A randomness beacon is a source of continuous and publicly verifiable randomness which is of crucial importance for many applications. Existing works on distributed randomness beacons suffer from at least one of the following drawbacks: (i) security only against a static/non-adaptive adversary, (ii) each epoch takes many rounds of communication, or (iii) computationally expensive tools such as Proof-of-Work (PoW) or Verifiable Delay Functions (VDF). In this paper, we introduce , the first adaptively secure randomness beacon protocol that overcomes all these limitations while preserving simplicity and optimal resilience in the synchronous network setting. We achieve our result in two steps. First, we design a novel distributed key generation (DKG) protocol that runs in bits of communication but, unlike most conventional DKG protocols, outputs both secret and public keys as group elements. Here, denotes the security parameter. Second, following termination of , parties can use their keys to derive a sequence of randomness beacon values, where each random value costs only a single asynchronous round and bits of communication. We implement and evaluate it using a network of up to 64 parties running in geographically distributed AWS instances. Our evaluation shows that can produce about 2 beacon outputs per second in a network of 64 parties. We compare our protocol to the state-of-the-art randomness beacon protocols in the same setting and observe that it vastly outperforms them.
ACM Conference on Computer and Communications Security (CCS)
2024-10-14
2024-10-09