Comments (4)
jeapostrophe
commented on May 28, 2024
Reach computations are deterministic, and thus Reach does not support a native random function. However, Reach can interact with participants to, for example, "provide a number". The frontend is then responsible for how exactly to get this number. The Reach program cannot rely on the number being generated in an particular way.
This is a really common occurrence, so we want to make it is easy for people to specify that the frontend can provide a random number and we want to make it easy for the frontend to actually do so, although we don't want to mandate our particular implementation, because random number generation is a sensitive security topic.
So, your "If I am correct" is correct and this is as-intended and it can't really be another way. However, I think we can motivate this a bit more in the hasRandom documentation and xref it with the stdlib.hasRandom helper --- https://docs.reach.sh/ref-programs-compute.html#%28part._has.Random%29 --- What do you think?
from reach-lang.
hagenhaus
commented on May 28, 2024
Okay, I think this is the premise: Reach, by design, does not natively provide a way to generate random numbers, but at least one Reach function (i.e. makeCommitment) (1) requires this capability and (2) relies on the frontend participant to supply a random() method which, I assume, can be the default stdlib method or a custom method.
Here, then, I think, is what the developer needs to self-talk: "I need to include a random() method in my frontend participant object not because I need to access it in my backend code explicitly, but because at least one Reach function needs it."
If so, do we want to avoid the necessity of developers needing to make this leap? For example, I think makeCommitment has access to the default stdlib.hasRandom.random() method without the frontend supplying it, just as the backend, in general, has access to stdlib methods. Then, only developers who want to supply custom random methods would need to supply them. Am I seeing this right?
from reach-lang.
jeapostrophe
commented on May 28, 2024
Just like Reach wants to force people to declassify, require, and consider invariants, it is part of its security consciousness to have them in charge of their own randomness. Many many applications have been attacked through their random generators, so we don't want to make it so that Reach will only do randomness one way.
from reach-lang.
chrisnevers
commented on May 28, 2024
I've updated the documentation regarding hasRandom
from reach-lang.
Related Issues (20)
- Getting Error("no log for ".concat(o_lab)) when using remote call HOT 3
- "logic eval error: fee too small" when upgrading to latest Reach (f33abc3d) HOT 11
- While creating ASA in algorand using stdlib.launchToken(), opts.metaDataHash value is ignored and not set in the asset. HOT 4
- Feature Request: Add manager address in opts for stdlib.launchToken() for Alogrand network HOT 1
- WalletConnect producing undefined importKey error HOT 2
- Feature Request: Use algod for asset information if reading is allowed. HOT 2
- Reach Compiler Error HOT 2
- Reach seems to produce impossible values for counter-example to failed "check" statement HOT 2
- launchToken does not set manager address in Algorand TestNet HOT 2
- Compiler error when using .fromObject HOT 1
- Pera wallet connect not working HOT 2
- Unable to import stdlib in Vite HOT 1
- Reach run gives error on latest version
- Reach run gives error on latest version HOT 2
- Not able to import modules in versions after 0.1.13rc0 (f79282c4)
- Remote object call triggers an assumption error
- Sqrt fails formal verification HOT 5
- feat: integrate algorand community's use-wallet HOT 1
- fix: please upgrade Reach's Walletconnect from v1 to v2
- test
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from reach-lang.