From 02cd6f9ebe2c178aac723d698589fdaf3544316a Mon Sep 17 00:00:00 2001 From: Sacha Lansky Date: Thu, 13 Apr 2023 11:52:39 +0200 Subject: [PATCH 1/5] minor review of randomness article --- content/md/en/docs/build/randomness.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/content/md/en/docs/build/randomness.md b/content/md/en/docs/build/randomness.md index a209047ce..168fb5fb1 100644 --- a/content/md/en/docs/build/randomness.md +++ b/content/md/en/docs/build/randomness.md @@ -15,10 +15,10 @@ In traditional computer applications, what people call random numbers are actual Pseudo-randomness depends on a sufficiently random seed—provided by the user or by an external source—and an algorithm that manipulates the seed to generate a series of seemingly-random numbers. The result is a pseudo-random number that is difficult to predict because of the algorithm used to generate it, but deterministic because the same seed input always produces the same series of output. -However, applications that run on the blockchain are more tightly constrained because all authorities in the network must agree on any on-chain value, including any randomness data that is injected. -Because of this constraint, you can't use real randomness directly in blockchain applications. +However, applications that run on the blockchain are more tightly constrained. +Pseudo-randomness introduces a security vulnerability for situations where being able to predict the outcome of a random function can lead to gaming the system. -For blockchain applications, the most common approach to providing randomness is a cryptographic primitive called a[verifiable random function](https://en.wikipedia.org/wiki/Verifiable_random_function). +For blockchain applications, the most common approach to providing randomness is a cryptographic primitive called a [verifiable random function](https://en.wikipedia.org/wiki/Verifiable_random_function). A verifiable random function (VRF) is a mathematical operation that takes input and produces a random number and a proof of authenticity that this random number was generated by the submitter. The proof can be verified by any challenger to ensure that the random number generation is valid. @@ -28,7 +28,7 @@ For more information about the relationship between verifiable random functions ## Generate and consume randomness Substrate provides a [`Randomness`](https://paritytech.github.io/substrate/master/frame_support/traits/trait.Randomness.html) trait called that defines the interface between the logic that **generates randomness** and the logic that **consumes randomness**. -This trait allows you to write the logic for generating randomness and consuming randomness independently of each other. +This trait allows you to write the logic for generating pseudo randomness and consuming randomness independently of each other. ### Generating randomness @@ -41,7 +41,7 @@ Substrate includes two examples of how to implement the `Randomness` trait in pa You should only use this pallet in applications with low security requirements or when testing randomness-consuming applications. You shouldn't use this pallet in a production environment. -= The [BABE pallet](https://paritytech.github.io/substrate/master/pallet_babe/index.html) provides randomness by using verifiable random functions. +- The [BABE pallet](https://paritytech.github.io/substrate/master/pallet_babe/index.html) provides randomness by using verifiable random functions. This pallet provides production-grade randomness, and is used in Polkadot. If you select this pallet as the source of randomness your blockchain must use the blind assignment of blockchain extension ([BABE](/reference/glossary/#blind-assignment-of-blockchain-extension-babe)) slot-based consensus for producing blocks. From 41dc124d79fe61b38bf18ba38434c57850fe0a55 Mon Sep 17 00:00:00 2001 From: Sacha Lansky Date: Thu, 13 Apr 2023 11:55:22 +0200 Subject: [PATCH 2/5] minor review to troubleshoot your code --- content/md/en/docs/build/troubleshoot-your-code.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/md/en/docs/build/troubleshoot-your-code.md b/content/md/en/docs/build/troubleshoot-your-code.md index 65ceba7c6..a73937735 100644 --- a/content/md/en/docs/build/troubleshoot-your-code.md +++ b/content/md/en/docs/build/troubleshoot-your-code.md @@ -264,8 +264,8 @@ Substrate provides two default implementations of randomness. - The [insecure randomness collective flip](https://paritytech.github.io/substrate/master/pallet_insecure_randomness_collective_flip/index.html) pallet generates random values based on the block hashes from the previous 81 blocks. This pallet can be useful when defending against weak adversaries or in low-security situations like testing. - For example, you can use this pallet when testing randomness-consuming pallets. - You should never use this pallet in production as a true source of randomness. + For example, you can use this pallet when testing pallets that require some source of randomness. + **You should _never_ use this pallet in production as a true source of randomness.