Unruggably Fair Lotteries: Inside LottoPGF’s Tech Stack

LottoPGF’s permissionless integration makes onchain lotteries viable at scale for the first time through novel randomness technology. And it does so while flipping the script on degenerate-gambling-tech™, putting it to use as a capital formation mechanism for public goods funding.

In this piece, we’ll pop open the hood on our integration so you can peek into LottoPGF’s unique tech stack, get a sense of how it has evolved and what’s on the horizon for randomness tech – as well as why we believe the future looks a whole lot luckier.

Let’s get into it!

Order in Chaos?: Why randomness matters

Drand software engineer and Randamu co-founder, Patrick McClurg, handily describes a random number as one that “cannot be guessed at a rate better than chance”. But how is randomness generated and why does it even matter?

Lottery draws and raffles may be among the more obvious use cases for randomness. But it has long been an established feature of the incumbent social coordination layer; for example, in jury selection by the Courts of Law, scientific research through Randomised Controlled Trials, and even wifi’s WPA2 security protocol – among other applications.

While the role of randomness in society is nothing new, at OttoDAO, we believe we’re on the cusp of an inflection point, as coordination through peer-to-peer networks continues to scale.

A pivotal moment in the ongoing people’s movement to reclaim power, Bitcoin’s SHA-256 hash function empowered anyone to take sovereign control of their finances for the first time by enabling them to spin up a disintermediated wallet for peer-to-peer transactions. It does this by generating a private key made up of a random number that sits anywhere between zero and two to the power of 256 – a figure that’s roughly in the order of magnitude of the number of atoms in the observable universe.

Essentially, Bitcoin is powered by randomness. But, nobody else should really know the randomness you generate (unless you don't mind losing your crypto). The important thing is that you are content that the private key you generated actually satisfies your entropy requirements. This is an example of what we like to call 'private randomness'.

At Fairy, and more recently at LottoPGF, we’ve been doubling down on blockchain-native advances in ‘public randomness’. When deployed onchain using publicly verifiable randomness, applications that currently operate on a ‘trust me, bro’ trust model – like current state-monopolised lotteries – become “unruggably fair” (to quote core contributor, Kevin Charm).

What that means is that public randomness ticks the box for the random 'enough', i.e. it satisfies a uniform distribution, among other things, giving participants a way to mathematically check the produced randomness against committed public information (such as a public key).

If you ask us, lotteries are up there in terms of unique use cases for blockchains. And LottoPGF has been active in helping push the movement forward on Ethereum. But, we’re only just getting started…

Next up, let’s explore some of LottoPGF’s recent contributions, and where – with your help – we hope to take things in the future.

Lifting the Lid on LottoPGF’s Tech Stack

LottoPGF’s tech stack features two main components:

1.  Publicly verifiable randomness.

2.  Lottery drawing logic (aka how the winning numbers are picked).

Here’s what we’ve been discovering on each side of the permissionless lottery equation.

Publicly Verifiable Randomness

Verifiable Randomness Functions (VRFs) are currently our best source for cryptographically generated random numbers. However, we do love a good trilemma in web3. VRFs can be publicly verifiable (no risk of manipulation), censorship-resistant or collusion-proof (no possibility to predict all future randomness). But, as it stands, you can only pick two.

LottoPGF opted to build on the League of Entropy’s drand software. Accepting the trade-off of potential collusion, drand makes it possible for anyone to verify the randomness of their numbers by enabling users to query their relays (API endpoints that return a random number) and associated signatures through its public random beacon. The risk is mitigated by the strong reputation of the members of the League of Entropy together with the high threshold of signatures required to collude.

Although it runs like a dream on Scroll, drand originally operated on a curve unsupported on the EVM (BLS12-381). Using drand on the EVM, particularly on L2s, was complex and inefficient, and just… no bueno.

LottoPGF core contributor, Kevin Charm, with the help of a hive mind of applied cryptographers and fellow engineers, changed that, by implementing a new BN254 curve.

Bringing drand to the EVM represents a significant step towards LottoPGF’s vision of a cypherpunk new internet by giving us a VRF that serves our purposes, even if it comes with a trade-off. But it also served as a serendipitous stepping stone for our longer-term goals; one that is set on achieving the endgame in publicly verifiable randomness: Accessible and permissionless Verifiable Delay Functions (VDFs).

