Night Life Crypto

Generating Random Numbers using Blockchain Technology for Gaming

Nicole Cai, Tony Nguyen, and Paul Whitman


1. Introduction

This paper addresses two decentralized blockchain gaming uses: a transaction-level PRNG and block-level PRNG systems.

These solutions have the characteristics of generating random numbers that are:

  1. Not determined by the miner
  2. Not biased toward the smart contract invoker
  3. Not biased toward the game master
  4. Eventually uniformly distributed

2. Ride smart contracts

2.1 Complexity cost

Ride v4 scripts have a fixed complexity limit of 4000 (Waves, n.d.). The following table contains several RNG-related functions and the associated complexity cost.

Selection of a PRNG mechanism for a game of chance must be balanced with the complexity cost. If a PRNG is too complex (e.g., NIST HMAC_DRBG which consumes 4 hash function calls per round (Barker and Kelsey, 2015: 92)), there will not be enough complexity remaining to implement the game.

2.1 Complexity limitations

Ride is non-Turing complete (Waves, n.d.) and lacks a loop function (e.g., for, while/do, do/while). The FOLD<N> macro is available and enables operations on a list of values against an accumulator.

2.2 Selected hashing function

The SHA-256 hashing function was selected for the following properties:

1. Collision resistance: It is the computational infeasibility of finding two different inputs to the hash function that have the same value (Dang, 2012).

2. Preimage and second preimage resistance: Given hash_value, it is computationally infeasible to find such that hash(x) = hash_value or find a second input x (Dang, 2012).

3. Availability in Ride: The SHA-256 range of functions are natively available in Ride (Waves, n.d.).

2.3 Miner impact on randomness

As both methodologies utilize the signature of miners, there is a relationship between the source of entropy and the number of miners and/or distribution of blocks within the network.

BLAKE2b-256 hashing function is used to generate block signatures in Waves (Waves, n.d.). This hashing function also has the properties of collision resistance and preimage/second preimage resistance (Chang, S.-J. et al., 2012).

3. Sources of Entropy

4. Transaction-level PRNG

A transaction-level PRNG assumes that a random number must be generated and returned within the same user transaction.

All variables beside those calculated or determined by the miner or the specific block are unsuitable as they can be pre-calculated. Therefore, the most appropriate source of entropy is the generation signature which uses the signature of the VRF of the block (Waves, 2019). However, miners can choose not to publish the results of the block and trigger a “re-roll”. As such, miners should be economically disincentivized.

To mitigate the opportunity of a miner utilizing their advantage multiple times in a block (i.e., via broadcasting more than 1 transaction within the same block), a transaction-level computed variable should be incorporated (the suggested being the transaction ID).

The following formula can be used to generate random numbers within a single transaction:

𝑅𝐴𝑁𝐷 = (𝑆𝐻𝐴256(𝑇𝑟𝑎𝑛𝑠𝑎𝑐𝑡𝑖𝑜𝑛𝐼𝑑 || 𝐺𝑒𝑛𝑒𝑟𝑎𝑡𝑖𝑜𝑛𝑆𝑖𝑔𝑛𝑎𝑡𝑢𝑟𝑒)) % 𝑀𝐴𝑋_𝑅𝐴𝑁𝐺𝐸 (1)

4.2 Calculating the miner advantage

By using a combination of entropy sources, advantage to either party can be eliminated. However, this is not the case for transaction-level PRNG as it inherently gives an advantage to the miner with a “re-roll”. This should be economically mitigated by ensuring the probabilistic advantage does not exceed the miner punishment for denying the block causing a “re-roll”. The miner advantage can be calculated with the following formula:


((𝐵𝑃 ∗ 𝑃𝑃)! − 1) (𝐵𝑃 ∗ 𝑃𝑃) − 1 L



BP = Miner assignment probability

𝑃𝑃 = The payout probability of the game MB = Max bet size

BR = Block reward n = Number of “rolls”

MAX_BET = max_bet that can be taken by a miner in a transaction POR = Payout ratio i.e., 1:1

EP = Extra punishment for abuse (i.e., potential for leasers to un-lease)

Suppose the outcome of a coin flip is wagered where the maximum bet size is $1 and the winning payout doubles the bet. If the miner has a 20% chance of being allocated a block, the calculation would be:

$1 ∗ 1 ∗ I0.5 ∗

(0.2 ∗ 0.5)”## − 1

(0.2 ∗ 0.5) − 1 L (1)

In this case, the miner’s opportunity cost on rejecting the block must be > $0.555*.

5. Block-level PRNG

5.1 Commitment scheme

A commitment scheme (or “Commit and Reveal”) is a pattern that enables multiple parties to assert a statement without it being immediately visible and then revealing the values to all parties at a later point. As a random number generator can span across transactions and blocks to allow multiple participating parties to interact, it is possible to remove the miner bias. This methodology is used in several PRNG reliant blockchain games today (Axiomzen, 2019).

