With DPOS we have 100 nodes that should have near 99.9% uptime which means we can reliably produce a secure random number assuming just 1 out 100 is honest.
hash secret; // HASH( S[n] ) where n is the index in the array of secrets generated by this delegate
hash revealed_secret; // S[n-1]
For each block add a header field containing HASH(S[n]) where S[n] is a secret to be revealed next time this delegate produces a block. Also include in the header S[n-1].
We now have a stream of secrets being revealed once per block (15 to 30 seconds)... from this stream of secrets we can generate the random number R for the block as:
if( first_block_produced_by_delegate ) then Block[HEAD].revealed_secret = 0
ASSERT( HASH( Block[HEAD].revealed_secret) == GetLastBlockProducedByDelegate(Block[HEAD].delegate_id).secret )
R = HASH( Block[HEAD].revealed_secret )
for( uint32_t i = 1; i < 100; ++i )
R = HASH( Block[HEAD-i].revealed_secret + R) // where + is concat
R = random number generated this block...
Every R is calculated from secrets introduced by all 100 delegates that were revealed after they committed to them. If even one of the 100 delegates is honest then the resulting R is truly random.
if a delegate I call delegate A is the in the end of one round , then he know what is he turn in next round, it is right ? and he have 1/101 chance that he is in the first turn in next round ,
I describe it as
A|A . "|" mean the the dividing line between rounds.
it mean delegate A can control the random number of first block of next round (1/101 chance). when this produce end block of previous round .
if one person control N delegates
they have big chance to control the random NO.
control the random NO first block in next round , describe it as
A|N chance is N/101
the base reason of this type attack is that , the interval between delegate publish the hash of secret random and reveal the secret hash. if the interval is zero all the interval delegate are controlled by one person , then there is other random to influence the random,