Does your RNG have sufficient randomness? Is it secure against tampering? Is it decentralized? These qualities are critical to building a viable metaverse.
Quantum mechanics tells us that what looks like a highly predictable and orderly universe is built on a world of unpredictability and mere probability. While the quantum world looks bizarre, it can be understood and even harnessed for technology like semiconductors, LEDs, and quantum cryptography. Something similar can be said about randomness in the metaverse. What looks like a system built on random values produced by random number generators (RNGs) is, in fact, based on programs with a method behind them that can be understood — for good or ill.
The pivotal role of random numbers
Random numbers are of great importance in a number of applications, including games, security systems, decentralized autonomous organization (DAO) governance, and nonfungible token (NFT) generation. If your game cannot access randomly generated numbers, your starts will become repetitive and stale. If your security system relies on easily guessed authentication codes, it isn’t providing much security. If any system that needs variety isn’t getting it, it won’t be very effective.
Even if these systems don’t look random, they rely on being supplied with randomly generated values to execute important operations. Without access to randomness, well-planned systems can’t operate. However, the random numbers these systems rely on are not always as random as they may seem.
Many RNGs are, in fact, Pseudo RNGs (PRNGs). Instead of producing random outputs, they are providing the results of a fixed equation. The output value results from running a starting value, often called a “seed,” through this equation. The output is then used as a new seed, and the process starts again. While the outcome isn’t random, it can certainly appear random to an outside observer.
For many applications, this is effective. True randomness is not required in every application. In a video game with random encounters, for example, there may only be a limited number of actions the game can take at any given time. A PRNG that provides values outside a given scope isn’t going to be of much use. When the stakes are low, technical requirements often match. However, the quality of a PRNG can vary dramatically. This can be an issue for applications with higher stakes, many people depending on them, or a variety of use cases.
Some PRNGs rely on simple equations which can repeat themselves after a short period of time. This repetition breeds predictability. Others can be influenced by outside factors. This leads to tampering. Additionally, many PRNGs do not provide a way to determine if the number provided is the intended value. This lack of verification opens another door to tampering and can lead to accusations by users that applications relying on these numbers are being manipulated by biased outputs.
While being able to verify that an apparently random number was the one intended by an RNG may seem silly, it is no laughing matter. The ethos of many blockchain systems is based on transparency and trustlessness. Not being able to confirm that a given number was truly randomly produced strikes at the very heart of these ideals. When the numbers are doing work, such as providing winnings in games or reinforcing security, not being able to prove that the numbers were not tampered with can seriously impact community confidence.
Additionally, not every PRNG is suited to every possible application. Some are designed for certain Web3 functions. These are not universally applicable.
The quest for true randomness
However, these systems also have failings. They are often highly centralized, which can again lead to tampering by anyone with access to the machine. True randomness often comes at a much higher price than services by a quality PRNG. Lastly, the centralization these devices rely on means that if anything goes wrong, there is system-wide downtime.
Decentralization and the imperative of reliability
Using an RNG that does not meet your application’s decentralization, verification, or security needs can be disastrous. As the collapse of Axie Infinity due to a security breach demonstrated, a technical failure can have major repercussions for even the best applications with the strongest user base. Given how important RNGs are to the applications that use them, the best one for the task at hand must be used.
The perfect RNG would be unpredictable, tamper-resistant, verifiable, decentralized, and continuously available. If you’re selecting an RNG, ask:
- Does it provide sufficient randomness?
- Can the outputs be verified?
- Is it secure against tampering?
- Is it decentralized to avoid single point failures?
As blockchain developers continue to expand their vision, push the boundaries of their applications, and provide more and more opportunities for the public to engage with the technology, it is imperative that the best possible support for their applications be made available.
This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.