Background
Over the years, a generation of public randomness (often referred to as common coins) has attracted interest from the cryptography research community. Many distributed systems, including various consensus mechanisms, anonymity networks such as Tor, or blockchain systems, assume access to such public randomness. However, it remained a major unsolved issue to generate public randomness in a distributed, scalable, and robust way. Currently, there is no service deployed to produce this type of randomness. The only choice is a centralized, prototype-only randomness beacon run by NIST ↗.
Realizing this, Ewa Syta ↗ started a project on Scalable Bias-Resistant Distributed Randomness ↗ during her PhD studies under the supervision of Michael J. Fischer ↗ and Bryan Ford ↗ at Yale University. After Bryan moved to EPFL in 2015, the new members of the DEDIS team at EPFL (Nicolas Gailly ↗, Linus Gasser ↗, Philipp Jovanovic ↗, Ismail Khoffi ↗, Eleftherios Kokoris Kogias ↗) joined the project and together published a research paper at the 2017 IEEE Symposium on Security and Privacy ↗.
The paper explored the use of key pairings instead of classical elliptic curve cryptography to generate public randomness as a way to simplify the proposed protocol designs and improve performance in terms of randomness generation and verification.
In early 2017, the DEDIS ↗ team at EPFL ↗ started collaborating with DFINITY ↗ on various research topics, including public randomness. The DFINITY architecture is built around a pairing-based randomness beacon sharing similarities to the constructs described in the DEDIS paper. Additionally, DFINITY has already implemented an optimized pairing library in C++. After integrating this implementation into the DEDIS’ crypto library Kyber ↗, all major cryptographic components were ready to implement an efficient, distributed randomness generation protocol using pairings.
In September 2017, Nicolas, a PhD student at DEDIS, started coding drand with the help of Philipp to deploy, for the first time, a distributed service providing public randomness in an application-agnostic, secure, and efficient way. A short time later, Cloudflare released an optimized Golang implementation of the BN256 pairing curve, which is now integrated in both Kyber and drand to simplify development and deployment.
As drand gained maturity, an increasing number of organizations (including NIST, Cloudflare, Kudelski Security, the University of Chile, and Protocol Labs) started taking interest, and decided to collectively work on setting up a drand ↗ network spanning these organizations. To support the use of public randomness in web applications, Mathilde Raynal ↗, a master student at DEDIS, started developing a JavaScript proof-of-concept frontend, called drandjs ↗, to interact with drand servers.
In spring 2020, a team at Protocol Labs led efforts to take drand from an experimental to production-ready network. These efforts included significant protocol upgrades, establishment of a governance model for the distributed network, and increased operational security of node operators. Check out the drand blog ↗ for more details.