| CPC H04L 9/30 (2013.01) [G06F 7/588 (2013.01)] | 21 Claims |
|
21. A method for providing a randomness function to a smart contact on a decentralized network, the method comprising:
an oracle receiving a request for at least one random value to be supplied to a smart contract executing on a decentralized network, the request including a seed;
the oracle generating the at least one random value based on the seed, and a secret key associated with the oracle, wherein the oracle is identified on the decentralized network by a public key associated with the secret key;
the oracle generating a cryptographic proof based on the at least one random value and the public key; and
the oracle sending the at least one random value and the cryptographic proof to the decentralized network, whereby the proof, and thus the randomness of the at least one random value, can be verified, wherein the oracle generating the at least one random value based on the seed, and a secret key associated with the oracle includes:
hashing the input to the curve, to obtain a cryptographically secure random sample from secp256k1 by recursively hashing the inputs using keccak256 until the output is less than the order of secp256k1's base field (“p” in that secp256k1 description), and is the x ordinate of some point (x,y) on secp256k1 (i.e., y2=x3+7 in the base field) where by a pair (x,y) is then the hash of the input to the curve; and
multiplying (x,y), as a secp256k1 curve point by the secret key to obtain a point γ, wherein the keccak256 hash of γ, as a uint256, is the random output; and
wherein generating a cryptographic proof based on the at least one random value and the public key includes generating a proof that γ is the same multiple of (x,y) as the oracle's public key is of the secp256k1 generator by:
sampling a nonce n from {O, . . . , #secp256k1-1}, computing u=n×g,
where g is the secp256k1 generator, computing v=n×(x,y);
hashing together (x,y), its VRF public key, γ, the address of u, and v;
taking the remainder of that hash modulo #secp256k1 as c; and
computing s=n−c×k modulo #secp256k1, where k is its secret VRF key, whereby the proof is then the public key, γ, c, s, and the seed.
|