Entropy by Pyth Network
A New Entrant for On-chain Randomness
If there is any genre of finance that is full of technical terms, then it is the crypto space. But things can get a little more technical and complicated under the hood when it comes to the self-custody sub-genre.
As a Defi user, you have likely heard of wallets, authenticators, seed phrases and private keys – but what about the entropy?
In the 1940s, Bell Labs scientist Claude Shannon studied entropy in losses of information in telecommunication signals to produce groundbreaking advances in applying randomness to encrypt information. Since that time, entropy has been analyzed to understand science as a whole, better…
If you are, or were a science student, you might recognize the name “Entropy”. It is something that deals with the second law of thermodynamics. In physics, entropy represents the degree of disorder in a system. This is because as systems tend to degrade over time, thermodynamic energy becomes less available to do mechanical work.
You would have encountered it in biology when talking about DNA sequences…
But since we’re talking about crypto here, then physics or biology is not the place to find the definition we are looking for. We should be doing so in cryptography!
Cryptography, or cryptology, is the practice and study of techniques for secure communication in the presence of adversarial behavior. It involves the use of algorithms and keys to convert plaintext into unintelligible ciphertext, which can only be read by reversing the process (decryption) using the corresponding key.
Cryptography is like a secret code that keeps information safe. It's used to protect things like messages, passwords, and online transactions so that only the people who are supposed to see them can read them.
In cryptography, entropy has a slightly different meaning…
Entropy refers to the randomness collected by a system for use in algorithms that require random seeds
In cryptography, random numbers are the core ingredients required to build any security system. More precisely, unpredictable random numbers.
The ability to generate fair and verifiable random numbers on the blockchain without compromising security or usability is critical for many decentralized applications. A lack of good entropy can leave a cryptographic system vulnerable and unable to encrypt data securely.
But generating unpredictable random digits isn’t easy. As a great example, computers, which are great for many things, are completely useless for generating unpredictable random digits. Computers are deterministic machines and therefore need additional help to generate unpredictability. Thus, a quantum random number generator would be a type of computer capable of doing this task.
The challenge
In crypto today, the concept of entropy was introduced with the publication of the BIP-39 standard in 2013 by Marek Palatinus, Pavol Rusnak, Aaron Voisine, and Sean Bowe. To put it briefly, this standard established a consistent method for converting this number into words that are simple to write down.
That’s because the entropy itself is very long; specifically 256 bits of information for a 24-word recovery phrase or 128 bits for a 12-word recovery phrase. You can create fresh private keys for new accounts and create a backup of your wallet using this.
However, it is not practical to back up so much data…
A seed phrase, made up of 12-24 English words out of a fixed list of a possible 2048, is much easier to write down and look after. So that’s exactly what the BIP-39 standard does: it provides a way to translate the entropy into 12-24 words.
You see, randomness is crucial for various blockchain applications, such as games, NFT airdrops, IDO auctions, resource allocation, and consensus mechanisms. It ensures fairness in games, like determining fight outcomes or object discoveries, and is vital for provably fair lottery mechanics in dApps.
Without randomness, it's easy for those with blockchain knowledge to predict outcomes and exploit the system, undermining trust and transparency. Fairness is essential for dapps, as users must trust that outcomes are genuinely random.
Now that we have established that random number generation is a critical component for a myriad of applications in the blockchain ecosystem, we must face the elephant in the room.
Generating secure and verifiable random numbers on-chain is a big challenge!
Generating true randomness is a big challenge because blockchains rely on consensus mechanisms, such as Proof of Work or Proof of Stake, to reach an agreement on the state of the network, and these consensus mechanisms are deterministic and therefore do not provide a source of true randomness.
You see, creating and successfully defending a smart contract against bad actors is like constructing and fortifying a castle against invaders. A developer must adopt a security-sensitive mindset to ensure the castle (smart contract) remains impenetrable.
Let’s imagine a game of chance where the outcome is determined by a coin flip.
The coin flip is meant to be fair, but what if the person flipping the coin has a hidden agenda? They might flip the coin in a way that makes it more likely to land on one side, giving them an unfair advantage.
