[anomalroil]

This is based on a permissioned threshold network, so as long as there are never a threshold number of nodes that are malicious and as long as there is a threshold number of nodes that continue to operate, the network's liveness and security is guaranteed. Using Bitcoin as a cryptographic reference clock has been proposed in the past, but the good way of doing it is relying also on SNARKs and isn't really that practical from what I can tell: https://link.springer.com/content/pdf/10.1007/s10623-018-046...

[anonporridge]

A Sybil attack seems like the most likely weakness then.

Why do we trust permissioned nodes to not get compromised or the permissioning body to not accidentally or intentionally let in malicious nodes?

Couldn't a few well placed gag orders by a sufficiently powerful government be enough to subvert the whole system in a non evident way?

[anomalroil]

It could, and that's why a solid threshold network should have nodes in different locations, jurisdictions, cloud providers, etc. and have a threshold that's high enough to avoid that risk.

[layer8]

From another comment: “Besides calculating verifiably random numbers, the computers will also decrypt content for anyone if you send it content encrypted to their public keys and the encrypted content contains a time range that includes the present.” That sounds like decryption would fail when the present time is after the specified time range.

[anomalroil]

Yeah, that's not exactly how it works. The drand nodes are publishing random beacons that are signed, that's the only thing the networks does. Publishing public verifiable randomness. But pairing-based cryptography allows us to do identity-based encryption and that's like magic, but basically we can rely on a message as a public key, and on a signature as a secret key, and that's how tlock works.