ARPA Threshold BLS Random Number Generator Design

The random number has been used for everything from cryptography to lotteries and games. Blockchains also have a close relationship with randomness because they seek fairness from it. The widely deployed Proof-of-Work consensus protocol is built on a cryptographical quest that searches for specific random values. The blossoming dapps, such as on-chain lottery or NFT blind boxes, rely on unbiasedly random inputs to provide a more credible experience. Therefore, ARPA would like to build a secure, robust, and verifiable decentralized random number generator (RNG) to serve essential randomness to the blockchain world.

Trustless Randomness

Uniqueness & Determinacy

Uniqueness is a stricter requirement than determinacy. Determinacy only requires that the random generation procedure involves no randomness. In comparison, uniqueness needs to convince the consumers that the random number is not biased. For example, ECDSA can be redefined to satisfy determinacy but not uniqueness.



Threshold BLS Signature

Table 1. Comparison across verifiable random number generation

The construction of threshold BLS is pretty like executing BLS in a multi-party computation (MPC) way. Given a set of computation nodes involved in ARPA verifiable RNG, the secret key shares are distributed by Feldman’s verifiable secret sharing scheme in the key generation phase. Then each party computes and broadcasts their public key shares. The group public key can be recovered from those shares by Lagrange’s interpolation. This key represents the identity of this node set and verifies the random number generated. During the lifetime of the RNG, group secret key will never be recovered, both in key generation and random number generation.

Figure 1. Original BLS vs. Threshold BLS

Thanks to the bilinearity of pairings, the random number generation phase is the same as the original BLS signature. Upon receiving the seed, each node computes its random number share locally and broadcasts. After the legitimacy of these shares is validated, they are aggregated by interpolating. The final result is the threshold BLS signature of the seed and then can be verified by the group public key. It should be noted that the result remains the same no matter which subset of nodes contributes the random number shares.

ARPA Decentralized RNG Architecture

System Robustness

Then we can calculate the tolerable node failure at different group size given an around 0.01% system failure ratio. It can be seen that the ratio will be reduced by increasing the group size.

Table 2. Tolerable node failure vs. system failure

Besides mathematical analysis, an affiliated ecosystem can help to encourage participation and punish malicious acts.

About ARPA

Developers can build privacy-preserving dApps on blockchains compatible with ARPA. Some immediate use cases include: credit anti-fraud, secure data wallet, precision marketing, joint AI model training, key management systems, etc. For example, banks using the ARPA network can share their credit blacklist for risk management purposes without exposing their customer data or privacy.

Team members have worked at leading institutions such as Google, Amazon, Huawei, Fosun, Tsinghua University, Fidelity Investments. ARPA is currently assisting the China Academy of Information and Communications Technology in setting the national standard for secure multi-party computation. ARPA is a corporate member of MPC Alliance and IEEE and is in partnership with fortune 500 companies to implement proofs-of-concept and MPC products. In 2019, ARPA was named the Top 10 most innovative blockchain companies in China by China Enterprise News and China Software Industry Association.

For more information about ARPA or to join our team, please contact us at

Learn about ARPA’s recent official news:

Telegram (English):

Telegram (Việt Nam):

Telegram (Russian):

Telegram (Indonesian):

Telegram (Turkish):

Telegram(Sri Lanka):


Korean Chats: (Kakao) & (Telegram, new)


Twitter: @arpaofficial



ARPA is a privacy-preserving blockchain infrastructure enabled by MPC. Learn more at