STROBE: Streaming Threshold Random Beacons

Authors Donald Beaver, Konstantinos Chalkias, Mahimna Kelkar, Lefteris Kokoris-Kogias, Kevin Lewi, Ladi de Naurois, Valeria Nikolaenko, Arnab Roy, Alberto Sonnino

Thumbnail PDF


  • Filesize: 0.75 MB
  • 16 pages

Document Identifiers

Author Details

Donald Beaver
  • Independent Scholar, Pittsburgh, PA, USA
Konstantinos Chalkias
  • Mysten Labs, Palo Alto, CA, USA
Mahimna Kelkar
  • Cornell University, New York City, NY, USA
Lefteris Kokoris-Kogias
  • Mysten Labs, London, UK
  • IST Austria, Klosterneuburg, Austria
Kevin Lewi
  • Meta Platforms, Inc., Menlo Park, CA, USA
Ladi de Naurois
  • Washington DC, USA
Valeria Nikolaenko
  • a16z crypto, Palo Alto, CA, USA
Arnab Roy
  • Mysten Labs, Palo Alto, CA, USA
Alberto Sonnino
  • Mysten Labs, London, UK
  • University College London, UK


Work done when all the authors were at Novi Research, Meta.

Cite AsGet BibTex

Donald Beaver, Konstantinos Chalkias, Mahimna Kelkar, Lefteris Kokoris-Kogias, Kevin Lewi, Ladi de Naurois, Valeria Nikolaenko, Arnab Roy, and Alberto Sonnino. STROBE: Streaming Threshold Random Beacons. In 5th Conference on Advances in Financial Technologies (AFT 2023). Leibniz International Proceedings in Informatics (LIPIcs), Volume 282, pp. 7:1-7:16, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2023)


We revisit decentralized random beacons with a focus on practical distributed applications. Decentralized random beacons (Beaver and So, Eurocrypt'93) provide the functionality for n parties to generate an unpredictable sequence of bits in a way that cannot be biased, which is useful for any decentralized protocol requiring trusted randomness. Existing beacon constructions are highly inefficient in practical settings where protocol parties need to rejoin after crashes or disconnections, and more significantly where smart contracts may rely on arbitrary index points in high-volume streams. For this, we introduce a new notion of history-generating decentralized random beacons (HGDRBs). Roughly, the history-generation property of HGDRBs allows for previous beacon outputs to be efficiently generated knowing only the current value and the public key. At application layers, history-generation supports registering a sparser set of on-chain values if desired, so that apps like lotteries can utilize on-chain values without incurring high-frequency costs, enjoying all the benefits of DRBs implemented off-chain or with decoupled, special-purpose chains. Unlike rollups, HG is tailored specifically to recovering and verifying pseudorandom bit sequences and thus enjoys unique optimizations investigated in this work. We introduce STROBE: an efficient HGDRB construction which generalizes the original squaring-based RSA approach of Beaver and So. STROBE enjoys several useful properties that make it suited for practical applications that use beacons: 1) history-generating: it can regenerate and verify high-throughput beacon streams, supporting sparse (thus cost-effective) ledger entries; 2) concisely self-verifying: NIZK-free, with state and validation employing a single ring element; 3) eco-friendly: stake-based rather than work based; 4) unbounded: refresh-free, addressing limitations of Beaver and So; 5) delay-free: results are immediately available. 6) storage-efficient: the last beacon suffices to derive all past outputs, thus O(1) storage requirements for nodes serving the whole history.

Subject Classification

ACM Subject Classification
  • Security and privacy → Public key encryption
  • decentralized randomness
  • beacons
  • consensus
  • blockchain
  • lottery


