Skip to content
Alea

Introduction

Alea is an on-chain verifier for drand random beacons on Solana. Rust SDK on crates.io, TypeScript SDK on npm, Apache 2.0, devnet today.

The job is narrow. Drand emits a verifiable random value every three seconds. Alea proves a single round on-chain in roughly 407,000 compute units, returns the 32-byte randomness as program output, and reverts on any invalid signature. No per-call state. No operator. The upgrade authority today is a solo deployer keypair; long-term plan is transfer to a Squads multisig and eventual immutability, no fixed timeline.

What you get

Section titled “What you get”

A single CPI from your Anchor program into Alea:

use alea_sdk::{cpi, AleaVerify};


let randomness: [u8; 32] = cpi::verify(
    ctx.accounts.alea_program.to_account_info(),
    ctx.accounts.alea_config.to_account_info(),
    ctx.accounts.payer.to_account_info(),
    round,
    signature,
)?;

The returned bytes are the same 32 bytes every drand consumer in the world sees for that round number. SHA-256 of the BLS signature, computed identically on Ethereum, Filecoin, your laptop, and Solana. There is no Alea-specific format.

Who this is for

Section titled “Who this is for”

Anyone on Solana who needs unbiasable randomness that every caller sees identically — lotteries, validator-rotation seeds, NFT trait reveals anchored to a future round. Choose Alea when you want one transaction end-to-end, no keeper or operator, and can tolerate drand’s trust assumption. When you need per-caller unique randomness (each request getting its own value bound to the caller’s context), ORAO VRF is the right tool — see Comparison for the full map.

What you don’t get

Section titled “What you don’t get”

Alea proves drand. It does not generate randomness. The trust assumption is drand’s: the League of Entropy federation must not collude to forge signatures. That federation is currently 15 independent organizations — Cloudflare, Protocol Labs, Ethereum Foundation, Kudelski, universities, a handful of infrastructure companies. If they collude, every drand consumer is broken, not just yours. You’re downstream of that assumption, not on top of it.

Alea also does not enforce beacon freshness. A signature for a year-old drand round is still mathematically valid; your program is responsible for rejecting stale rounds. The Rust SDK ships is_round_recent() for this. Skip it and your settle has no replay defense.

Where Alea is today

Section titled “Where Alea is today”

Devnet live at ALEAydzHd4cN2EWcdHKp4hehAE4B88b16gqVtVqsck2U. Rust crate alea-sdk on crates.io. npm package @alea-drand/sdk. Mainnet deploy is next; the vanity program ID is the same on both clusters by design.

When you’re ready to integrate, go to Install and then the CPI Integration Guide.