Verifiable Random Function (VRF) & Applications in Blockchain

Table of Contents

A verifiable random function (VRF) is a random number generator (RNG) that produces an output that can be cryptographically proven to be random. Verifiable randomness is considered crucial to lots of blockchain applications since it enables thrilling gameplay, uncommon NFTs, and unbiased results.

What is a Verifiable Random Function (VRF)?

A verifiable random function is a type of cryptographic function that computes a set of inputs into a pseudorandom output and provides verifiable evidence of authenticity.

A public/private key pair (sometimes referred to as a verification key and secret key) and a seed are frequently used as inputs for a VRF. A seed is chosen, and a public/private key pair is produced. These inputs are sent to the VRF, which generates a random number using the private key and the seed. Based on that, the VRF then generates a random number and a proof. Importantly, the creation of a proof makes the function verifiable while maintaining the number's randomness by keeping the secret key hidden. Mathematically explained, given the input X, the holder of the secret key SK can determine (Y, π)=F_SK(X), where Y is the pseudorandom output and π is the proof of Y. Anyone can verify that the value of Y was indeed computed correctly by using the proof π and the public key PK, but this information cannot be used to find the secret key SK.

A verifiable random function has three core features, according to its name:

Verifiable: Anyone can verify the validity of the random number generated by a VRF. All they have to do is examine the proof and confirm that the hash output is accurate. Anyone with the public key can check the hash's accuracy, but only the owner of the VRF secret key can compute the hash.
Random: To someone who does not know the seed or the private key, the output of a VRF is completely unexpected and exhibits no pattern. Each possible output in a VRF has an equal likelihood. The seed and private key are combined in a certain way to provide the randomness
Function: VRFs employ a mathematical procedure to generate the random number as well as a proof that proves its authenticity. For a function to qualify as a VRF, the RNG must conceal the seed (implicit) to maintain the function’s unpredictability and make the proof plain and publicly calculable (explicit) to guarantee the function’s verifiability.

The history of VRF

The verifiable random functions concept was first introduced by Silvio Micali, Michael Rabin, and Salil Vadhan in 1999. Remarkably, Silvio Micali later introduced the Algorand blockchain, whose consensus algorithm makes use of a VRF. However, the original construction of verifiable random function was considered inefficient.

Later on until 2005, Yevgeniy Dodis and Aleksandr Yampolskiy proposed an effective and useful verified random function by using a collision-resistant hash that allowed shorter proofs and keys.

Then in 2015, Dennis Hofheinz and Tibor Jager used elliptic curve cryptography to develop a VRF that is demonstrably secure. Furthermore, Nir Bitansky demonstrated in 2019 that universal primitives can be used to construct VRFs as opposed to just algebraic operations. Today, a lot of VRF implementations rely on these improvements.

Intriguingly, in 2020, researchers presented a VRF that employs lattice-based cryptography that is secure enough to withstand attacks from a quantum computer, indicating that VRF can continue to be an important technology in the future.

Use Cases of VRF

Since most RNGs don't generate random numbers that can be cryptographically validated, they are susceptible to manipulation, which restricts their use cases. VRFs open up a number of significant use cases by ensuring the security of a random number, including:

Internet security: VRF secures the domain name system (DNS) messages
Zero-knowledge technology: VRF is utilized in the protocol design for zero-knowledge proofs and zero-knowledge databases
Non-interactive lottery systems: VRF enables lotteries to produce results that are efficient and fair.
Verifiable transaction escrow schemes: Automated escrow services that maintain user anonymity can be supported using VRF.
Blockchains and smart contracts: VRF plays a vital role in decentralized protocols and applications

Application of VRF in Blockchain

VRF is used in the consensus algorithms of several layer-1 blockchains, including Algorand, Cardano, Internet Computer, and Polkadot, to randomly choose block producers.

Algorand

Verifiable Random Functions' creator, Silvio Micali, is a reputable figure in the field of computer science. He also stands behind blockchain project Algorand, which of course uses his innovation to the attainment of consensus.

Algorand has two different kinds of nodes. Transmit nodes are network hubs that relay protocol messages rapidly and effectively across participating nodes. They are used in the new block proposal and subsequent validation processes.

