Distributed Randomness Beacon client
Project description
drb-client
Distributed Randomness Beacon client
Gathers entropy from multiple drand instances, securely mixes responses and outputs to kernel entropy pool or stdout. Suitable for use with League of Entropy servers (see "Running" section).
drb-client can be used as a standalone source of high-quality random number, or as additional source for entropy pool in Linux kernel. Produced amount of entropy should be sufficient to derail attacks based on RNG predictability.
Cryptography background
drb-client polls list of drand servers with given interval and requests private entropy data portion from each one. Communication between drb-client and drand is protected with AES256-GCM encryption derived on BN-256 curve on top of TLS (this is imposed by drand API format).
drb-client constructs each output of entropy from at least quorum (-Q option) distinct inputs. It is assumed at least node_count - quorum + 1 nodes produce truly unpredictable secure random numbers, so any quorum of distinct responses definitely contain at least one truly random input (due to pigeonhole principle).
Entropy portions from beacon servers are mixed using stateful HKDF-based mixer. Each sufficient set of random responses is used to produce random output and new salt value for HKDF mixer. Therefore, mixer output becomes unpredictable after successful generation of first output, even if all beacon servers get compromised and start feeding client with biased data.
Default poll interval is 60 seconds and such interval is chosen for a reason. drand generates entropy for each response using its /dev/urandom. On Linux urandom gets reinitialized from /dev/random each 1 minute. So there is no reason to fetch random data more often: responses between reinitializations are in functional dependence.
Installation
Requires Python 3.5.3+
From PyPI
pip3 install drb-client
From source
Download or clone repository and run following command in source code directory:
pip3 install .
Running
There are few available entropy sinks (option -O):
devrandom- (default) writes collected entropy into/dev/randomdevice, without increment of kernel counter of available entropy in pool.stdout- writes collected entropy into standard output.rndaddentropy- writes collected entropy into/dev/randomdevice with increment of kernel counter of available entropy in pool. Requires superuser privileges to operate.
You may obtain latest group.toml config with list of League of Entropy servers here.
Run with default sink:
drb-client group.toml
Contribute into /dev/random and increment entropy counter:
sudo drb-client -O rndaddentropy group.toml
For logging into file see "Synopsis" section.
Synopsis
$ drb-client --help
usage: drb-client [-h] [-v {debug,info,warn,error,fatal}] [-l FILE]
[-Q QUORUM] [-T PERIOD] [-B BACKOFF] [-w TIMEOUT]
[-O {stdout,rndaddentropy,devrandom}]
group_config
Distributed Randomness Beacon client
positional arguments:
group_config group config
optional arguments:
-h, --help show this help message and exit
-v {debug,info,warn,error,fatal}, --verbosity {debug,info,warn,error,fatal}
logging verbosity (default: info)
-l FILE, --logfile FILE
log file location (default: None)
poll options:
-Q QUORUM, --quorum QUORUM
minimal answers required on each poll. Default value
is (node_count // 2 + 1). (default: None)
-T PERIOD, --period PERIOD
poll interval for each source (default: 60)
-B BACKOFF, --backoff BACKOFF
backoff after source failure (default: 10)
-w TIMEOUT, --timeout TIMEOUT
timeout for each request (default: 4)
output options:
-O {stdout,rndaddentropy,devrandom}, --output {stdout,rndaddentropy,devrandom}
entropy output (default: devrandom)
Deployment
You may obtain latest group.toml config with list of League of Entropy servers here.
See deploy/drb-client.service for example of systemd unit file.
Credits
- League of Entropy project
- drand project
- Jack Lloyd for BN256 implementation for Python
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file drb_client-0.4.0.tar.gz.
File metadata
- Download URL: drb_client-0.4.0.tar.gz
- Upload date:
- Size: 19.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.22.0 setuptools/45.1.0 requests-toolbelt/0.9.1 tqdm/4.42.0 CPython/3.7.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a34afdb70ebd0ba8f0915ccb89041e9721db2933903137e10f2893171ddff40e |
|
| MD5 | 139c580260db0a72a2625b4a89974d0c |
|
| BLAKE2b-256 | 9af505bf18cdda0e5f344fc38f9b0db3d1b0be37848272f16cd08796a609e897 |
File details
Details for the file drb_client-0.4.0-py3-none-any.whl.
File metadata
- Download URL: drb_client-0.4.0-py3-none-any.whl
- Upload date:
- Size: 20.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.22.0 setuptools/45.1.0 requests-toolbelt/0.9.1 tqdm/4.42.0 CPython/3.7.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | d570bf9b3c183e03ddb6798cb4c257c11be69f5010b276bbe1bb451cb35f423e |
|
| MD5 | e0e1877db15333dded24e3f6155ec1b3 |
|
| BLAKE2b-256 | c58d5ea958ff18baba9ebee72c89659c16578d40c74a13a261d3c3849f405ee6 |
