Presenting Quantstamp’s ETHDenver Beacon Chain Simulator

Quantstamp Announcements
July 23, 2019

This year, members of the Quantstamp team and some of our friends participated in the ETHDenver Hackathon. Our CEO Richard Ma, Poming Lee (myself), Nathan Frenette and Derek Alia entered the hackathon as “Beacon Thugs and Harmony” and hacked away at an implementation of the ETH 2.0 Beacon Chain.

The Beacon Chain is Core ETH2.0 Infrastructure

The beacon chain plays an integral role in ETH2.0 infrastructure and is scheduled to be the first part of ETH2.0 to be implemented. One of the functions of the beacon chain is to randomly select a “committee” of eligible validators that propose and validate blocks on both the beacon chain and shard chains. The beacon chain accomplishes this random selection by producing an unbiased, unpredictable and verifiable number through the RANDAO + VDF process.

ETH 1.0 Blockchain: Randomly Selecting Block Proposers in Proof of Work

Generating a truly random number is a challenging problem. It is important that block proposers are selected in a random fashion in order to prevent these same proposers from tampering with blockchain data. In proof of work, this is achieved through brute force. The only way to game the system and enhance your chances of selecting the “golden nonce” is to add more hashpower to the network.

In Ethereum’s planned 2.0 upgrade, Ethereum aims to eliminate proof of work in order to scale transactions and eliminate “redundant” computations by distributing computational work over shards. In order to fairly and securely select block producers without proof of work, Ethereum 2.0 is selecting validators using a random number generated by the RANDAO + VDF process.

ETH 2.0 Blockchain: Randomly Selecting Block Proposers in Proof of Stake With A Random Seed Generated Via the RANDAO + VDF process

In order to fairly select the next committee of validators for Ethereum 2.0, all of the active validators from the current committee participate in a random number generation process in order to produce an “unbiased” random number. The random number generation can be broken up into two parts: the RANDAO and the VDF.

‍‍‍The RANDAO generates a random number that can be biased by the last revealer.

The RANDAO

The RANDAO works via a commit reveal scheme. The current committee of validators each submits a hash of a locally produced secret to the beacon chain. After all hashes are collected, the reveal stage begins: validators submit their locally produced secret to the beacon chain in a predetermined sequence. After each secret is sequentially revealed, the beacon chain performs the XOR operation on the validators revealed secrets. If a validator chooses not to reveal their secret, the beacon chain XORs a 0 in place of their secret.  

The Last Revealer Attack

If we just relied on the RANDAO for random number generation, we would be vulnerable to what is known as the last revealer attack. The RANDAO has entropy that can be biased by the last validator to submit their secret. The last validator can choose between one of two different random numbers by choosing to either reveal their secret or to hold it.

‍‍‍The Verifiable Delay Function (VDF) aims to generate an unbiased random number by preventing the last revealer from biasing the results.

Using a Verifiable Delay Function to Counter the Last Revealer Attack

Without the Verifiable Delay Function (VDF), the last revealer can bias the selection of the next committee of validators that will finalize blockchain data. In order to prevent this attack, the beacon chain submits the entropy produced by the RANDAO algorithm into the VDF.

The VDF is an algorithm that uses the biasable random number generated by RANDAO as an input to generate an output that is a truly random number. The VDF accomplishes this by putting the RANDAO’s biasable random number through a series of computations that intentionally take a long time to generate the output. The VDF intentionally uses time-intensive computations to generate the output so that the last revealer in the RANDAO process can no longer bias the final result.

The Difficulties We Encountered Following the Specification

Initially, our goal was to implement a beacon chain simulator that was 100% based on the specification. However, after realizing that there is no single, complete, detailed algorithmic description to the beacon-chain, we decided to implement the simulator as faithfully as we could to the “spirit” of the information found in the documents. 

It took our team, composed of one Computer Science PhD and three professionals in the field, over 50 cumulative hours to come up with a coherent idea of what a beacon-chain is and how it works. During this time, we traced the references listed below, had discussions, guessed the undescribed details, and solved conflicts between the references.

List of References that Helped Us Piece Together the Beacon Chain Spec:



A picture of Poming Lee (the author of this post) and teammate (Nathan Frenette) hacking away at the beacon chain implementation.

Presenting Quantstamp’s ETHDenver Beacon Chain Implementation

You can access our beacon chain simulator and the interactive front end we developed for it via the links below:

How to Use Our Implementation to Improve ETH2.0

The development of Ethereum 2.0 is a community effort. In that spirit, we have some suggestions on how you can carry the torch and use our implementation to conduct experiments that can improve Ethereum. Developers can experiment with the parameter set up in order to optimize it or to discover potential security issues. After spending a small period of time reviewing the code, developers can also add or change modules written in the simulator, or make significant modifications that cater to their own understanding of how the beacon-chain should function.

If you conduct an experiment and find anything interesting, please let us know.

Making It Easier for Others to Experiment with our Beacon Chain Implementation

Developers can also improve upon this implementation by making it easier for users to experiment with the parameters setup. This can be done by integrating the front end (GUI) we provided to the back end simulator so that they can work in an online fashion (currently the experimental result is generated offline and should be manually fed to the front end GUI). Improving the back end experimental logic would also be helpful. Adding an auto-setup script for running the entire project locally would also be ideal for experimentation. It will make the simulator a lot easier for developers to play with.

Team Beacon Thugs and Harmony enjoying some pizza during the hackathon.

Written by Poming Lee, PhD and Security Auditor at Quantstamp

August 21, 2019

EthBerlin Security HelpDesk Details, Security Award & Hosted Points Bonus from Quantstamp + MythX

Quantstamp and MythX are very excited to support EthBerlin this year. If you're participating, come find us at the HelpDesk, your one-stop resource for any security-related inquiries. Need suggestions on more secure code implementations or advice on mitigating certain vulnerabilities? The HelpDesk is available round the clock to offer guidance and assistance throughout the hackathon.

August 13, 2019

Open Sourcing Our Bounty Protocol

We are open sourcing the code for our Bounty Protocol. A bounty protocol is a marketplace for developers to identify bugs in smart contracts that automation cannot detect. The Bounty Protocol has the potential to leverage software engineering talent from around the world to add an essential layer of infrastructure for blockchain security.

July 31, 2019

Join Our Meme Competition

On August 1st, Quantstamp will begin our Meme Competition. Subject to eligibility, the winner of the Meme Competition will receive a Nintendo Switch Console, Mario Kart 8 (game for the Nintendo Switch), a Ledger Nano X, and a copy of our book, Fundamentals of Smart Contract Security!

July 30, 2019

Quantstamp Community Update July 2019

Quantstamp Security Network growth, securing Binance’s first stablecoin, auditing Klaytn, Congressional Blockchain Education Day - it’s been an exciting month at Quantstamp. Here's what's been going on: