Many protocols in distributed computing rely on a source of randomness, usually called a random beacon, both for their applicability and security. This is especially true for proof-of-stake blockchain protocols in which the next miner or set of miners have to be chosen randomly and each party's likelihood to be selected is in proportion to their stake in the cryptocurrency. Current random beacons used in proof-of-stake protocols, such as Ouroboros and Algorand, have two fundamental limitations: Either (i)~they rely on pseudorandomness, e.g.~assuming that the output of a hash function is uniform, which is a widely-used but unproven assumption, or (ii)~they generate their randomness using a distributed protocol in which several participants are required to submit random numbers which are then used in the generation of a final random result. However, in this case, there is no guarantee that the numbers provided by the parties are uniformly random and there is no incentive for the parties to honestly generate uniform randomness. Most random beacons have both limitations. In this thesis, we provide a protocol for distributed generation of randomness. Our protocol does not rely on pseudorandomness at all. Similar to some of the previous approaches, it uses random inputs by different participants to generate a final random result. However, the crucial difference is that we provide a game-theoretic guarantee showing that it is in everyone's best interest to submit uniform random numbers. Hence, our approach is the first to incentivize honest behavior instead of just assuming it. Moreover, the approach is trustless and generates unbiased random numbers. It is also tamper-proof and no party can change the output or affect its distribution. Finally, it is designed with modularity in mind and can be easily plugged into existing distributed protocols such as proof-of-stake blockchains.

翻译：许多分布式计算协议依赖随机源（通常称为随机信标）来实现其适用性和安全性，这在权益证明区块链协议中尤为突出——此类协议需随机选取下一个矿工或矿工集合，且每个参与方被选中的概率与其所持加密货币权益成正比。当前权益证明协议（如Ouroboros和Algorand）使用的随机信标存在两个根本性限制：（i）依赖伪随机性，例如假设哈希函数输出是均匀的——这一假设虽被广泛使用但未经证明；或（ii）通过分布式协议生成随机性，要求多个参与者提交随机数以合成最终随机结果。然而，后者既无法保证参与方提供的数字服从均匀分布，也缺乏激励促使参与方诚实地生成均匀随机性。大多数随机信标同时存在这两类限制。本文提出一种分布式随机性生成协议，该协议完全不依赖伪随机性。与部分先前方法类似，本协议利用不同参与者的随机输入产生最终随机结果，但关键区别在于：我们通过博弈论论证表明，提交均匀随机数符合每个参与方的最大利益。因此，本研究首次实现了对诚实行为的激励而非仅作假设。该方案具有无需信任特性，可生成无偏随机数，具备防篡改能力，且任何参与方均无法改变输出结果或影响其分布。最终，本协议采用模块化设计，可便捷地接入现有分布式协议（如权益证明区块链）。