5.2 Using the game state to generate random numbers

Fair pseudorandom number generators can be achieved by maintaining a game state that is stored across multiple blocks. This methodology works as follows:

1. Commitment: Game master commits a randomized string © to the game state to begin a new game.

2. Betting phase: The betting phase (BP) begins for any quantity of blocks from the transaction of commitment.

3. Miner signing: The block before the end of the game is signed by the miner (Sig(𝐵!)).

4. Reveal: Once all betting is complete, the game master reveals their verifiable signature (Sig(c)) which is hashed with the signature of the block before the end of the game to generate a random number.

Figure 1. Example of block-level PRNG implemented across 3 blocks.

This methodology assumes there is no collusion between the miner and game master as they would represent two opposite parties in a game (one being the winner and one being the loser). Everyone can verify the revealed signature using a Public Key stored within the dApp data (PublicKey(Sig)).

The game master cannot change the committed answer to influence the outcome, and the miner does not know the outcome when committing their signature. Therefore, this methodology meets the criteria:

1. Not biased toward the miner

2. Not biased toward the smart contract invoker

3. Not biased towards the game master.

A* as defined by the period within the final block before the generating transaction can be also used as the betting phase if the game master does not have an inherent interest in also winning the game. If the game master has an inherent interest, during the commit phase they would know the signature of the previous block and could pre-calculate the outcome during phase A*.

Multiple random number generation

In some games, multiple random numbers may be required from one entropy source. Using the techniques described in section 4 and 5 and the multiplicative group modulo p (Ireland, 2013), multiple numbers can be generated. This methodology is as follows:

1. Determine the MAX_RANGE of a random number.

2. Find a prime number (p) that satisfies the equation:

𝑃 = 𝐽 ∗ 𝑄 + 1

J = Large even number Q = Prime number


3. Use the technique from section 4 or 5 to generate a random number R.

4. Convert R to H such that H satisfies:

1 < 𝐻 < 𝑃 − 1 (2)

This can be done by using H = R % (P−1); if H < 2, R = HASH(R) and repeat.

5. Apply the formula below, incrementing j for every additional random number to be generated.

𝑅𝐴𝑁𝐷$ = 𝑆𝐻𝐴256(𝐻$(𝑚𝑜𝑑 𝑃)) % 𝑀𝐴𝑋_𝑅𝐴𝑁𝐺𝐸 (3)


To generate multiple numbers in a single transaction that meets the criteria:

The follow equation can be used:

0 < 𝑅𝐴𝑁𝐷 < 65 (1)

𝑅𝐴𝑁𝐷” = 𝑆𝐻𝐴256(𝐻% (𝑚𝑜𝑑 𝑃)) % 64 + 1 (2)

𝑅𝐴𝑁𝐷% = 𝑆𝐻𝐴256(𝐻& (𝑚𝑜𝑑 𝑃)) % 64 + 1 (3)


P = 17729

J = 64

Q = 277

H = (𝑆𝐻𝐴256(𝑇𝑟𝑎𝑛𝑠𝑎𝑐𝑡𝑖𝑜𝑛𝐼𝑑 || 𝐺𝑒𝑛𝑒𝑟𝑎𝑡𝑖𝑜𝑛𝑆𝑖𝑔𝑛𝑎𝑡𝑢𝑟𝑒)) % 17728 (4)

Terms and Definitions

Project Website & Socials Website: Twitter: Discord: Telegram: Flote: Medium: Bittube: Facebook: Youtube: Reddit: Bitcointalk: NLIFE Casino: BSC Contract Address: 0x86cbBEDCa621Ae78a421A40365081cAafDA24296 Coingecko: CoinPaprika: Dextools: Pancakeswap:

Night Life Crypto












Barker, E. B. and Kelsey, J. M. (2015) Recommendation for random number generation using deterministic random bit generators. National Institute of Standards and Technology.

Chang, S.-J. et al. (2012) Third-round report of the SHA-3 cryptographic hash algorithm competition. Gaithersburg, MD: National Institute of Standards and Technology.

Dang, Q. H. (2012) Recommendation for applications using approved hash algorithms. Gaithersburg, MD: National Institute of Standards and Technology.

Ireland, D. (2013) The multiplicative group modulo p, DI Management Services. Available at: (Accessed: May 28, 2021).

Rigged online gambling network busted in Italy (2016) GGB News. Available at: (Accessed: May 28, 2021).

Waves Technologies (2019) WEP 8: Adding VRF in Consensus, Available at: (Accessed: May 28, 2021).

— (n.d.) About Ride, Available at: computational-cost (Accessed: May 28, 2021).

— (n.d.) Generation signature, Available at: (Accessed: May 28, 2021).

— (n.d.) Limitations, Available at: (Accessed: May 28, 2021).

— (n.d.) Sha256, Available at: functions/hashing-functions (Accessed: May 28, 2021).