** - The [BABE](https://paritytech.github.io/substrate/master/pallet_babe/index.html) pallet uses verifiable random functions (VRF) to implement a more secure version of randomness. This pallet provides production-grade randomness. From 608529b8943b293bab86e7972c5165be156bc4b0 Mon Sep 17 00:00:00 2001 From: Sacha Lansky Date: Thu, 13 Apr 2023 12:09:38 +0200 Subject: [PATCH 3/5] update guide --- .../how-to-guides/pallet-design/incorporate-randomness.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/content/md/en/docs/reference/how-to-guides/pallet-design/incorporate-randomness.md b/content/md/en/docs/reference/how-to-guides/pallet-design/incorporate-randomness.md index e6aff46fc..7cfffa697 100644 --- a/content/md/en/docs/reference/how-to-guides/pallet-design/incorporate-randomness.md +++ b/content/md/en/docs/reference/how-to-guides/pallet-design/incorporate-randomness.md @@ -1,5 +1,5 @@ --- -title: Incorporate randomness +title: Incorporate pseudo-randomness (not secure) description: On-chain randomness techniques and tools detailed. keywords: - pallet design @@ -15,7 +15,9 @@ This is particularly true in the context of a blockchain, when all the nodes in FRAME provides runtime engineers with a source of [on-chain randomness](/build/randomness/), using the [Randomness trait](https://paritytech.github.io/substrate/master/frame_support/traits/trait.Randomness.html). This guide explains how to make use of FRAME's Randomness trait by using the `random` method and a nonce as a subject. -The guide also illustrates how to add entropy to the randomness value by assigning the `RandomCollectiveFlip` pallet to the configuration trait of a pallet that exposes a "random" type. +The guide also illustrates how to add some entropy to the randomness value by assigning the `InsecureRandomCollectiveFlip` pallet to the configuration trait of a pallet that exposes a "random" type. + +**Note that the `InsecureRandomCollectiveFlip` is not a secure source of randomness, this guide is intended for educational purposes only.** ## Import `Randomness` From 6184183303ade2d9f5f1a1cd3ca091baf60d6d23 Mon Sep 17 00:00:00 2001 From: Sacha Lansky Date: Thu, 13 Apr 2023 12:10:14 +0200 Subject: [PATCH 4/5] remove instances of using insecure randomness --- .../md/en/docs/quick-start/modify-the-runtime.md | 1 - content/md/en/docs/reference/frame-pallets.md | 2 +- .../pallet-design/incorporate-randomness.md | 4 ++-- .../build-a-blockchain/upgrade-a-running-network.md | 1 - .../specify-the-origin-for-a-call.md | 13 ++++++------- .../08-add-collectibles-to-runtime.md | 2 +- .../runtime-upgrade/lib-spec-version-101.rs | 3 --- .../runtime-upgrade/lib-spec-version-102.rs | 3 --- 8 files changed, 10 insertions(+), 19 deletions(-) diff --git a/content/md/en/docs/quick-start/modify-the-runtime.md b/content/md/en/docs/quick-start/modify-the-runtime.md index e56ec96df..0ea17e979 100644 --- a/content/md/en/docs/quick-start/modify-the-runtime.md +++ b/content/md/en/docs/quick-start/modify-the-runtime.md @@ -127,7 +127,6 @@ To add the Utility pallet: UncheckedExtrinsic = UncheckedExtrinsic { System: frame_system, - RandomnessCollectiveFlip: pallet_randomness_collective_flip, Timestamp: pallet_timestamp, Aura: pallet_aura, ... diff --git a/content/md/en/docs/reference/frame-pallets.md b/content/md/en/docs/reference/frame-pallets.md index 2b0d84b56..94f997563 100644 --- a/content/md/en/docs/reference/frame-pallets.md +++ b/content/md/en/docs/reference/frame-pallets.md @@ -63,7 +63,7 @@ You should check the [Rust documentation](https://paritytech.github.io/substrate | [`pallet_nicks`](https://paritytech.github.io/substrate/master/pallet_nicks/index.html) | Demonstrates simplified account naming on-chain. It makes no effort to create a name hierarchy, be a DNS replacement, or provide reverse lookups. | [`pallet_offences`](https://paritytech.github.io/substrate/master/pallet_offences/index.html) | Tracks reported offences. | [`pallet_proxy`](https://paritytech.github.io/substrate/master/pallet_proxy/index.html)| Allows accounts to give permission to other accounts to dispatch types of calls from their signed origin. -| [`pallet_randomness_collective_flip`](https://paritytech.github.io/substrate/master/pallet_randomness_collective_flip/index.html) | Provides