[Feature] Random number generator primitives for Leo

[matthewdgreen]

🚀 Feature

Right now there is no feature for generating random elements during program execution (by a prover) in Leo.

Motivation

The ability to generate random elements would be useful for different applications in Leo. However, the challenge here is that there are different kinds of randomness with different qualities, and these shouldn't be mixed up.

1. Generating random elements (field elements, strings, numbers, groups) by the prover. This randomness is very useful for things like generating ciphertexts in Leo code. However the randomness cannot be trusted by any other user, since prover-generated randomness can be arbitrarily biased.
2. Generating unpredictable elements based on chain randomness. This could simply be Poseidon(block hash). This randomness is "public" and cannot be hidden. Moreover it can't be fully trusted by all parties, but should be slightly resistant to bias.
3. Secure randomness interactively generated with other parties (using commit/reveal coin flipping.) This requires pieces outside of Leo/SnarkVM/Aleo and isn't directly relevant. I'm just listing it here to be thorough.

It would be very useful if Leo could provide a command to generate (at least) the randomness listed in #1 above, so that it's easy to generate ciphertexts. Maybe this should be strongly labeled so that developers will understand the limitations of it.

Implementation

The proposal is to provide a generateProverRandom() method to generate random elements of various types. This randomness would be chosen during program execution, and could then be used during execution of the Aleo program.

[joengelh]

Yes i agree, that would be immensely useful