provable-things/ethereum-api

Is TEE random protected from bruteforce?

k06a opened this issue · 3 comments

k06a commented

Is "random" data source protected from manipulation by being requested in TEE multiple times until the result fits oracle needs?

I believe your concern is surrounding the random datasource, and how it may withstand against a malicious operator, that just keeps recalling it until it generates a wanted/positive result for the operator or beneficiary?

We have a whitepaper outlining security implications and mitigations, and it is covered on pg 17 under Generating Multiple Values at https://provable.xyz/papers/random_datasource-rev1.pdf

To summarize, there is a mechanism within the TEE that ensures it only ever generates randomness, once, for any query id.

k06a commented

@D-Nice thanks, but does it mean query_id is known at the moment of randomness request and could be precomputed. I mean query_id could be precomputed and random could be precomputed. For example, last bet maker could precompute query_id and TEE random. Is not it?

This is where the commit scheme comes into play, and for a properly chosen commit data, which by default is aspects of the block, such as the block hash etc... it stops this precomputation attack you speak of. Of course, the commit data can be freely strengthened even more, by allowing some user input on it or other variables.

Without the exact commit data known by the operator at the time of that queryId, they cannot pre-compute it. Again, the paper covers these points in detail and I recommend referring to it.