Existing dApp random number generation faces a dual challenge: on-chain approaches are vulnerable to manipulation, while off-chain solutions rely heavily on strong security assumptions and entail high implementation complexity. This paper proposes a Web3-oriented hybrid randomness generation framework. It innovatively leverages Trusted Execution Environments (TEEs) in IoT devices as lightweight, high-entropy entropy sources, integrated with multi-source aggregation, zero-knowledge proofs, and a lightweight on-chain verification protocol to achieve secure off-chain randomness generation. The scheme guarantees unbiased output with only one honest TEE source and supports fault tolerance against malicious unresponsive nodes. Experimental evaluation demonstrates over 70% reduction in on-chain gas consumption compared to state-of-the-art approaches, along with significantly lower computational overhead—while preserving security, decentralization, and practical deployability.

Random numbers play a vital role in many decentralized applications (dApps), such as gaming and decentralized finance (DeFi) applications. Existing random number provision mechanisms can be roughly divided into two categories, on-chain, and off-chain. On-chain approaches usually rely on the blockchain as the major input and all computations are done by blockchain nodes. The major risk for this type of method is that the input itself is susceptible to the adversary's influence. Off-chain approaches, as the name suggested, complete the generation without the involvement of blockchain nodes and share the result directly with a dApp. These mechanisms usually have a strong security assumption and high complexity. To mitigate these limitations and provide a framework that allows a dApp to balance different factors involved in random number generation, we propose a hybrid random number generation solution that leverages IoT devices equipped with trusted execution environment (TEE) as the randomness sources, and then utilizes a set of cryptographic tools to aggregate the multiple sources and obtain the final random number that can be consumed by the dApp. The new approach only needs one honest random source to guarantee the unbiasedness of the final random number and a user can configure the system to tolerate malicious participants who can refuse to respond to avoid unfavored results. We also provide a concrete construction that can further reduce the on-chain computation complexity to lower the cost of the solution in practice. We evaluate the computation and gas costs to demonstrate the effectiveness of the improvement.