VDFs promise to solve the VRF trilemma by offering a cryptographically verifiable randomness solution that is both fully permissionless and collusion-proof. Making them widely accessible would create massive unlocks onchain.

As well as its application in lottery primitives, potential use cases include higher-efficiency consensus mechanisms and proofs of data replication (great for decentralised data storage), as well as networks that are made fairer, and better-secured, through improved randomness.

To this end, the Ethereum Foundation, Protocol Labs, and Supranational have made huge strides with a VDF ASIC prototype under development.

While developing drand’s new BN254 curve for use on Scroll’s zkEVM, the LottoPGF team were put in touch with the Ethereum Foundation’s Justin Drake. Following a few conversations and a face-to-face with Justin in London, we’re proud and excited to share that core-contributor Kevin Charm now holds a VDF ASIC device of our own to work with.

Alongside funding and stewarding R&D into novel capital formation mechanisms, one of the main priorities for OttoDAO will be to continue collaborating on making a viable, cost-efficient VDF ASIC available for widespread adoption.

Lottery Drawing Logic? In this economy?

Decentralised, trustless, and publicly verifiable randomness – through inputs that are publicly stored and made verifiable onchain, and outputs that are recorded on the immutable ledger – is more a ‘nice-to-have’; it has the potential to become the lynchpin in a more secure, fairer, and more scalable EVM ecosystem.

But the reason we have seen lamentably few attempts to run lotteries on Ethereum is most likely due to more pressing issues.

If offchain lottery operators can’t verifiably prove they’re not scamming us, onchain providers have been scamming themselves through wild inefficiencies and gas costs that can easily run into the tens of millions.

Under these conditions, lotteries are bound to remain the prerogative of State-run institutions or a small handful of protocols with deep pockets.

Luckily, LottoPGF has a fix for that: Writing smart contracts on Ethereum requires novel solutions, and that's where we like to innovate.

The main culprits behind these runaway gas fees were the Fisher-Yates algorithm (typically) used to pick winners, which requires many expensive storage operations to execute.

An obsession with randomness, and how to bring it to the people, meant LottoPGF couldn’t accept the current state of play. Instead, our core contributors got comfortable exploring the bleeding edge of cryptography to find a viable workaround.

And with the stateless shuffle, we found it.

Whereas the standardly used Fisher-Yates algorithm relies on maintaining state in order to sequentially swap elements within an array, the stateless shuffle (as the name suggests) doesn’t. Instead, with our VRF-generated random seed, we can instantly shuffle lists by bijectively (one-to-one) mapping the original index to a shuffled index. In other words, the algorithm allows us to lazily interact with a shuffled list that contains no duplications.

Specifically, we use the Feistel shuffle as our stateless shuffle of choice. Although on the more arcane side of cryptography, it was a candidate algorithm for validator selection in ETH PoS (but was not used in favour of the Swap-or-Not algorithm). More recently, our optimised Feistel shuffle Solidity library was included in the audit of the 2024 Devcon Raffle. We're excited to bring this new primitive onchain and look forward to seeing it adopted in more onchain applications in the future!

More generally, we’re excited by the flourishing of new primitives that allow us to build in ways that weren’t possible before - like LottoPGF’s lottery integration that serves as a permissionless capital formation mechanism. But in the infinite garden, the sky’s the limit. Imagine harnessing randomness to fairly scale Universal Basic Income or using it to call upon community members to participate in irl civic duties or governance - Athenian democracy 2.0-style…What do you want to code into being?

…That’s a Wrap (for now)!

As a DAO we get our kicks from keeping the internet cypherpunk. And we have the privilege to collaborate with some of the brightest minds in the space who share that vision.

We’d love you to join us! Through OttoDAO, we dream of bringing regen-degen fam together to continue working on lotteries and novel PGF mechanisms, while helping turn accessible VDFs into a reality.

We’d love to hear your questions, thoughts or comments on what you’re working on and how it connects to anything we’ve shared here.

If you just want to get going with your own lottery integration for public goods funding, jump on our waitlist and be the first one to deploy one and fund what matters!

As ever, thanks for reading. Keep building and see you onchain!

gn

Subscribe to otto
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.