof can shake users’ faith that experiential outcomes are fair. And, if PRNGs do not undergo sufficient testing or evaluation for security vulnerabilities, they may be more prone to flaws and breakage. The risk magnifies if a PRNG is adapted beyond its original intended function.

To summarize: Predictability begets vulnerability, centralization poses security concerns, lack of verifiability threatens blockchain transparency and breakability means potential functional flaws. Conventional PRNGs leave developers vulnerable to exploitation and put their hard work at critical risk. Analogous to building with weak concrete, an app created with an unreliable PRNG is a ticking time bomb. 

If developers aren’t free to develop, we will not have a metaverse. Today, innovators face functional, financial and reputational risks if they construct apps, games or services with run-of-the-mill PRNGs. If their creation breaks down, they will be held accountable — if not legally, then in the court of public opinion — for any lapse in service and user losses.

Read more from our opinion section: DeFi has a reputation problem

In committing to a project, developers make an investment of their time and resources — and like any investor, they need to have a reasonable belief that their investment can deliver returns. PRNG vulnerabilities can shake that confidence, or worse, discourage creators from creating in the first place. 

For a metaverse innovator, building a Web3 app without a reliable, flexible and verifiable PRNG is a bit like a construction firm choosing to build a house with substandard concrete. The house might look beautiful at first — but it could topple in time. How many innovators who otherwise choose to explore Web3 are currently sitting on their hands, unwilling to take the risk? 

The metaverse won’t manifest to its full potential until innovators are empowered to build it. Creators need access to PRNGs that are decentralized, unpredictable, audited and verifiable. Developers require software development kits (SDKs) that are designed with Web3 use cases in mind, include trustworthy randomness generators, and can deliver security, unbiased outcomes and user trust. 

Randomness will never be quite as ubiquitous in the metaverse as it is in the physical world — but at the very least, Web3 architects shouldn’t need to put themselves at risk to access it.

Felix Xu, crypto geek, early adopter, and NFT collector. Felix graduated from NYU Stern and founded two crypto projects, ARPA and Bella Protocol, among the global top 500 by market cap. Felix previously worked at Fosun Investment, Sackler family office, and Vertical Research in New York and Beijing. Felix loves sailing, kitesurfing and was featured in the Wall Street Journal and The New York Times for his NFT collection.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Permissionless III Hackathon

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

learn more

Permissionless III

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Permissionless is a conference for founders, application developers, and users. Come meet the next generation of people building and using crypto.

learn more

recent research

Research Report Templates (1).png

Research

Why Solana Mobile Should 100x Their Phone Production

Solana Mobile is a highly ambitious foray into the mobile consumer hardware market, seeking to open up a crypto-native distribution channel for mobile-first applications. The market for Solana Mobile devices has demonstrated a phenomenon whereby external market actors (e.g. Solana-native projects) continuously underwrite subsidies to Mobile consumers. The value of these subsidies, coming in the form of airdrops, trial programs, and exclusive NFT mints, have consistently covered the cost of the phone and generated positive returns for consumers. Given this trend in subsidies, the unit economics in the market for Mobile devices, and the initial growth rate and trajectory of sales, it should be expected that Solana mobile can clear 1M to 10M units over the coming years. As more devices circulate amongst users, Solana Mobile presents a promising venue for the emergence of killer-applications uniquely enabled by this mobile-first, crypto-native distribution channel.

by Luke Leasure

/

news

article-image

Analysis

On the Margin Newsletter: A notoriously rough month for markets is upcoming

Plus, a look into Lighting Labs’ newest feature

by Casey Wagner /
article-image

Opinion

Crypto investors must embrace new tax rules or risk falling behind

Crypto’s Wild West era is over — it’s time to embrace regulation to secure the future of digital assets

by Zac Townsend /
article-image

Analysis

Lightspeed Newsletter: Wine tokenization on Solana

Plus, Solana has now surpassed Ethereum in trailing 30-day decentralized exchange volume

by Jack Kubinec&Jeff Albus /
article-image

Analysis

Brat energy: Kamala Harris memecoin goes 100x in 3 months as pump intensifies

Polymarket betters say Kamala Harris has better odds than Biden of winning against Trump

by David Canellis /
article-image

Analysis

Empire Newsletter: What the sale of dYdX software would mean for DeFi

Plus, are cataclysmic bugs still a threat?

by Katherine Ross&David Canellis /
article-image

Markets

Bitcoin slumps, ether flat as market digests ETH ETF launch

Bitcoin’s down Tuesday, while ETH-correlated assets like ENS and ARB see growth

by Donovan Choy /