How to generate a random number in a way that everyone can verify is fair even if they don't necessarily trust each other. One name for this is a "public randomness beacon".
Update: We have a Manifold bot that you can easily use to generate secure, verifiable public randomness! See https://manifold.markets/FairlyRandom. This implements the method I proposed below.
Here are some methods:
Some website that publishes random numbers periodically, for example daily. E.g. https://avkg.com/en/daily-random/ (the first google result for "daily random number"). Downsides are that you only get them once a day. (If anyone finds a website like this that does hourly numbers, please let me know!) Numbers from some random website might be manipulated or hacked - definitely not suitable for high-security applications (but probably fine for manifold markets)
Or maybe lottery draws - many of these are published. But lottery numbers might be statistically biased.
Blockchain: Take the first block published after some pre-specified timestamp (e.g. midnight UTC), and use the last N characters of the hash as a random value. See https://manifold.markets/jack/resolves-yes-1-chance-na-99-chance for example. Downside: blocks are published at unpredictable intervals, and there's some small chance of disagreement about block timestamps, or short-lived forks. I'd suggest using e.g. Ethereum rather than Bitcoin, so you don't have to wait as long for the random number to be generated.
I believe the ideal way to do this is with a true public randomness beacon, which generates random numbers periodically (e.g. every minute) and publishes and signs them cryptographically to provide strong verifiability and security properties. Unfortunately, the current implementations I am aware of don't work very well.
drand.love - generates publicly verifiable random numbers every 30 seconds. We have a Manifold bot that you can easily use for this! See https://manifold.markets/FairlyRandom
https://beacon.nist.gov/home - generates publicly verifiable random numbers every 60 seconds. Example URL to view a past random value: https://beacon.nist.gov/beacon/2.0/chain/2/pulse/123244
In general, to avoid using the same random values for multiple different things, you would want to use hash(concat(public randomness beacon value, nonce)) where nonce is published in advance (e.g. the market ID).
Also, Manifold could provide a RNG service as a built-in feature! That would make things a lot easier. The simplest method I can think of is Manifold just adds a bot that comments with a random number upon request. E.g. I post a comment @RngBot 1-20 and it replies with a random number between 1 and 20. (Even better would be if that bot sources the random number from a public randomness beacon instead of just using a local RNG, so that you don't have to trust the bot's security. It can get the next RNG value from a public beacon, and combine it with the comment id of the requesting comment as the nonce.)
Some related discussion:
People are already planning to write a bot like I suggested to generate random numbers on Manifold. Awesome!
Here's a market on whether we'll be able to meet an even higher bar of security while keeping it still easy to use:
This is a great idea!! Manifold needs a library of resources like this. Forking this fosho.
You could also use the market participants as a distributed source of randomness, such that only one needs to be honest. E.g. the procedure:
1. Ask market participants to generate a very large random number, privately record it, and comment with its hash.
2. After some time window, ask all market participants to reveal their random numbers. (checking that they match with their hashes)
3. Use these random numbers as a seed for some predetermined randomization algorithm (a simple one would be to hash them together and take the last bits).
It is therefore publicly provable that so long as one market participant honestly followed the procedure, the output is actually random.
@NicholasCharette73b6 Similar idea without requiring work from users:
On market post time, generate a UUID to use as a salt
Post the hash of this salt
At close, generate
hash(concat(salt, *sorted(better_ids)))You now have random bytes to use as you'd like
You can, but I don't see that much point of going for a mechanism like this which is already a fair amount of work, when you could instead use a properly secure common mechanism for distributed public randomness. I am very disappointed that so far I haven't found one that is easy to use, but it's probably still better than trying to roll your own like this.
In particular, I think using market participants is no better than using RNG from blockchain - the main disadvantage of blockchain is the latency of ~10 minutes on average, but getting your market participants to perform this protocol will probably take longer than that.
And Olivia's method is not secure against the author. It leaks RNG information in advance to the author and can be manipulated by the author. At any point in time, the author knows that the RNG will be some value if nobody else bets - so close to market close they have a lot of information about what the RNG will probably end up being. They can also manipulate it: if they don't like the current RNG value, they can have an alt bet on the market to change it.