The problem with random number generators? They aren’t that random

In the metaverse, randomness is in desperate demand — but genuinely usable random-number generators are few and far between


Midjourney modified by Blockworks


If there is one constant within the human experience, it would be that our everyday lives inevitably unfold into a progression of vibrant, unpredictable and seemingly unimportant occurrences. 

Randomness is a fundamental aspect of life; as we open our doors in the morning, we have no way of knowing exactly what the clouds will look like, or how many people will be on the road as we travel to work — and to be frank, most of us probably wouldn’t care. 

Randomness is as inconsequential as it is ubiquitous, at least in the physical world. 

But in the nascent metaverse, randomness is in desperate demand. Today, randomly-generated numbers are universally required in nearly every aspect of Web3 development, from private key generation to community governance, lottery selections and game building. Randomness underpins blockchain security, enables virtual landscape generation and ensures fair play outcomes. Put simply, it serves as the foundational bedrock for a secure and vibrant Web3 experience. 

And yet, genuinely usable pseudo-random number generators are often hard to come by. Many currently available generators are easily broken when manipulated to suit a given need — which can lead to dangerous security flaws — or produce numbers that are not verifiable. This lack goes far beyond mere inconvenience, with implications that could impact community confidence, metaverse innovation, user experience and trust in the metaverse as a whole. 

The problem with random number generators? They aren’t that random

It’s so intuitive as to feel obvious: Random number generators should, in theory, generate random numbers. However, fabricating unpredictability is easier said than done for computers, which fundamentally operate on deterministic logic. 

As technologist James Bridle aptly put the matter in an article for Slate, “The problem modern computers have with randomness is that it doesn’t make mathematical sense […] There would always be some underlying structure to the randomness, some mathematics of its generation, which would allow you to reverse-engineer and re-create it. Ergo: not random.”

Many of the generators available to metaverse innovators today do not deliver true randomness. True random number generators (TRNGs) use an unpredictable physical occurrence (i.e., coin flips, atmospheric noise etc.) to generate numbers, while pseudo-random number generators (PRNGs) leverage algorithms to produce number sequences that appear — and can sometimes be verified as — random.

While the appeal of a TRNG is undeniable, such tools aren’t practical for daily use. True number generators are notoriously inefficient and expensive to operate, requiring a massive volume of information entropy. PRNGs, which deliver random numbers more cheaply and efficiently, present an appealing alternative. However, finding a PRNG suitable for Web3 development isn’t easy. 

Common PRNGs are laden with risks. Predictability is one: If an adversary determines a generator’s initial seed value, they can forecast all ensuing numbers. And, because many PRNGs are centralized (e.g., rely on a single entity or server), they feature a single point of failure and are thus more vulnerable to exploitation. In Web3 contexts, these vulnerabilities can be weaponized to alter game outcomes, skew gambling results or compromise any application relying on randomness. 

Of course, a generator doesn’t need to be exploited to be untrustworthy. PRNGs often lack transparency and verifiability; this lack of proof can shake users’ faith that experiential outcomes are fair. And, if PRNGs do not undergo sufficient testing or evaluation for security vulnerabilities, they may be more prone to flaws and breakage. The risk magnifies if a PRNG is adapted beyond its original intended function.

To summarize: Predictability begets vulnerability, centralization poses security concerns, lack of verifiability threatens blockchain transparency and breakability means potential functional flaws. Conventional PRNGs leave developers vulnerable to exploitation and put their hard work at critical risk. Analogous to building with weak concrete, an app created with an unreliable PRNG is a ticking time bomb. 

If developers aren’t free to develop, we will not have a metaverse. Today, innovators face functional, financial and reputational risks if they construct apps, games or services with run-of-the-mill PRNGs. If their creation breaks down, they will be held accountable — if not legally, then in the court of public opinion — for any lapse in service and user losses.

Read more from our opinion section: DeFi has a reputation problem

In committing to a project, developers make an investment of their time and resources — and like any investor, they need to have a reasonable belief that their investment can deliver returns. PRNG vulnerabilities can shake that confidence, or worse, discourage creators from creating in the first place. 

For a metaverse innovator, building a Web3 app without a reliable, flexible and verifiable PRNG is a bit like a construction firm choosing to build a house with substandard concrete. The house might look beautiful at first — but it could topple in time. How many innovators who otherwise choose to explore Web3 are currently sitting on their hands, unwilling to take the risk? 

The metaverse won’t manifest to its full potential until innovators are empowered to build it. Creators need access to PRNGs that are decentralized, unpredictable, audited and verifiable. Developers require software development kits (SDKs) that are designed with Web3 use cases in mind, include trustworthy randomness generators, and can deliver security, unbiased outcomes and user trust. 

Randomness will never be quite as ubiquitous in the metaverse as it is in the physical world — but at the very least, Web3 architects shouldn’t need to put themselves at risk to access it.

Don’t miss the next big story – join our free daily newsletter.


Upcoming Events

Hilton Metropole | 225 Edgware Rd, London

Mon - Wed, March 18 - 20, 2024

Crypto’s premier institutional conference returns to London in March 2024. The DAS: London Experience: Attend expert-led panel discussions and fireside chats Hear the latest developments regarding the crypto and digital asset regulatory environment directly from policymakers and experts.

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Research report - cover graphics (1).jpg


In this report, we dive into crypto private market data to gather insights on where the future of the industry is headed. Despite a notable downturn in private raises, capital continues to infuse promising projects that aim to transform payments, banking, consumer experiences, community, and more, with 2023 being the fourth-largest year for crypto venture capital.


BUZZ holds shares of Coinbase, Robinhood and MicroStrategy


Opinion: Even though I didn’t pay for my “Diamond Hands” burger with BTC, don’t let that fool you into thinking that crypto’s development is futile


The results mark “a major positive inflection point,” one analyst says, as the exchange carries net income momentum into a crypto rally


While the slate of 10 US spot bitcoin funds have tallied $4.6 billion of net inflows thus far, half of the field is lagging the leaders


Trading volumes totalled $154 billion in Q4, including $125 billion in institutional volume


DeFi on Bitcoin is all the rage right now and Stacks is positioned to benefit