I agree with you that the random number generator in tendermint isn't good enough. I am going to add one I have put in a different cryptocurrency before. Each validator gives the hash of a secret, and later gives their secret. All the secrets are XORed to find the random seed.

Tendermint consensus is based off the solution to byzantine generals for partial synchronicity explained in this paper: http://groups.csail.mit.edu/tds/papers/Lynch/jacm88.pdf

>I agree with you that the random number generator in tendermint isn't good enough. I am going to add one I have put in a different cryptocurrency before. Each validator gives the hash of a secret, and later gives their secret. All the secrets are XORed to find the random seed.

Tendermint doesn't have a random number generator at all. You cannot have consensus on random numbers, or else they wouldn't be random. It is a fundamental problem that you are determining the next blocks winner based on numbers that can be influenced by previous winners.

2 examples of multiparty games of choosing random numbers: 1) You and I each write either "1" or "0" onto a piece of paper, and simultaneously reveal to each other.

If the sum is even, I win. If the sum is odd, you win.

This simple 2-person game randomly generates 1 bit. It can be extended to arbitrary numbers of people by replacing addition with XOR.

2) N people each vote either "0" or "1". They reveal votes simultaneous. The minority participants are rewarded. The median of the votes is the next random bit.

I prefer (1) over (2).

Yeah, these work great out of consensus systems. Please consider that you're working on a consensus system though.

"Simultaneous" has no meaning. There are no means of instant communication, there is latency. There also is no proof of time without a consensus system.

So what is the proof that I committed my 0 or 1 value before they revealed? Well you could trust a central authority to maintain that timestamping, or you could even use Bitcoin for your timestamping. In fact, your PoS system could probably work if it piggy backed on Bitcoin completely.

If that's too abstract for you, consider that I say I'm ready to commit, everyone sends me their commits, I construct a block with all their commits and a ton of other possible commits and then once I have created a seed that allows me to win and control the network permenantly.

After reflecting more on the difficulties of a random number generator on a consensus system, we decided to use round robin method to choose the next leader from the validators.

Thank you for the important issues you raised.

The list of nodes will be hard-coded at the genesis with known meatspace identities. It can only be updated by a transaction signed by >2/3 of the existing nodes.

I am writing the "validators contract" for tendermint right now. It will have this functionality.

In this initial allocation of nodes, will one node equal one individual (with a verifiable identity)?

If it does, I expect that it would reduce the likelihood of a Sybil-styled attack during the early days of the network -- with the risk of introducing a different vector, direct coercion of the node owners.

Is the plan to make the hard-coded genesis nodes as geographically diverse as possible?

;) Where are you at? We're in the Bay Area.

If you need someone in Seattle, hit me up.

If the blockmaker excludes signatures, then a larger portion of the fees get burned, and the blockmaker gets a smaller reward.

NASA accepted government money. This is the consequence they have to deal with. It is NASA's fault.

I worked as an intern on Curiosity project.

I estimate less than 1/10th of money spent on NASA goes towards space research. Even worse, they hire all the best engineers from the market. I hope that we will close NASA someday, so that we can start doing space research again.