a `random` function that can be used in tests and generates low-influence random values based on the block hashes from the previous `81` blocks. This pallet is not intended for use in production. +| [`pallet_randomness_collective_flip`](https://paritytech.github.io/substrate/master/pallet_randomness_collective_flip/index.html) | Provides a `random` function that can be used in tests and generates low-influence random values based on the block hashes from the previous `81` blocks. This pallet is not intended for use in production as it is _not secure_. | [`pallet_recovery`](https://paritytech.github.io/substrate/master/pallet_recovery/index.html) | Provides a social recovery tool for users to gain access to their accounts if their private key or other authentication mechanism is lost. This pallet enables an account owner to identify trusted parties who can act on the owner's behalf to recover access to an account. | [`pallet_scheduler`](https://paritytech.github.io/substrate/master/pallet_scheduler/index.html) | Exposes capabilities for scheduling dispatches to occur at a specified block number or at a specified period. These scheduled dispatches can be named or anonymous and can be canceled. | [`pallet_scored_pool`](https://paritytech.github.io/substrate/master/pallet_scored_pool/index.html)| Maintains a scored membership pool where the highest scoring entities are made members. diff --git a/content/md/en/docs/reference/how-to-guides/pallet-design/incorporate-randomness.md b/content/md/en/docs/reference/how-to-guides/pallet-design/incorporate-randomness.md index 7cfffa697..49c8ef273 100644 --- a/content/md/en/docs/reference/how-to-guides/pallet-design/incorporate-randomness.md +++ b/content/md/en/docs/reference/how-to-guides/pallet-design/incorporate-randomness.md @@ -90,11 +90,11 @@ Use a nonce to serve as a subject for the `frame_support::traits::Randomness::ra 1. Update your pallet's runtime implementation. Because you have added a type to your pallet's configuration trait, `Config` opens up the opportunity to further enhance the randomness derived by the `Randomness` trait. - This is accomplished by using the [Randomness Collective Flip pallet](https://paritytech.github.io/substrate/master/pallet_randomness_collective_flip/index.html). + This is accomplished by using the [Insecure Randomness Collective Flip pallet](https://paritytech.github.io/substrate/master/pallet_insecure_randomness_collective_flip/index.html). Using this pallet alongside the `Randomness` trait will significantly improve the entropy being processed by `random()`. - In `runtime/src/lib.rs`, assuming `pallet_random_collective_flip` is instantiated in `construct_runtime` as `RandomCollectiveFlip`, specify your exposed type in the following way: + In `runtime/src/lib.rs`, assuming `pallet_insecure_randomness_collective_flip` is instantiated in `construct_runtime` as `RandomCollectiveFlip`, specify your exposed type in the following way: ```rust impl my_pallet::Config for Runtime{ diff --git a/content/md/en/docs/tutorials/build-a-blockchain/upgrade-a-running-network.md b/content/md/en/docs/tutorials/build-a-blockchain/upgrade-a-running-network.md index 3b2aef1d5..cf31c05ee 100644 --- a/content/md/en/docs/tutorials/build-a-blockchain/upgrade-a-running-network.md +++ b/content/md/en/docs/tutorials/build-a-blockchain/upgrade-a-running-network.md @@ -289,7 +289,6 @@ To add the Utility types and configuration trait: UncheckedExtrinsic = UncheckedExtrinsic { System: frame_system, - RandomnessCollectiveFlip: pallet_randomness_collective_flip, Timestamp: pallet_timestamp, Aura: pallet_aura, ``` diff --git a/content/md/en/docs/tutorials/build-application-logic/specify-the-origin-for-a-call.md b/content/md/en/docs/tutorials/build-application-logic/specify-the-origin-for-a-call.md index 8fe00e65a..074b64d13 100644 --- a/content/md/en/docs/tutorials/build-application-logic/specify-the-origin-for-a-call.md +++ b/content/md/en/docs/tutorials/build-application-logic/specify-the-origin-for-a-call.md @@ -164,13 +164,12 @@ For this demonstration, be sure you have: NodeBlock = opaque::Block, UncheckedExtrinsic = UncheckedExtrinsic { - System: frame_system, // index 0 - RandomnessCollectiveFlip: pallet_randomness_collective_flip, // index 1 - Timestamp: pallet_timestamp, // index 2 - Aura: pallet_aura, // index 3 - Grandpa: pallet_grandpa, // index 4 - Balances: pallet_balances, // index 5 - Nicks: pallet_nicks, // index 6 + System: frame_system, // index 0 + Timestamp: pallet_timestamp, // index 1 + Aura: pallet_aura, // index 2 + Grandpa: