How It Works

Commit-Reveal² Protocol

Overview

Commit-Reveal² is a randomness generation protocol designed for blockchain systems. It addresses key challenges in secure and fair randomness generation by introducing a layered Commit-Reveal² structure combined with a hybrid on-chain/off-chain approach. This protocol not only enhances fairness and security but also achieves significant cost reductions, making it ideal for decentralized applications such as validator selection, lotteries, and resource allocation.

Problem to Solve

Existing randomness generation methods often face two critical issues:

  • Last Revealer Attack: The final participant in a Commit-Reveal protocol can choose to reveal or withhold their secret, manipulating the random output to their advantage.
  • High On-Chain Costs: Purely on-chain solutions incur substantial gas costs, limiting scalability and practicality for decentralized systems.

Core Mechanism

Commit-Reveal² tackles these problems through a commit-reveal² process and a hybrid model:

  • Randomized Reveal Order: Commit-Reveal² uses the commitments to determine the sequence for secret revelations in the second round. This randomization minimizes the impact of the last revealer attack, ensuring fairness and unpredictability.
  • Hybrid Design: Storage-heavy operations, such as storing commits and reveal orders, are handled off-chain by participants and the leader node. Only critical operations, such as verifications, occur on-chain, significantly reducing gas usage while maintaining transparency.
  • Security: The protocol binds each participant’s secret to commitments (coi and cvi), ensuring integrity and preventing manipulation. Randomness is generated by securely combining these secrets in the verified order.

Protocol Flow Description

Commit-Reveal² Protocol Flow

The Commit-Reveal² protocol is designed with three distinct phases—Commit, Reveal-1, and Reveal-2—to securely and verifiably generate random numbers while minimizing the risk of manipulation, such as the last revealer attack. The hybrid model leverages off-chain computations to optimize gas costs while maintaining cryptographic integrity and transparency.

Commit Phase

In this phase, participating nodes generate a secret and compute commitment values: coi and cvi. These commitments are sent to the leader node, which verifies and constructs a Merkle Root, storing it on-chain.

Reveal-1 Phase

Nodes partially reveal their commitments by broadcasting coi values off-chain. The leader node validates these partial reveals and determines the order in which nodes will reveal their full secrets in the next phase.

Reveal-2 Phase

Nodes reveal their secrets in the pre-determined reveal order. The leader node verifies the revealed secrets and combines these secrets in the reveal order to generate the final random number. This ensures fairness and transparency in the random number generation process.

Manuscript for Details

Dive deeper into the protocol, its implementation, and its benefits:

Commit-Reveal² Protocol Manuscript →

By combining cryptographic rigor with an efficient hybrid design, Commit-Reveal² offers a scalable, cost-effective solution for blockchain-based randomness generation.

Picture of the author

Tokamak Network