Presenting Quantstamp’s ETHDenver Beacon Chain Simulator

Quantstamp Announcements
July 23, 2019

This year, members of the Quantstamp team and some of our friends participated in the ETHDenver Hackathon. Our CEO Richard Ma, Poming Lee (myself), Nathan Frenette and Derek Alia entered the hackathon as “Beacon Thugs and Harmony” and hacked away at an implementation of the ETH 2.0 Beacon Chain.

The Beacon Chain is Core ETH2.0 Infrastructure

The beacon chain plays an integral role in ETH2.0 infrastructure and is scheduled to be the first part of ETH2.0 to be implemented. One of the functions of the beacon chain is to randomly select a “committee” of eligible validators that propose and validate blocks on both the beacon chain and shard chains. The beacon chain accomplishes this random selection by producing an unbiased, unpredictable and verifiable number through the RANDAO + VDF process.

ETH 1.0 Blockchain: Randomly Selecting Block Proposers in Proof of Work

Generating a truly random number is a challenging problem. It is important that block proposers are selected in a random fashion in order to prevent these same proposers from tampering with blockchain data. In proof of work, this is achieved through brute force. The only way to game the system and enhance your chances of selecting the “golden nonce” is to add more hashpower to the network.

In Ethereum’s planned 2.0 upgrade, Ethereum aims to eliminate proof of work in order to scale transactions and eliminate “redundant” computations by distributing computational work over shards. In order to fairly and securely select block producers without proof of work, Ethereum 2.0 is selecting validators using a random number generated by the RANDAO + VDF process.

ETH 2.0 Blockchain: Randomly Selecting Block Proposers in Proof of Stake With A Random Seed Generated Via the RANDAO + VDF process

In order to fairly select the next committee of validators for Ethereum 2.0, all of the active validators from the current committee participate in a random number generation process in order to produce an “unbiased” random number. The random number generation can be broken up into two parts: the RANDAO and the VDF.

‍‍‍The RANDAO generates a random number that can be biased by the last revealer.


The RANDAO works via a commit reveal scheme. The current committee of validators each submits a hash of a locally produced secret to the beacon chain. After all hashes are collected, the reveal stage begins: validators submit their locally produced secret to the beacon chain in a predetermined sequence. After each secret is sequentially revealed, the beacon chain performs the XOR operation on the validators revealed secrets. If a validator chooses not to reveal their secret, the beacon chain XORs a 0 in place of their secret.  

The Last Revealer Attack

If we just relied on the RANDAO for random number generation, we would be vulnerable to what is known as the last revealer attack. The RANDAO has entropy that can be biased by the last validator to submit their secret. The last validator can choose between one of two different random numbers by choosing to either reveal their secret or to hold it.

‍‍‍The Verifiable Delay Function (VDF) aims to generate an unbiased random number by preventing the last revealer from biasing the results.

Using a Verifiable Delay Function to Counter the Last Revealer Attack

Without the Verifiable Delay Function (VDF), the last revealer can bias the selection of the next committee of validators that will finalize blockchain data. In order to prevent this attack, the beacon chain submits the entropy produced by the RANDAO algorithm into the VDF.

The VDF is an algorithm that uses the biasable random number generated by RANDAO as an input to generate an output that is a truly random number. The VDF accomplishes this by putting the RANDAO’s biasable random number through a series of computations that intentionally take a long time to generate the output. The VDF intentionally uses time-intensive computations to generate the output so that the last revealer in the RANDAO process can no longer bias the final result.

The Difficulties We Encountered Following the Specification

Initially, our goal was to implement a beacon chain simulator that was 100% based on the specification. However, after realizing that there is no single, complete, detailed algorithmic description to the beacon-chain, we decided to implement the simulator as faithfully as we could to the “spirit” of the information found in the documents. 

It took our team, composed of one Computer Science PhD and three professionals in the field, over 50 cumulative hours to come up with a coherent idea of what a beacon-chain is and how it works. During this time, we traced the references listed below, had discussions, guessed the undescribed details, and solved conflicts between the references.

List of References that Helped Us Piece Together the Beacon Chain Spec:

A picture of Poming Lee (the author of this post) and teammate (Nathan Frenette) hacking away at the beacon chain implementation.

Presenting Quantstamp’s ETHDenver Beacon Chain Implementation

You can access our beacon chain simulator and the interactive front end we developed for it via the links below:

How to Use Our Implementation to Improve ETH2.0

The development of Ethereum 2.0 is a community effort. In that spirit, we have some suggestions on how you can carry the torch and use our implementation to conduct experiments that can improve Ethereum. Developers can experiment with the parameter set up in order to optimize it or to discover potential security issues. After spending a small period of time reviewing the code, developers can also add or change modules written in the simulator, or make significant modifications that cater to their own understanding of how the beacon-chain should function.

If you conduct an experiment and find anything interesting, please let us know.

Making It Easier for Others to Experiment with our Beacon Chain Implementation

Developers can also improve upon this implementation by making it easier for users to experiment with the parameters setup. This can be done by integrating the front end (GUI) we provided to the back end simulator so that they can work in an online fashion (currently the experimental result is generated offline and should be manually fed to the front end GUI). Improving the back end experimental logic would also be helpful. Adding an auto-setup script for running the entire project locally would also be ideal for experimentation. It will make the simulator a lot easier for developers to play with.

Team Beacon Thugs and Harmony enjoying some pizza during the hackathon.

Written by Poming Lee, PhD and Security Auditor at Quantstamp

October 7, 2019

You are Invited to the Quantstamp Security Assurance Protocol Beta Test

Thank you for participating in the beta-testing phase of the Quantstamp Assurance Protocol. Help us collect feedback in order to make improvements.

October 4, 2019

How to Use DeFi Safely

With eye popping interest rates on lending platforms, it’s never been more tempting to put assets into some of the promising new #DeFi applications out there today. But is security an issue? Dr. Poming Lee, Security Engineer with Quantstamp, explains how to keep your funds safe when using DeFi.

October 1, 2019

Quantstamp Community Update - September 2019

Quantstamp Blue Paper upcoming, securing #DeFi, the latest Forbes Tech Council article, and more.Here’s what’s been going on at Quantstamp in September:

September 25, 2019

Quantstamp Enhances Security of Blockchain Certified Sports Memorabilia

On Monday, September 9th, BlockStar, a company authenticating real-world goods using blockchain technology, and DeMarchi, the iconic cycling apparel brand established in 1946, sold the world’s first blockchain certified replica of Fausto Coppi’s 1953 De Marchi Jersey for $10,500. Quantstamp facilitated the success of this sale by enhancing the security of the blockchain components and the website used to conduct the auction.