Bitcoin Beacon

TL;DR

This paper presents a Bitcoin-based protocol for generating unpredictable, publicly verifiable randomness, analyzes its security under various adversarial budgets, and introduces a hybrid protocol combining trusted parties with Bitcoin.

Contribution

It demonstrates how to instantiate a secure randomness beacon using Bitcoin and explores its security limits with different adversary budgets.

Findings

Bitcoin can be used to instantiate a secure randomness beacon under certain assumptions.

An impossibility result is shown for adversaries with infinite budgets.

A hybrid protocol combining trusted parties and Bitcoin is proposed.

Abstract

We examine a protocol $\pi_{\text{beacon}}$ that outputs unpredictable and publicly verifiable randomness, meaning that the output is unknown at the time that $\pi_{\text{beacon}}$ starts, yet everyone can verify that the output is close to uniform after $\pi_{\text{beacon}}$ terminates. We show that $\pi_{\text{beacon}}$ can be instantiated via Bitcoin under sensible assumptions; in particular we consider an adversary with an arbitrarily large initial budget who may not operate at a loss indefinitely. In case the adversary has an infinite budget, we provide an impossibility result that stems from the similarity between the Bitcoin model and Santha-Vazirani sources. We also give a hybrid protocol that combines trusted parties and a Bitcoin-based beacon.