RANDAO

Published by Mario Oettler on

Ethereum 2.0 The Consensus Mechanism in Ethereum 2.0 RANDAO

In this topic, we learn what the RANDAO is and where it is applied in Ethereum’s consensus mechanism.

Validators and block producers are selected randomly in Ethereum 2.0. However, creating randomness is a difficult venture. This holds particularly for a public blockchain.

There are three conditions the randomness creation process must fulfill:

  • Unpredictability: The random number cannot be told before it is published.
  • Unbiasability: The outcome of the randomness creation process cannot be influenced.
  • Verifiability: It is possible to trace how the random number was created by collecting all inputs, passing them to the randomness algorithm and comparing the result with the actual random number.

Ethereum 2.0 uses the RANDAO (Random Decentralized Autonomous Organization) to generate randomness. In general, the RANDAO is an accumulator that collects random inputs from its contributors and generates a single random number out of this.

Every block proposer provides a field “Randao Reveal”. We, will learn later what the Randao Reveal is. For now, we can consider it as a random value provided by the block proposer.

RANDAO Reveal for Ethereum Slot 5781983.

The value from this field is mixed with the values provided in other blocks of the same epoch. At the end of the epoch, a final value is created. This final value is used to determine the order of attestors and proposers.

There are different mechanisms on how to provide and aggregate inputs. Ethereum planned to use a hash onion first, but then moved on to BLS signatures.

Aggregation

Let’s assume that we have some inputs from the validators that need to be aggregated to a single value. This can be done by the following methods:

  • XOR
  • Hash
  • Sum

Ethereum 2.0 uses XOR.

You can use our XOR calculator to get an idea of how XOR works.

With every block (slot) the mix-state is updated.

RANDAO Mix state.

Hash Onion

Each validator generates a random number and keeps it secret. Then, they hash their random number multiple times. In every block, a proposer creates, he reveals the pre-image of the last hash.

That way, the proposer has committed to a certain value. This reduces the options a proposer has to influence the value. With the commitment in place, he could only decide not to publish this block. But that would cost him the block rewards and maybe even cause a penalty.

The downside of this approach is that if the block gets orphaned for some reason, the Randao reveal is already published.

BLS Signatures

The current approach is to use BLS signatures instead of hash onions. Every validator already has a secret key that he uses to sign the blocks he proposes. This secret key is used for BLS signatures. BLS signatures output uniformly distributed random values.

The value for RANDAO reavel is the BLS-signature of the epoch number with the secret key of the block proposer. The signature (RANDAO reveal) is hashed and XOR-ed with the current RANDAO value.

The advantage of BLS signatures is that they are unique for the epoch number, even if the block gets orphaned for some reason.

Previous Topic
Back to Lesson
Next Topic
Categories: