In this article, I propose a method, based on the blockchain (bitcoin or any other) to perform random draws in a fair way, reproducible, non repudiable, time stamped and without third party of trust.
1) Importance of sortition
We already use sortition in several domains, for important matters :
- Draw for sport tournaments
- Picking citizen for jury in courts (France, UK, ..)
Ideally, sortition should be used more widely in democracy for building groups of citizen and counter balance the downsides of the representative system.
The following picture shows a Kleroterion : a randomization device used by the Athenian polis during the period of democracy to select citizens to the boule.
For such important matters, we need to find a mechanism that is beyond any doubt and that noone can corrupt.
2) The idea
The idea is to use an external, random phenomenon as the seed of a deterministic process of sortition.
To be irrefutable, the phenomenon should be something that :
- Everyone can observe / check
- Noone can influence
The draw takes places in two steps :
- The announcement : The authority, responsible for the draw, publishes in advance :
- The sorted list of candidates of the draw, associated with a number
- The chosen random phenomenon
- The time chosen for the measurement of the random phenomenon
- The deterministic process (algorithm) used to transform the random value into the result list
The publication of this announcment itself should not be repudiable (cannot be changed after the publication, and until the draw).
- The draw itself :
- At the chosen target time, the phenomenon is measured and converted into a list of results by the determinstic algorithm
- The results are published
- Everyone can check the validity of those results
For the choice of random phenomena, we can think of:
- Natural : Temperature at a given moment and a given place
- Humans but not predictable : CAC 40 course at the close of the stock market
Both those phenomena suffer two majors drawbacks :
- The institutes responsible for the measurements and publication of the value may be corrupted
- The entropy (range of the possible values) is way lower than the possible outcomes of a sortition.
This means that, by construction, some of the candidates may never be chosen, regardless of the value of the seed.
We'll see below that the blockchain does not suffer from those drawbacks and provides some unique characteristics, useful for the two phases of the draw.
3) Usage of the blockchain
A blockchain is a distributed network of a shared, public consensus.
It is made of a chain of blocks containing a list of signed transactions.
Typically, in the case of a crypto-currency like bitcoin, the blockchain publicly holds the list of all bitcoin transactions, worldwide.
The bitcoin protocol is designed so that :
- Each 10 minutes, a new block id mined by the community.
A block is identified by its hash : this is digital fingerprint, made of all the transactions registered during those 10 minutes.
- Once a block is validated by the community, it is impossible to update or reject it : This would require to mine an alternate valid block, which requires an enormous computing power, and huge cost (in electricity).
Also, the blockchain is not dedicated to bitcoin transaction :
We can store in it any abritrary data, signed by its publisher.
Therefore, the blockchain shows two main properties for our sortition system :
- We can use it to publish the annoucement of the draw, in a non repudiable way
- The hash of each block is a very good random phenomenon :
- Noone can guess it or control it in advance
- Everyone can read it (on any node of the blockchain network)
- It has a good entropy (about 2^200 possible values)
Finally we can use the blockchain for a draw, as follows:
The organization publishes its public key (on its website). It also publishes the announcement of the draw on its site.
This announcement consists of:
- The ordered list of candidates
- The number of the future bitcoin block chosen for the draw.
It should be equal to the duration of the deadline divided by 10 minutes (1000 blocks = 7 days)
- The number of people wanted as output
- The organization publishes a hash (fingerprint) of this announce on the blockhain, signed with it's private key.
The announcement is now written in the marbble, non repudiable.
- When the chosen block is finally mined, we use its hash as a random variable.
In order to transform this hash into a results list, we can use the following method (algorithm):
For each person to draw:
- Take the rest of the Euclidean division (modulo) of the current hash by the number of remaining candidates
- The candidate corresponding to this number is chosen
- We hash the current hash (
current_hash = md5(current_hast)).
This is equivalent to a deterministic mix of cards.
4) Strength of the system
I order to hack the result of the sortition, one would need to either corrupt :
- The announce of the sortition
- The hash of the target block
In both cases, this would require to have a fork of the blockchain validated by the network :
Which, in turn would require to generate valid blocks for alternative content (and possibly all its succerors).
Mining (= finding) a valid block is an expensive process whoch requires today the power of the full blockchain network, for 10 minutes on average.
For that purpose, the blockchain currently consumes as much power as portugal.
Hacking a sortition would require a gigantic investment in computation power and electricity : Far above the cose of any corruption of a third party of trust.
Add a comment
Alors je ne suis pas une geek, mais je m'intéresse a la June. Ma question est est-ce qu'on est obligé d'utiliser la blockchain du Bitcoin ou bien peut-on utiliser une blockchain spécifiquement construite pour l'usage du tirage au sort?
Aussi, je sais que la puissance de calcul pour calculer la blockchain demande des ressources énergétiques considérables, ce qui est peu souhaitable afin de préserver notre planète... Est-ce que c'est vraiment nécessaire pour faire une blockchain?
Written on Wed, 07 Nov 2018 09:31:02 by Julia Schindler