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. Joy Algesheimer, Jan Camenisch, and Victor Shoup. Efficient computation modulo a shared secret with application to the generation of shared safe-prime products. In CRYPTO, pages 417-432, 2002. Google Scholar
  2. Jesús F Almansa, Ivan Damgård, and Jesper Buus Nielsen. Simplified threshold RSA with adaptive and proactive security. In EUROCRYPT, pages 593-611, 2006. Google Scholar
  3. Zeta Avarikioti, EK Kogias, Roger Wattenhofer, and Dionysis Zindros. Brick: Asynchronous incentive-compatible payment channels. In FC, pages 209-230, 2021. Google Scholar
  4. Donald Beaver and Nicol So. Global, unpredictable bit generation without broadcast. In EUROCRYPT, pages 424-434, 1993. Google Scholar
  5. Fabrice Benhamouda, Craig Gentry, Sergey Gorbunov, Shai Halevi, Hugo Krawczyk, Chengyu Lin, Tal Rabin, and Leonid Reyzin. Can a blockchain keep a secret? In TCC, pages 260-290, 2020. Google Scholar
  6. Adithya Bhat, Aniket Kate, Kartik Nayak, and Nibesh Shrestha. Optrand: Optimistically responsive distributed random beacons. In NDSS, 2023. Google Scholar
  7. Lenore Blum, Manuel Blum, and Michael Shub. A simple unpredictable pseudo-random number generator. SIAM J. Comput., 15:364-383, 1986. Google Scholar
  8. Dan Boneh, Joseph Bonneau, Benedikt Bünz, and Ben Fisch. Verifiable delay functions. In CRYPTO, pages 757-788, 2018. Google Scholar
  9. Dan Boneh and Matthew Franklin. Efficient generation of shared RSA keys. In CRYPTO, pages 425-439, 1997. Google Scholar
  10. Dan Boneh, Craig Gentry, Ben Lynn, and Hovav Shacham. Aggregate and verifiably encrypted signatures from bilinear maps. In EUROCRYPT, pages 416-432, 2003. Google Scholar
  11. Dan Boneh, Ben Lynn, and Hovav Shacham. Short signatures from the Weil pairing. In ASIACRYPT, pages 514-532, 2001. Google Scholar
  12. Vitalik Buterin. Vitalik’s annotated ethereum 2.0 spec., 2020.
  13. Christian Cachin. An asynchronous protocol for distributed computation of RSA inverses and its applications. In PODC, pages 153-162, 2003. Google Scholar
  14. Christian Cachin. Architecture of the Hyperledger blockchain Fabric. In DCCL, 2016. Google Scholar
  15. Christian Cachin, Klaus Kursawe, and Victor Shoup. Random oracles in Constantinople: Practical asynchronous Byzantine agreement using cryptography. Journal of Cryptology, 18(3):219-246, 2005. Google Scholar
  16. Ran Canetti, Rosario Gennaro, Stanisław Jarecki, Hugo Krawczyk, and Tal Rabin. Adaptive security for threshold cryptosystems. In CRYPTO, pages 98-116, 1999. Google Scholar
  17. Ignacio Cascudo and Bernardo David. SCRAPE: Scalable randomness attested by public entities. In ACNS, pages 537-556, 2017. Google Scholar
  18. Ignacio Cascudo and Bernardo David. ALBATROSS: publicly attestable batched randomness based on secret sharing. In ASIACRYPT, pages 311-341, 2020. Google Scholar
  19. Dario Catalano, Rosario Gennaro, and Shai Halevi. Computing inverses over a shared secret modulus. In EUROCRYPT, pages 190-206, 2000. Google Scholar
  20. Panagiotis Chatzigiannis, Foteini Baldimtsi, and Konstantinos Chalkias. SoK: Blockchain light clients. In FC, 2022. Google Scholar
  21. Panagiotis Chatzigiannis and Konstantinos Chalkias. Proof of assets in the Diem blockchain. In ACNS, pages 27-41, 2021. Google Scholar
  22. Kevin Choi, Aathira Manoj, and Joseph Bonneau. SoK: Distributed randomness beacons. In IEEE S&P, pages 75-92, 2023. Google Scholar
  23. Mia Consalvo. Cheating: Gaining advantage in videogames. Mit Press, 2009. Google Scholar
  24. Ivan Damgård and Maciej Koprowski. Practical threshold RSA signatures without a trusted dealer. In EUROCRYPT, pages 152-165, 2001. Google Scholar
  25. List of gambling Ethereum smart contracts, 2021. URL:
  26. Danny Dolev and H Strong. Polynomial algorithms for multiple processor agreement. SIAM J Computing, 12(4):656-666, 1982. Google Scholar
  27. J. Drake. Minimal VDF randomness beacon. URL:
  28. Drand - a distributed randomness beacon daemon. URL:
