{"id":13629622,"url":"https://github.com/drand/drand","last_synced_at":"2025-12-15T01:59:27.087Z","repository":{"id":37797874,"uuid":"100657617","full_name":"drand/drand","owner":"drand","description":"🎲 A Distributed Randomness Beacon Daemon - Go implementation","archived":false,"fork":false,"pushed_at":"2025-10-29T19:11:21.000Z","size":51502,"stargazers_count":783,"open_issues_count":72,"forks_count":127,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-10-29T21:18:17.512Z","etag":null,"topics":["cryptography","golang","hacktoberfest","randomness","randomness-beacon"],"latest_commit_sha":null,"homepage":"https://drand.love","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/drand.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":"COPYRIGHT","agents":null,"dco":null,"cla":null}},"created_at":"2017-08-18T00:49:16.000Z","updated_at":"2025-10-29T19:11:23.000Z","dependencies_parsed_at":"2023-02-17T22:46:00.459Z","dependency_job_id":"40cee4af-085c-4e76-9f9f-c186c95e0a47","html_url":"https://github.com/drand/drand","commit_stats":{"total_commits":951,"total_committers":54,"mean_commits":17.61111111111111,"dds":0.7991587802313355,"last_synced_commit":"db64d38040a7de069a5988d89be6114506be5759"},"previous_names":["dedis/drand"],"tags_count":100,"template":false,"template_full_name":null,"purl":"pkg:github/drand/drand","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drand%2Fdrand","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drand%2Fdrand/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drand%2Fdrand/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drand%2Fdrand/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/drand","download_url":"https://codeload.github.com/drand/drand/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drand%2Fdrand/sbom","scorecard":{"id":331670,"data":{"date":"2025-08-11","repo":{"name":"github.com/drand/drand","commit":"be545f55482084fd75c80457765f26ec482e3c69"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.6,"checks":[{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Code-Review","score":9,"reason":"Found 29/30 approved changesets -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":5,"reason":"3 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":8,"reason":"binaries present in source code","details":["Warn: binary detected: test/regression/drand-1.5.7-linux:1","Warn: binary detected: test/regression/drand-1.5.7-mac:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish_tagged.yaml:22","Warn: no topLevel permission defined: .github/workflows/docker-build.yml:1","Warn: no topLevel permission defined: .github/workflows/generate.yml:1","Warn: no topLevel permission defined: .github/workflows/label-syncer.yml:1","Warn: no topLevel permission defined: .github/workflows/lint.yml:1","Warn: no topLevel permission defined: .github/workflows/publish_tagged.yaml:1","Warn: no topLevel permission defined: .github/workflows/regression.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/tests.yaml:1","Warn: no topLevel permission defined: .github/workflows/toc.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE-APACHE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":6,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Warn: required approving review count is 1 on branch 'master'","Info: codeowner review is required on branch 'master'","Warn: no status checks found to merge onto branch 'master'","Info: PRs are required in order to make changes on branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v2.1.3 not signed: https://api.github.com/repos/drand/drand/releases/228480653","Warn: release artifact v2.1.2 not signed: https://api.github.com/repos/drand/drand/releases/214862752","Warn: release artifact v2.1.1 not signed: https://api.github.com/repos/drand/drand/releases/212472140","Warn: release artifact v2.1.0 not signed: https://api.github.com/repos/drand/drand/releases/201296414","Warn: release artifact v2.0.6 not signed: https://api.github.com/repos/drand/drand/releases/200356855","Warn: release artifact v2.1.3 does not have provenance: https://api.github.com/repos/drand/drand/releases/228480653","Warn: release artifact v2.1.2 does not have provenance: https://api.github.com/repos/drand/drand/releases/214862752","Warn: release artifact v2.1.1 does not have provenance: https://api.github.com/repos/drand/drand/releases/212472140","Warn: release artifact v2.1.0 does not have provenance: https://api.github.com/repos/drand/drand/releases/201296414","Warn: release artifact v2.0.6 does not have provenance: https://api.github.com/repos/drand/drand/releases/200356855"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-build.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/docker-build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/docker-build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/docker-build.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-build.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/docker-build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/generate.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generate.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/generate.