Similarly, in the use of smart contracts, the randomness used to make decisions can be manipulated by adversaries seeking to gain an advantage.
Now, let’s consider a more crypto-centric example.
Instead of a coin flip, we’re relying on block hash-based randomness to safeguard a smart contract (castle). It’s like using the roll of a die to determine decisions within the castle.
It seems fair at first, but imagine if a powerful group of guards (miners) could selectively discard unfavourable die rolls.
For example, if a contract decides outcomes based on whether the last bit of a block hash is even or odd, it appears to be a 50/50 chance. However, if these guards (who control a significant portion of the castle’s defence) decide to ignore results where the last bit is odd, they can skew the outcomes.
They might forgo their rewards (the block reward) to manipulate the results in their favour, thus turning a fair 50/50 chance into a biased 2/3 chance. If the benefits of this manipulation outweigh the loss of rewards, it becomes a rational economic choice, compromising the security and fairness of the system.
To mitigate such risks, developers often look to off-chain solutions.
Let’s take these off-chain solutions to be akin to seeking counsel from trusted advisors outside the castle. However, without cryptographic guarantees ensuring the advisors’ impartiality, there's a risk that these external advisors (off-chain providers) could also manipulate the information before it reaches the castle. This requires users to trust that the randomness remains untampered during its journey back to the smart contract, similar to trusting that messages from external advisors have not been altered en route.
Hence the reason why I said generating secure and verifiable random numbers on-chain is a big challenge!
There have been attempts to solve this problem by various methods, such as using random data from external sources (the hash of a previous block, etc) or by using off-chain solutions, such as Chainlink’s VRF oracle, but these solutions are not optimal as they are either deterministic, rely on trusted parties, and/or require additional fees for gas and infrastructure.
Recently, Pyth introduced an enhanced alternative approach to randomness generation known as “commit-reveal,” which involves the collaboration of untrusted parties.
In the commit-reveal process, both the user and the service provider generate a secret random number and submit its hash, called a “commitment,” to the blockchain. During the reveal phase, both parties disclose their random numbers. Each party then verifies the other's revealed number and the final random number is determined by hashing these two numbers together. The block hash can also be included to introduce additional randomness.
This method improves upon the trust assumptions of Verifiable Random Functions (VRFs) and uses simpler cryptography, relying solely on hash functions, which makes it easier for developers to implement. While the “liveness” issue persists—where either party can halt the protocol by not revealing their number—developers can mitigate this similarly to VRFs.
However, the commit-reveal process requires more than two transactions, leading to higher gas fees. Participants must first send their commitment, then complete the reveal phase, and finally determine the random number in a third step.
To resolve this, Entropy by Pyth comes in…
Entropy by Pyth Network
Entropy is a protocol engineered by Pyth Network to address the limitations of traditional randomness generation methods by using an advanced version of the commit-reveal process with strong security guarantees.
In this method, the service provider can commit multiple random numbers upfront, which significantly reduces the number of transactions required. This allows for the rapid generation of secure random numbers with minimal transactions, making it an ideal solution for decentralized applications (dApps) that demand speed, such as NFT games, airdrops, mints, and lotteries.
A deeper look into Entropy’s Protocol design
Looking at the protocol design, Entropy is an advanced method for generating secure random numbers on the blockchain, building upon the classical commit/reveal protocol.
This protocol involves two parties, typically referred to as A and B.
Each party generates a secret random number, which they then hash and exchange the hashes with each other. Afterwards, they reveal their original numbers, allowing both parties to verify that the hashes match the revealed numbers. The final random number is determined by hashing the combined revealed numbers. This system ensures randomness as long as at least one of the parties acts honestly.
Entropy extends this model, optimizing it specifically for on-chain use and involving two key participants:
A provider (P) and
A user (U)
The process begins with the provider, who generates a sequence of random numbers in reverse order. Starting from the last number in the sequence, each number is hashed to produce the preceding number. The provider then commits to the initial number in this sequence by posting it on the Entropy contract, establishing a verifiable chain of random numbers.
