A mathematical and mechanistic explanation of how the onetappy engine guarantees randomness, and why the new architecture offers a superior security model compared to traditional hash commitments.
[01] — Three Core Challenges
On-chain data such as block hashes and timestamps are visible to miners or validators before a block is produced. An attacker can build a predictive model to compute the probability distribution before the random number is finalized. Meanwhile, miners or validators can selectively discard unfavorable blocks and only publish block hashes that benefit them, directly influencing the final random outcome.
Traditional Commit-Reveal requires every participant to perform two on-chain operations (Commit and Reveal), so communication complexity and interaction rounds grow linearly with the number of participants. In addition, random number generation must wait for multiple block periods to complete the commit and reveal phases; total time increases with participant count and network confirmation time, degrading real-time performance.
In traditional Commit-Reveal protocols, an attacker who has observed other participants' commitments can choose whether to reveal their own random number, exploiting the information asymmetry to gain a strategic advantage.
[02] — Legacy Commit-Reveal · Root Cause
The traditional approach has two phases: phase one submits
hash(secret),
phase two submits the secret itself.
The protocol cannot atomically combine "commitment" and "identity binding" in a single transaction, so it must be split into two steps. The waiting window between the two phases is the root cause of second-mover attacks.
[03] — New Engine · Core Principles
Onetappy
adopts a random generation mechanism that mixes multi-party random contributions with on-chain data.
The final random number does not come from a single on-chain source; instead it is jointly generated from the following independent entropy sources:
Random contributions from N participating players ∞
On-chain data from the current block +1
Random number submitted by the partner when initiating the group buy +2
All entropy sources are mixed and computed layer by layer according to predefined rules to produce the final random number.
const R1 = keccak256(block_data || player1_random);
const R2 = keccak256(R1 || block_data || player2_random);
// ...
const Rn = keccak256(Rn-1 || block_data || playerN_random);
const R_final = keccak256(Rn || block_data || organizer_random);
Onetappy
introduces an improved model that splits participants into two roles: partners and players:
Partners submit their random number commitment in advance; players only need to submit their random number once with no reveal operation required. Finally, the partner reveals the random number and generates the final result.
Player operations are reduced from two to one. The latency accumulation of the traditional reveal phase is eliminated. Interaction rounds, communication latency, and Gas consumption are all significantly reduced.
Organizer Commit
↓
Player Commit
↓
【Player Reveal No Longer Required】
↓
Organizer Reveal
↓
Final Random Number Generated
Onetappy significantly raises the cost for an attacker to profit through selective random number disclosure by introducing economic penalties and clear accountability, making manipulation economically infeasible and effectively mitigating the second-mover attack problem in traditional Commit-Reveal protocols.
Economic Incentive and Security Analysis:
Let 𝐺 denote the maximum potential gain an attacker could obtain through selective random number disclosure,
And the security deposit that partners are required to pledge before participating in the agreement is 𝐷.
In the agreement design, the system requires:
𝐷≥𝐺
That is, the partner's collateral is no less than the maximum gain they could obtain through random number manipulation.
When a partner attempts a second-mover attack by refusing to reveal the random number or interfering with the draw process,
the protocol's penalty mechanism is triggered and the entire collateral 𝐷 is forfeited.
Therefore, the attacker's expected profit is:
𝐸=𝐺−𝐷
Under the condition 𝐷≥𝐺:
𝐸≤0
That is, an attack yields no positive economic return. After weighing the gains against the risks, rational participants will prefer to follow the protocol rules and complete the random number reveal and draw process.
1. Partner Introduction
Each round of group-buying activity designates a partner,
who is responsible for participating in the random number generation
process and completing the final draw.
2. Security Deposit Staking
Before participating in the random number generation for that round,
the partner is required to stake a high-value security deposit (100%) on-chain.
The deposit amount should be sufficient to cover potential manipulation gains,
thereby constraining their behavior through economic incentives.
3. Draw Responsibility Binding
During the random number generation phase, the partner must complete
the random number reveal and trigger the final draw process
in accordance with the protocol rules.
4. Default Penalty Mechanism
If the partner fails to complete the reveal within
the specified timeframe or refuses to execute the draw operation,
the system will automatically trigger the deposit penalty
mechanism and confiscate their entire staked deposit.
Through this deposit-based economic constraint mechanism,
the system is able to reduce participants' incentives to
engage in strategic withholding of reveals or random number
manipulation — without requiring additional trust
assumptions — thereby improving the overall fairness and
reliability of the random number generation process.
| # | Entropy Source | Source Layer | Attacker Controllable? |
|---|---|---|---|
| 01 | user secret | Off-chain Private | No (user-owned) |
| 02 | block_data | On-chain Public | No (fixed after block) |
| 03 | partners secret | Off-chain Private | No (partner-owned) |
[04] — Comparison Matrix
| Solution | Operations | Anti-second-mover | Decentralized | Gas Cost | Comm. Latency | Revenue Share |
|---|---|---|---|---|---|---|
| Traditional Commit-Reveal | 2x | ✗ | ✓ | High | High | × |
| RANDAO | Multi | △ | ✓ | Medium | Very High | × |
| Chainlink VRF | 1x | ✓ | △ | Very High | Low | × |
| Onetappy RNG ★ | 1x | ✓ | ✓ | Low | Low | ✓ |