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/generate.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/generate.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/label-syncer.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/label-syncer.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/label-syncer.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/label-syncer.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/lint.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/lint.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/lint.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_tagged.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/publish_tagged.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish_tagged.yaml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/publish_tagged.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish_tagged.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/publish_tagged.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish_tagged.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/publish_tagged.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish_tagged.yaml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/publish_tagged.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/regression.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/regression.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/regression.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/regression.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/regression.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/regression.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/regression.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/regression.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/regression.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/regression.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/release.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/release.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/tests.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/tests.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/tests.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/tests.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/tests.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:91: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/tests.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/tests.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:116: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/tests.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/tests.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/tests.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/toc.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/toc.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/toc.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/drand/drand/toc.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:45: pin your Docker image by updating busybox:1-glibc to busybox:1-glibc@sha256:facb103d02c3e0fcf34e272264b7d7deea98e1b2861075d2c9c4dd329d4c1c0d","Warn: downloadThenRun not pinned by hash: .github/workflows/tests.yaml:125","Info:   0 out of  25 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  14 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned","Info:   9 out of   9 goCommand dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/docker-build.yml:9"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3770 / GHSA-vrw8-fxc6-2r93"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-18T03:47:37.827Z","repository_id":37797874,"created_at":"2025-08-18T03:47:37.827Z","updated_at":"2025-08-18T03:47:37.827Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":281713078,"owners_count":26548728,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-29T02:00:06.901Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","golang","hacktoberfest","randomness","randomness-beacon"],"created_at":"2024-08-01T22:01:15.068Z","updated_at":"2025-10-30T17:01:59.373Z","avatar_url":"https://github.com/drand.png","language":"Go","readme":"# Drand - A Distributed Randomness Beacon Daemon\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"logo.png\" width=\"220\" /\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/drand/drand/actions?query=branch%3Amaster\" title=\"Tests\"\u003e\u003cimg src=\"https://github.com/drand/drand/actions/workflows/tests.yaml/badge.svg?branch=master\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://codecov.io/gh/drand/drand\" title=\"Coverage\"\u003e\u003cimg src=\"https://codecov.io/gh/drand/drand/branch/master/graph/badge.svg\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://goreportcard.com/report/github.com/drand/drand\" title=\"Go Report Card\"\u003e\u003cimg src=\"https://goreportcard.com/badge/github.com/drand/drand\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://pkg.go.dev/github.com/drand/drand\" title=\"go.dev reference\"\u003e\u003cimg src=\"https://img.shields.io/badge/go.dev-reference-007d9c?logo=go\u0026logoColor=white\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://golang.org/\" title=\"golang version\"\u003e\u003cimg src=\"https://img.shields.io/badge/golang-%3E%3D1.19-orange.svg\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\nDrand (pronounced \"dee-rand\") is a distributed randomness beacon daemon\nwritten in \u003ca href=\"https://golang.org/\"\u003eGolang\u003c/a\u003e.