pallet_grandpa, // index 3 + Balances: pallet_balances, // index 4 + Nicks: pallet_nicks, // index 5 } ``` diff --git a/content/md/en/docs/tutorials/collectibles-workshop/08-add-collectibles-to-runtime.md b/content/md/en/docs/tutorials/collectibles-workshop/08-add-collectibles-to-runtime.md index 743b5d4e7..463366d81 100644 --- a/content/md/en/docs/tutorials/collectibles-workshop/08-add-collectibles-to-runtime.md +++ b/content/md/en/docs/tutorials/collectibles-workshop/08-add-collectibles-to-runtime.md @@ -91,7 +91,7 @@ To add the collectibles pallet to the runtime: UncheckedExtrinsic = UncheckedExtrinsic, { System: frame_system, - RandomnessCollectiveFlip: pallet_randomness_collective_flip, + RandomnessCollectiveFlip: pallet_insecure_randomness_collective_flip, Timestamp: pallet_timestamp, Aura: pallet_aura, Grandpa: pallet_grandpa, diff --git a/static/assets/tutorials/runtime-upgrade/lib-spec-version-101.rs b/static/assets/tutorials/runtime-upgrade/lib-spec-version-101.rs index f3f756361..92d494596 100644 --- a/static/assets/tutorials/runtime-upgrade/lib-spec-version-101.rs +++ b/static/assets/tutorials/runtime-upgrade/lib-spec-version-101.rs @@ -208,8 +208,6 @@ impl frame_system::Config for Runtime { type MaxConsumers = frame_support::traits::ConstU32<16>; } -impl pallet_randomness_collective_flip::Config for Runtime {} - impl pallet_aura::Config for Runtime { type AuthorityId = AuraId; type DisabledValidators = (); @@ -310,7 +308,6 @@ construct_runtime!( UncheckedExtrinsic = UncheckedExtrinsic, { System: frame_system, - RandomnessCollectiveFlip: pallet_randomness_collective_flip, Timestamp: pallet_timestamp, Aura: pallet_aura, Grandpa: pallet_grandpa, diff --git a/static/assets/tutorials/runtime-upgrade/lib-spec-version-102.rs b/static/assets/tutorials/runtime-upgrade/lib-spec-version-102.rs index 6e7d21f56..1614e7d6e 100644 --- a/static/assets/tutorials/runtime-upgrade/lib-spec-version-102.rs +++ b/static/assets/tutorials/runtime-upgrade/lib-spec-version-102.rs @@ -208,8 +208,6 @@ impl frame_system::Config for Runtime { type MaxConsumers = frame_support::traits::ConstU32<16>; } -impl pallet_randomness_collective_flip::Config for Runtime {} - impl pallet_aura::Config for Runtime { type AuthorityId = AuraId; type DisabledValidators = (); @@ -310,7 +308,6 @@ construct_runtime!( UncheckedExtrinsic = UncheckedExtrinsic, { System: frame_system, - RandomnessCollectiveFlip: pallet_randomness_collective_flip, Timestamp: pallet_timestamp, Aura: pallet_aura, Grandpa: pallet_grandpa, From cc9348d4011f9359e8cbe920e45b6e8d3d44cea1 Mon Sep 17 00:00:00 2001 From: Sacha Lansky Date: Mon, 24 Apr 2023 16:52:21 +0200 Subject: [PATCH 5/5] Update content/md/en/docs/build/randomness.md --- content/md/en/docs/build/randomness.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/content/md/en/docs/build/randomness.md b/content/md/en/docs/build/randomness.md index 168fb5fb1..492aef027 100644 --- a/content/md/en/docs/build/randomness.md +++ b/content/md/en/docs/build/randomness.md @@ -15,8 +15,9 @@ In traditional computer applications, what people call random numbers are actual Pseudo-randomness depends on a sufficiently random seed—provided by the user or by an external source—and an algorithm that manipulates the seed to generate a series of seemingly-random numbers. The result is a pseudo-random number that is difficult to predict because of the algorithm used to generate it, but deterministic because the same seed input always produces the same series of output. -However, applications that run on the blockchain are more tightly constrained. -Pseudo-randomness introduces a security vulnerability for situations where being able to predict the outcome of a random function can lead to gaming the system. +However, applications that run on the blockchain are more tightly constrained because all authorities in the network must agree on any on-chain value, including any randomness data that is injected. +Because of this constraint, you can't use real randomness directly in blockchain applications. +For this reason, using randomness on-chain securely must utilize techniques such as VRFs otherwise it becomes possible to predict the outcome of a random function whereby any participant could game the system. For blockchain applications, the most common approach to providing randomness is a cryptographic primitive called a [verifiable random function](https://en.wikipedia.org/wiki/Verifiable_random_function). A verifiable random function (VRF) is a mathematical operation that takes input and produces a random number and a proof of authenticity that this random number was generated by the submitter.