Updating randomness generation - using VDF
This issue attempts to make the randomness generation of Tezos more secure by using Verifiable Delayed Functions (VDF).
At the moment, Tezos uses a commit and proof algorithm called RANDAO where each member of a committee publishes in a first phase to a commitment of some random coin and publishes in the second phase the commitment openings, i.e. the random coins. The revealed values are then combined together, in this case hashed, to generate a random seed. The unrevealed values are however discarded.
This algorithm is deemed secure if at least one honest member participate. It produces however "biasable randomness" as it suffers from the “last revealer” attack: the last revealer, seeing all revealed values, can choose to reveal its commitment to its advantage, that is choosing a seed between two potential values.
We intend to use the RANDAO output as the input of a VDF with security and difficulty parameters large enough to prevent any party from computing the randomness seed before all nonces are revealed and before the end of a nonce revelation cut off period.
Linked to MR: 5064