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\nLinked drand nodes collectively produce \u003cstrong\u003epublicly verifiable\u003c/strong\u003e,\n\u003cstrong\u003eunbiased\u003c/strong\u003e and \u003cstrong\u003eunpredictable\u003c/strong\u003e random values at\nfixed intervals using bilinear pairings and threshold cryptography.\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\nDrand was first developed within the \u003ca href=\"https://github.com/dedis\"\u003eDEDIS\norganization\u003c/a\u003e, and as of December 2019, is now under the drand organization.\n\u003c/p\u003e\n\n\u003c!-- START doctoc generated TOC please keep comment here to allow auto update --\u003e\n\u003c!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --\u003e\n## Table of Contents\n\n- [Goal and Overview](#goal-and-overview)\n  - [Public Randomness](#public-randomness)\n- [Installation](#installation)\n  - [Official release](#official-release)\n  - [Manual installation](#manual-installation)\n  - [Via Golang](#via-golang)\n  - [Via Docker](#via-docker)\n- [Usage](#usage)\n  - [Run Drand locally](#run-drand-locally)\n  - [Create a Drand deployment](#create-a-drand-deployment)\n  - [Fetching Public Randomness](#fetching-public-randomness)\n  - [Using HTTP endpoints](#using-http-endpoints)\n  - [JavaScript client](#javascript-client)\n- [Documentation](#documentation)\n- [What's Next?](#whats-next)\n- [Development](#development)\n- [Acknowledgments](#acknowledgments)\n- [Coverage](#coverage)\n- [Tracing](#tracing)\n- [License](#license)\n\n\u003c!-- END doctoc generated TOC please keep comment here to allow auto update --\u003e\n\n## Goal and Overview\n\nThe need for digital randomness is paramount in multiple digital applications\n([e]voting, lottery, cryptographic parameters, embedded devices bootstrapping\nrandomness, blockchain systems etc) as well in non-digital such as statistical\nsampling (used for example to check results of an election), assigning court\ncases to random judges, random financial audits, etc.  However, constructing a\nsecure source of randomness is anything but easy: there are countless examples\nof attacks where the randomness generation was the culprit (static keys,\nnon-uniform distribution, biased output, etc).  drand aims to fix that gap by\nproviding a Randomness-as-a-Service network (similar to NTP servers for time,\nor Certificate Authority servers for CAs verification), providing continuous\nsource of randomness which is:\n\n* Decentralized: drand is a software ran by a diverse set of reputable entities\n  on the Internet and a threshold of them is needed to generate randomness,\n  there is no central point of failure.\n* Publicly verifiable \u0026 unbiased: drand periodically delivers publicly\n  verifiable and unbiased randomness. Any third party can fetch and verify the\n  authenticity of the randomness and by that making sure it hasn't been\n  tampered with.\n\nA drand network is operated by a group of organizations around the world that\nincludes Cloudflare, EPFL, Kudelski Security, Protocol Labs, Celo, UCL, and\nUIUC. You can learn more by visiting the\n[League of Entropy website](https://leagueofentropy.com), where you can also\nsee the random values being generated by the network in real time.\n\n### Public Randomness\n\nGenerating public randomness is the primary functionality of drand. Public\nrandomness is generated collectively by drand nodes and publicly available. The\nmain challenge in generating good randomness is that no party involved in the\nrandomness generation process should be able to predict or bias the final\noutput. Additionally, the final result has to be third-party verifiable to make\nit actually useful for applications like lotteries, sharding, or parameter\ngeneration in security protocols.\n\nA drand randomness beacon is composed of a distributed set of nodes and has two\nphases:\n\n- **Setup:** Each node first generates a *long-term public/private key pair*.\n  Then all of the public keys are written to a *group file* together with some\n  further metadata required to operate the beacon. After this group file has\n  been distributed, the nodes perform a *distributed key generation* (DKG)\n  protocol to create the collective public key and one private key share per\n  server. The participants NEVER see/use the actual (distributed) private key\n  explicitly but instead utilize their respective private key shares for the\n  generation of public randomness.\n- **Generation:** After the setup, the nodes switch to the randomness\n  generation mode. Any of the nodes can initiate a randomness generation round\n  by broadcasting a message which all the other participants sign using a\n  t-of-n threshold version of the *Boneh-Lynn-Shacham* (BLS) signature scheme\n  and their respective private key shares. Once any node (or third-party\n  observer) has gathered t partial signatures, it can reconstruct the full BLS\n  signature (using Lagrange interpolation). The signature is then hashed using\n  SHA-256 to ensure that there is no bias in the byte representation of the\n  final output. This hash corresponds to the collective random value and can be\n  verified against the collective public key.