WASM compatibility issues - do deterministic PRNGs exist for no_std verification?

[drewstone]

Linking this thread for background.

Hello,

We've been working on mixers in Substrate using this library and have gotten things to work for some time until live-testnet deployment where our Substrate WASM runtime has begun complaining about getrandom incompatibilities. Judging by the comments in that thread, it seems we need to find other routes of verifying bulletproof proofs inside of a no_std or WASM runtime. I'm curious to learn more why the verifier needs an rng/prng to do verification. Should fiat-shamir (assuming that's why it's used) really need fresh random values from a prng?

Any recommendation as far as a prng implementation that uses a random seed to instantiate itself and that also compiles to WASM? This would allow me to use other on-chain randomness to achieve this goal instead of an OsRng which has been working locally for quite some time.

[drewstone]

ChaChaRng with a random seed may work

[burdges]

The issue is the seed's source. It should be a block hash or all the transactions or something, so that Fiat-Shamir applies. I think even then one should double check that everything makes sense. One could even send a PR here for a "derandomized verifier" so people can speak about it concretely.