  29. Naomi Ephraim, Cody Freitag, Ilan Komargodski, and Rafael Pass. Continuous verifiable delay functions. In EUROCRYPT, pages 125-154, 2020. Google Scholar
  30. Paul Feldman and Sylvio Micali. Byzantine agreement in constant expected time. In FOCS, pages 267-276, 1997. Google Scholar
  31. Yair Frankel, Philip D MacKenzie, and Moti Yung. Robust efficient distributed RSA-key generation. In STOC, pages 663-672, 1998. Google Scholar
  32. Sally M Gainsbury and Alex Blaszczynski. How blockchain and cryptocurrency technology could revolutionize online gambling. Gaming Law Review, 21(7):482-492, 2017. Google Scholar
  33. Harald Gjermundrød, Konstantinos Chalkias, and Ioanna Dionysiou. Going beyond the coinbase transaction fee: Alternative reward schemes for miners in blockchain systems. In PCI, pages 1-4, 2016. Google Scholar
  34. Timo Hanke, Mahnush Movahedi, and Dominic Williams. Dfinity technology overview series, consensus system. arXiv preprint arXiv:1805.04548, 2018. Google Scholar
  35. Aniket Kate and Ian Goldberg. Distributed key generation for the internet. In ICDCS, pages 119-128, 2009. Google Scholar
  36. Aggelos Kiayias, Alexander Russell, Bernardo David, and Roman Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. In CRYPTO, pages 357-388, 2017. Google Scholar
  37. Eleftherios Kokoris-Kogias, Enis Ceyhun Alp, Linus Gasser, Philipp Jovanovic, Ewa Syta, and Bryan Ford. Calypso: Private data management for decentralized ledgers. Proc. VLDB Endow., 14(4):586-599, 2020. Google Scholar
  38. Eleftherios Kokoris Kogias, Dahlia Malkhi, and Alexander Spiegelman. Asynchronous distributed key generation for computationally-secure randomness, consensus, and threshold signatures. In CCS, pages 1751-1767, 2020. Google Scholar
  39. Sai Krishna Deepak Maram, Fan Zhang, Lun Wang, Andrew Low, Yupeng Zhang, Ari Juels, and Dawn Song. Churp: Dynamic-committee proactive secret sharing. In CCS, pages 2369-2386, 2019. Google Scholar
  40. Gary L Miller. Riemann’s hypothesis and tests for primality. Journal of Computer and System Sciences, 13(3):300-317, 1976. Google Scholar
  41. Dimitrios Papadopoulos, Duane Wessels, Shumon Huque, Moni Naor, Jan Včelák, Leonid Reyzin, and Sharon Goldberg. Making nsec5 practical for dnssec. Cryptology ePrint Archive, 2017. Google Scholar
  42. Krzysztof Pietrzak. Simple verifiable delay functions. In ITCS, pages 60:1-60:15, 2019. Google Scholar
  43. Michael O Rabin. Probabilistic algorithm for testing primality. Journal of Number Theory, 12(1):128-138, 1980. Google Scholar
  44. Michael O. Rabin. Transaction protection by beacons. Journal of Computer and System Sciences, 27(2):256-267, 1983. Google Scholar
  45. Mayank Raikwar and Danilo Gligoroski. Sok: Decentralized randomness beacon protocols. arXiv preprint arXiv:2205.13333, 2022. Google Scholar
  46. Philipp Schindler, Aljosha Judmayer, Markus Hittmeir, Nicholas Stifter, and Edgar Weippl. Randrunner: Distributed randomness from trapdoor VDFs with strong uniqueness. In NDSS 2022, 2021. Google Scholar
  47. Philipp Schindler, Aljosha Judmayer, Nicholas Stifter, and Edgar Weippl. Hydrand: Efficient continuous distributed randomness. In IEEE S&P, pages 73-89, 2020. Google Scholar
  48. Victor Shoup. Practical threshold signatures. In EUROCRYPT 2000, pages 207-220, 2000. Google Scholar
  49. Ewa Syta, Philipp Jovanovic, Eleftherios Kokoris Kogias, Nicolas Gailly, Linus Gasser, Ismail Khoffi, Michael J Fischer, and Bryan Ford. Scalable bias-resistant distributed randomness. In IEEE S&P, pages 444-460, 2017. Google Scholar
  50. VeeDo is a STARK-based verifiable delay function (VDF) service. URL:
  51. Benjamin Wesolowski. Efficient verifiable delay functions. In EUROCRYPT, pages 379-407, 2019. Google Scholar
  52. Zheng Xue, Di Wu, Jian He, Xiaojun Hei, and Yong Liu. Playing high-end video games in the cloud: A measurement study. IEEE Trans. Cir. and Sys. for Video Technol., 25(12):2013-2025, 2014. Google Scholar