The VRF takes a secret key and a value and produces a pseudorandom output, with a proof that anyone can use to verify the result. The VRF functions similar to a lottery and is used to choose leaders to propose a block and committee members to vote on a block. This VRF output, when executed for an account, is used to sample from a binomial distribution to emulate a call for every algo in a user’s account. The more algos in an account, the greater chance the account has of being selected -- it’s as if every algo in an account participates in its own lottery. This method ensures that a user does not gain any advantage by creating multiple accounts. - according to Algorand Developer.

Also, in order to advance the consensus process, Silvio Micali employed Verifiable Random Functions for the Algorand blockchain to carry out a covert cryptographic sortition to choose the block proposal node and the validation committee. The use of VRF facilitates the consensus process, which help attain a high level of scalability. Since then, VRF has also been used by other blockchain projects to choose the committee and block proposal node.

Cardano

Verifiable Random Function (VRF) technology is used by Cardano Ouroboros PoS to allow nodes to identify when they have earned the privilege to produce the following block. The slot ID (current clot in the epoch), the VRF signing key (a unique input), and Nonce (derived from hash built on 2/3 blocks from the prior epoch) are the inputs to the VRF.

Using VRF, a random number can be created that will respond to the query "do I now have the right to construct a new block in this time slot" for each node shortly before the potential right to produce a block. There is no way to predict ahead of time which node will have the right to produce the following block.

Polkadot

Polkadot uses verifiable random functions that are extremely close to those found in Ouroboros PoS. The distinction is that the Polkadots VRF employed in BABE consensus does not rely on the central clock, but rather on its historical outcomes, which dictate both the past and current outcomes. They approximate time using slot numbers as a simulated clock.

Validators participate in a lottery in every slot (currently 6 seconds) which will tell them whether they are a block producer candidate. This lottery is based on VRF (Verifiable Random Function) which validators use to compute a random number. This function is also used to prove that the number validator provided was truly valid and it’s thus eligible for a lottery. The validator wins the lottery if v < T where v is the validators random number and T is generated number by the network. After the lottery, several scenarios actually come into play — one validator wins, multiple validators win, and finally a situation where there is no block producer candidate. - According to Polkadotters

Elsewhere in the blockchain ecosystem

Developers of smart contracts in the blockchain ecosystem also need a source of randomness for their programs. However, because blockchain networks are deterministic, on-chain apps lack access to a secure RNG. Using on-chain blockhashes as a source of randomness might lead to manipulation by blockchain miners/validators who can “flip the card”, adjusting the RNG value, and delete blocks with unfavorable hashes. Simple off-chain solutions are opaque and don't show that the RNG value generated is real and wasn't altered by the oracle node or the data source.

Provably fairness and equal uncertainty for all contract players are excellent goals for well-designed systems that rely on randomness. These goals also lower the chance that an adversary could take advantage of contracts by forecasting their results.

Final Words

In comparison to PoS blockchains, where mining a block of the same size as in Proof of Work might take just a few seconds, Proof of Work blockchains struggle with scalability. As a result, fewer transactions are processed each second.

Blockchains that utilize Proof of Stake (and kinds deriving from it) take a different approach and employ randomization as a fair and unpredictable method of choosing the block validators. As a result, they are more effective, efficient, and scalable. But if the security isn't guaranteed through unbiased random selection, the level of decentralization in the scalability solution will be the opposite.

As you can see from the examples with Algorand, Cardano, and Polkadot, a verifiable random function is an invaluable tool for blockchain developers as it may help solve the problem with actual randomness employed by election in numerous distinct scenarios. There are other options as well, such as Orand, a VRF product of Orochi Network that allows randomness to be generated and fed to any smart contracts on any EVM compatible blockchain. The introduction and competitive advantages of Orand will be discussed in the next articles. Stay tuned!

About Orochi Network

Orochi Network is a cutting-edge zkOS (An operating system based on zero-knowledge proof) designed to tackle the challenges of computation limitation, data correctness, and data availability in the Web3 industry. With the well-rounded solutions for Web3 Applications, Orochi Network omits the current performance-related barriers and makes ways for more comprehensive dApps hence, becoming the backbone of Web3's infrastructure landscape.