Intro
This article describes a component of the Immortal Lottery — a decentralized autonomous application designed to work continuously at various blockchains after deployment without any maintenance requirements.
Read more about the Immortal Lottery here.
Lottery basics
The lottery is played in rounds. At the beginning of each round, users make deposits to the contract and at the end of each round users receive a chance proportional to their share of the deposit pool to win the total reward pool (with a certain % fee being withheld from each round reward pool).
Example: Alice deposits 100,000 CLO to the contract and Bob deposits 50,000 CLO to the contract. 10% is immediately withdrawn from the reward pool and redistributed among the lottery token holders and security department funding.
Alice will have a 66% chance to win 135,000 CLO at the end of the round and Bob will have a 33% chance to win these 135,000 CLO.
Source of entropy for EthereumVM blockchains
A source of entropy is a critical part of any system that involved randomness. The selection of a winner in Immortal Lottery is random.
There is no built-in source of entropy in Ethereum blockchains. As a result, this is the first problem to solve when designing a contract that generates random numbers.
The problems of on-chain entropy sources:
- Total transparency. Everything is transparent on blockchain and every transaction can be observed by third parties. It is impossible to make something “secret”.
- Verifiability. Even though the output of a randomness function is indeed unpredictable — it should still be provable that truly random or it was truly random at the moment of its creation.
- Fault tolerance. As there is no built-in source of entropy it is necessary to rely on external trustless sources. The system must be designed to resist any faults or manipulation attempts from a potential entropy source side.
User input as a source of entropy
The contract will rely on user-designed input as a source of entropy.
After analyzing various methods for collecting entropy, I came to the conclusion that the system should be designed so that users can submit entropy to the contract themselves without participating in the lottery rounds.
The contract must allow users to purposely generate entropy and provide it (encrypted) via a special function. Users should be motivated to do so and they will receive % of lottery round rewards upon revealing their entropy input.
At the other side users may attempt to manipulate the output of the randomness function that selects the winner. In order to mitigate this attack vector the entropy providers will be obligated to deposit a collateral in order to supply the entropy in exchange for reward.
Entropy providers are obligated to reveal (unencrypt) the entropy at a given time after the lottery round has passed. Entropy providers will receive their collateral + % of reward pool immediately after revealing their entropy input. Entropy providers will permanently lose their collateral if they refuse to reveal their entropy input.
The Rule of Entropy
Since the lottery is designed to work autonomously, and entropy is supplied in an unreliable way through users and it is far from guaranteed that users will provide sufficient entropy, certain conditions must be met for the lottery to maintain a fair distribution of winner selections.
The relation between the “reward pool” and “entropy collateral” determines how fair the lottery is supposed to be. At this moment it is considered that 45% collateral will be sufficient.
The number of entropy deposits must be backed by a collateral of at least 45% of the reward pool size.
Entropy disruption protection
Since users will use well-known cryptography techniques to submit etropy to the contract, they may unknowingly disrupt the gameplay. sha256(a, b) — the output of this function is a seemingly chaotic “hash” but if you use the same (a, b) pair multiple times then the output of a function is also the same. This makes (a, b) pair predictable and potentially allows users to manipulate the randomness function.
To prevent this issue the user must rely on some external random number generator to provide the entropy.
Q/A
Can I earn money in this lottery without having to play?
Yes, you can become the entropy provider and earn % of the reward pool from players.
Lottery token holders will also receive % of each reward pool.
Is it safe to deposit my funds as a collateral to become the entropy provider?
You need to reveal your entropy deposit no later than 24 hours after the lottery round ends. If you are capable of doing so then your funds are safe and you will receive it all back.
If you fail to reveal the entropy in time then the collateral is redistributed among the lottery token holders.
Can I use staked CLO as a collateral?
No.
How long does the entropy provider have to wait for the collateral to be released?
Collateral is deposited during the entropy collecting phase. Collateral and reward are released during the entropy disclosure phase which follows the entropy collecting phase. It is possible to deposit a collateral and withdraw it in the next block in theory.
Is there an upper bound on the number of entropy providers?
There is technically no need to have a coded upper bound for entropy providers. The entropy reward decreases as the number of entropy providers increases so it’s up to incentivization system.