\n\n## Installation\n\n### Official release\n\nPlease go use the latest drand binary in the [release page](https://github.com/drand/drand/releases).\n\n### Manual installation\n\nDrand can be installed via [Golang](https://golang.org/) or\n[Docker](https://www.docker.com/). By default, drand saves the configuration\nfiles such as the long-term key pair, the group file, and the collective public\nkey in the directory `$HOME/.drand/`.\n\nThe docker image can also be built manually by running `docker build --build-arg version=$(git describe --tags) --build-arg gitCommit=$(git rev-parse HEAD) -t drandorg/go-drand:latest .` in the project root folder\nAdditional instructions for running a node or network using docker can be found in the [docker directory](./docker)\n\n### Via Golang\n\nMake sure that you have a working [Golang\ninstallation](https://golang.org/doc/install) and that your\n[GOPATH](https://golang.org/doc/code.html#GOPATH) is set.\n\nThen install drand via:\n```bash\ngit clone https://github.com/drand/drand\ncd drand\nmake install\n```\n\n### Via Docker\n\nThe setup is explained in\n[docker/README.md](https://github.com/drand/drand/tree/master/docker/README.md).\n\n## Usage\n\n### Run Drand locally\n\nTo run a local demo, you can simply run:\n```bash\nmake demo\n```\n\nThe script spins up a few drand local processes, performs resharing and other\noperations and will continue to print out new randomness every Xs (currently\n6s).\nFor more information, look at the demo [README](https://github.com/drand/drand/tree/master/demo).\n\n\nA drand beacon provides several public services to clients. A drand node\nexposes its public services on a gRPC endpoint as well as a REST JSON endpoint,\non the same port. The latter is especially useful if one wishes to retrieve\nrandomness from a JavaScript application.  Communication is meant to be protected\nthrough TLS by using a reverse-proxy to perform TLS termination.\n\n### Create a Drand deployment\n\nConsult full instructions at [DEPLOYMENT](https://drand.love/operator/deploy/)\n\n### Fetching Public Randomness\n\nTo get the latest public random value, run\n```bash\ndrand get public --round \u003ci\u003e \u003cgroup.toml\u003e\n```\nwhere `\u003cgroup.toml\u003e` is the group identity file of a drand node. You can\nspecify the round number when the public randomness has been generated. If not\nspecified, this command returns the most recent random beacon.\n\nThe JSON-formatted output produced by drand is of the following form:\n```json\n{\n  \"round\": 367,\n  \"signature\": \"b62dd642e939191af1f9e15bef0f0b0e9562a5f570a12a231864afe468377e2a6424a92ccfc34ef1471cbd58c37c6b020cf75ce9446d2aa1252a090250b2b1441f8a2a0d22208dcc09332eaa0143c4a508be13de63978dbed273e3b9813130d5\",\n  \"previous_signature\": \"afc545efb57f591dbdf833c339b3369f569566a93e49578db46b6586299422483b7a2d595814046e2847494b401650a0050981e716e531b6f4b620909c2bf1476fd82cf788a110becbc77e55746a7cccd47fb171e8ae2eea2a22fcc6a512486d\",\n  \"randomness\": \"d7aed3686bf2be657e6d38c20999831308ee6244b68c8825676db580e7e3bec6\"\n}\n```\n\nHere `Signature` is the threshold BLS signature on the previous signature value\n`Previous` and the current round number. `Randomness` is the hash of\n`Signature`, to be used as the random value for this round. The field `Round`\nspecifies the index of `Randomness` in the sequence of all random values\nproduced by this drand instance. The **message signed** is therefore the\nconcatenation of the round number treated as a `uint64` and the previous\nsignature. At the moment, we are only using BLS signatures on the bls12-381 curves\nand the signature is made over G1.\n\n\n(Note that this command expects access to a drand group member,\nthis won't work with the current League of Entropy nodes, since they\nare not exposing their GRPC endpoints directly.)\n\n### Using HTTP endpoints\n\nThis is the recommended way of using drand randomness, but don't forget to validate\nthe beacons' signatures against the group public key.\n\nOne may want to get the distributed key or public randomness by issuing a GET to a\nHTTP endpoint instead of using a gRPC client. Here is a basic example on how to\ndo so with curl.\n\nTo get the distributed key, you can use:\n```bash\ncurl \u003caddress\u003e/group\n```\n\nSimilarly, to get the latest round of randomness from the drand beacon, you can\nuse\n```bash\ncurl \u003caddress\u003e/public/latest\n```\n\n### JavaScript client\n\nTo facilitate the use of drand's randomness in JavaScript-based applications,\nwe provide [`drand-client`](https://github.com/drand/drand-client).\n\nFor more details on the procedure and instructions on how to use it,\nrefer to the\n[readme](https://github.com/drand/drand-client/blob/master/README.md).