Why Cadence Only provide UnsafeRandom function instead of using random number generated by threshold signature?

Flow utilize threshold signature to generate random number used to pick random committee, why not expose this randomness to smart contract? Is there any considerations?

We recently discussed this on forum[0] and on office hours. Basically they are few issues as far as I can see.

  • Try & Abort ( basically interact with the contract in a brute force way till you get the result you want, panic if you don’t like the result)
  • Your transaction is executed on multiple execution nodes and result is compared (if you had different random on those nodes, they would disagree) So I think syncing the random for transaction would be a bit problematic

I think second issue can be solved, also there are some ideas for the first one.

Sooner or later I believe we will have random on chain.

[0] http://forum.flow.com/t/randomness-for-nft-packs-on-flow/1830/5

Yes, that is something we are looking into, but it’s complicated.

For now we have added a basic implementation so that developers can also already start developing their applications that require random numbers.

@tarak.by probably has more information

@lightningli you are absolutely correct that deriving random numbers from a threshold signature is a technically excellent solution. Unfortunately it is a heavy engineering lift.

But it is coming very soon (within the next few weeks hopefully). We have already completed the implementation on the protocol level and are now working to update the documentation and write tutorials.

With this upgrade, Flow follows conceptually largely the same approach to random number generation as chainlink VRF, with the additional improvements that (i) it is natively integrated in the flow blockchain (less latency, much better usability) and (ii) the protocol for generating the randoms is fully decentralized and trustless (while chainlink’s documentation suggests that there is some level of centralization and trust requirement for the Chainlink VRF, which could be exploited to compromise their random oracle)

On the one hand, it frequently takes us some time to ship features like this. On the other hand, we are really trying to absorb complexity into the flow platform. So you as developers and platform users don’t have to re-invent the wheel each time or add complex workarounds, which is the case in most other chains including Ethereum, where such features are just layered on top of the base protocol but not natively intreated and on-chain methods are inherently insecure (scientific paper).