When a user requires a random number, they start by generating their own random number and submitting its hash to the contract. The contract records this hash and assigns a sequence number, indicating which random number from the provider’s precomputed sequence will be used. The user then requests this specific number from the provider through an off-chain communication method. The provider checks to ensure the requested number is valid and that the blockchain sequence number is sufficiently advanced to prevent any potential reorganization attacks. Once verified, the provider reveals the requested random number to the user.
The user then submits both the provider’s revealed number and their original random number to the contract. The contract verifies the authenticity of the provider’s number by checking its hash against the previous number in the sequence and confirms the user’s number by comparing it to the initially submitted hash. If both numbers are verified, the final random number is generated by hashing the combination of the provider’s number and the user’s number. To enhance security further, this process can incorporate the hash of the blockchain block containing the request, adding a layer of randomness.
It guarantees that the final random number is truly random and secure as long as either the provider or the user is honest and maintains the secrecy of their number until the appropriate phase. The provider must ensure that their off-chain system is secure to prevent users from gaining access to the random numbers prematurely, which could otherwise allow them to manipulate outcomes.
Benefits for DeFi and Web3
The introduction of Entropy to the blockchain space brings several advantages that can drive the growth and reliability of DeFi and Web3 applications:
1. By providing truly random and secure numbers, Entropy mitigates risks associated with predictable or manipulated randomness. This is particularly important for applications involving financial transactions, lotteries, or any form of staking and reward systems.
2. The rapid response time of Entropy allows applications, especially games and NFTs, to offer a seamless and engaging user experience. Users can interact with the application without noticeable delays, which is crucial for user retention and satisfaction. (Meanwhile, larrythecumber from Berachain wrote a comprehensive guide on how builders can ensure a completely random distribution for NFT mints. Check out the full guide here.)
3. Entropy’s on-chain verification process ensures that the randomness is transparent and can be audited by any participant in the network. This transparency builds trust among users, knowing that the outcomes are fair and unbiased.
Beyond DeFi and Web3
The applications of Entropy extend beyond the realm of DeFi and Web3. It can be valuable for any blockchain-based application requiring verifiable randomness, such as:
Supply chain management systems for secure and transparent product selection processes.
Decentralized autonomous organizations (DAOs) for unbiased voting mechanisms.
Random art generation and other creative applications.
Who’s Using Pyth Entropy?
Integration with Entropy is permissionless, and several creative and market-based projects are already tapping into the Entropy protocol to power their solutions.
Pyth Entropy is now available on multiple EVM blockchains and Layer-2 networks, including LightLink, Chiliz, Arbitrum, Optimism, Mode, Zetachain, and recently, Blast.
Blast is a new Ethereum Layer-2 solution, pioneering native yield for ETH and stablecoins while offering faster and cheaper transactions. It leverages Ethereum’s Shanghai upgrade, featuring auto-rebasing for ETH and T-Bill yields for stablecoins through Blast USD (USDB).
Blast's integration with Pyth’s data oracles allows dApps on the network to access over 400 low-latency price feeds for cryptocurrencies, foreign exchange pairs, commodities, and equities of exchange-traded funds. Dozens of Blast dApps have already adopted Pyth. Notable amongst them are:
FLAP (Blast)—a bundle market for blue chip NFT mints.
Fungible Flip (Blast)—a coin flip game with no house rake and true 50/50 odds.
With Pyth Entropy, Blast dApps can now generate secure, unbiased random numbers quickly and cost-effectively, ensuring fair outcomes for users. This feature is essential for applications in NFT mints and airdrops, blockchain games, SocialFi, prediction markets, and more.
Combined with Blast's network advantages, Pyth Entropy enables new, trust-free experiences previously impossible on other blockchains.
Currently, Pyth Entropy has generated revenue of approximately 4.9335 ETH and has successfully processed 261,197 requests with a 97.62% success rate.
Conclusion:
Entropy represents entropy
Pyth Network did a really good one here.
As part of the Pyth Network, Entropy can be integrated across multiple blockchain ecosystems, enhancing its utility and reach. This interoperability supports the broader Web3 vision of interconnected and interoperable decentralized applications.
Entropy’s integration within the Pyth Network will continue to play a pivotal role in the mission to onboard the next billion users to the blockchain space.
Further Resources