\n\n## Documentation\n\nHere is a list of all documentation related to drand:\n\n- To learn more about the protocol, the motivation and its background\n  - For a high level presentation of motivations and background, here are some public\n  [slides](https://docs.google.com/presentation/d/1t2ysit78w0lsySwVbQOyWcSDnYxdOBPzY7K2P9UE1Ac/edit?usp=sharing)\n  about drand or online [video](https://www.youtube.com/watch?v=ydwW2HFFxNI\u0026list=PLhuBigpl7lqu6xWpiXtbEzJQtlMH1tqoG\u0026index=3).\n  - [A basic explainer of the cryptography behind drand](https://hackmd.io/@nikkolasg/HyUAgm234),\n  - [Protocol Specification](https://drand.love/docs/specification/)\n- API documentation\n  - [The client-side API documentation of drand](https://hackmd.io/@nikkolasg/HJ9lg5ZTE)\n- DevOps/Deployment documentation\n  - [Deployment instructions](https://drand.love/operator/deploy/)\n  - [Security Model](https://drand.love/docs/security-model/)\n\nAs well, here is a list of background readings w.r.t to the cryptography used in\ndrand:\n\n- [Pairing-based\n  cryptography](https://en.wikipedia.org/wiki/Pairing-based_cryptography) and\n  [Barreto-Naehrig curves](https://github.com/dfinity/bn).\n- [Pedersen's distributed key generation\n  protocol](https://link.springer.com/article/10.1007/s00145-006-0347-3) for\n  the setup.\n- Threshold [BLS\n  signatures](https://www.iacr.org/archive/asiacrypt2001/22480516.pdf) for the\n  generation of public randomness.\n- The resharing scheme used comes from the\n  [paper](http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.55.2968\u0026rep=rep1\u0026type=pdf)\n  from  Y. Desmedt and S. Jajodia.\n\nNote that drand was originally a [DEDIS](https://dedis.epfl.ch/)-owned project that\nis now spinning off on its own Github organization. For related previous work\non public randomness, see DEDIS's academic paper [Scalable Bias-Resistant\nDistributed Randomness](https://eprint.iacr.org/2016/1067.pdf).\n\n## What's Next?\n\nAlthough being already functional, drand is still at an early development stage\nand there is a lot left to be done. The list of opened\n[issues](https://github.com/dedis/drand/issues) is a good place to start. On top\nof this, drand would benefit from higher-level enhancements such as the\nfollowing:\n\n+ Implement a more [failure-resilient DKG\n  protocol](https://eprint.iacr.org/2012/377.pdf) or an approach based on\n  verifiable succinct computations (zk-SNARKs, etc).\n+ Use / implement a faster pairing based library in JavaScript\n+ Add more unit tests\n+ Add a systemd unit file\n\nFeel free to submit feature requests or, even better, pull requests ;)\n\n## Development\n\nIf you want to contribute to Drand, head over to our [Development documentation](DEVELOPMENT.md).\n\n## Acknowledgments\n\nThanks to [@herumi](https://github.com/herumi) for providing support on his\noptimized pairing-based cryptographic library used in the first version.\n\nThanks to Apostol Vassilev for its interest in drand and the extensive and\nhelpful discussions on the drand design.\n\nThanks to [@Bren2010](https://github.com/Bren2010) and\n[@grittygrease](https://github.com/grittygrease) for providing the native\nGolang bn256 implementation and for their help in the design of drand and\nfuture ideas.\n\nFinally, a special note for Bryan Ford from the [DEDIS lab](https://dedis.epfl.ch/)\nfor letting me work on this project and helping me grow it.\n\n## Coverage\n\n- EPFL blog [post](https://actu.epfl.ch/news/epfl-helps-launch-globally-distributed-randomness-/)\n- Cloudflare crypto week [introduction\n  post](https://new.blog.cloudflare.com/league-of-entropy/) and the more\n  [technical post](https://new.blog.cloudflare.com/inside-the-entropy/).\n- Kudelski Security blog\n  [post](https://research.kudelskisecurity.com/2019/06/17/league-of-entropy/)\n- OneZero\n  [post](https://onezero.medium.com/the-league-of-entropy-is-making-randomness-truly-random-522f22ce93ce)\n  on the league of entropy\n- SlashDot\n  [post](https://science.slashdot.org/story/19/06/17/1921224/the-league-of-entropy-forms-to-offer-acts-of-public-randomness)\n\nRead more about it on our blog: https://docs.drand.love/blog/\n\n## Tracing\n\nIn the [./docker](./docker) folder, you can use the [docker-compose.tracing.yaml](./docker/docker-compose.tracing.yaml) to spin up the necessary components for monitoring a drand binary in-depth.\nTo run tracing, you will need to pass the `--traces` command line flag with the endpoint of the tool running in the docker-compose file (or another OpenTelemetry endpoint). You can optionally pass the `--traces-probability` flag to configure how many calls you wish to sample for telemetry.\n\n## License\n\nThe drand project is dual-licensed under Apache 2.0 and MIT terms:\n\n- Apache License, Version 2.0, ([LICENSE-APACHE](https://github.com/drand/drand/blob/master/LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0)\n- MIT license ([LICENSE-MIT](https://github.com/drand/drand/blob/master/LICENSE-MIT) or http://opensource.org/licenses/MIT)\n","funding_links":[],"categories":["Go"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdrand%2Fdrand","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdrand%2Fdrand","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdrand%2Fdrand/lists"}