The Dfinity Consensus White Paper

Verifiable Random Function

Let’s begin with the Verifiable Random Function (VRF), as this is the smallest building block of the Dfinity protocol. A VRF is very simply, a pseudo-random function that provides publicly verifiable proofs of its outputs’ correctness. If we recall from my previous post “The Blockchain from a Git Perspective” I point out that from a git perspective, consensus is simply randomizing the selection of the maintainer of the “repo”, where the repo is the block chain. I then make the claim that proof of work mining is simply a method for distributing the amount of time a node on the network is allowed to be the maintainer of the repo. But this begs the question hundreds of engineers have asked since Bitcoin: what if, rather than competing to act as the maintainer of the repo by burning electricity to secure the block chain, there was some other method of randomly selecting the maintainer of the repo? Enter the VRF.

A broad overview of the Dfinity block chain. Here the VRFs are the little red rectangles “Rand i — 1”, “Rand i”, “Rand i + 1”, etc. The outputs of the VRF aid in randomly selecting each group, “Group i”, “Group i + 1”, “Group i + 2”, etc.

Threshold Relay

This hypothetical decentralized VRF is all well and good, but how is it achieved in practice? Recall, it must be trustless the same way proof of work is. This is where Dfinity has made a major breakthrough. They’re using BLS rather than RSA or ECDSA, due to the fact that has a unique* threshold version as well as a distributed key generation for this unique threshold version. This allows for a signature to be valid if a threshold of private keys signing the message is reached.

A screen shot of selected nodes in the Dfinity network. For our example, green nodes are the nodes selected by the previous random beacon to sign the current random beacon, and there are 100 of them. The grey nodes are all nodes in the Dfinity network. Of the 100 green nodes, 51 would have to sign the message to propagate the next random beacon value to the rest of the network.
Hate to use this again, but, it illustrates exactly what the random beacon is/can used for. It ties together both the block chain and the threshold relay chain, which is why I focused so heavily on it in this post. However, a decentrally agreed upon source of verifiable randomness could be used for a whole host of things.

So what?

But why does this matter? So we have a different way of selecting a “maintainer” of our repo, who cares? Well firstly, this is much more computationally, and therefore economically, efficient than proof of work. We’ve all heard the stories of Bitcoin mining using more power than Ireland. Message signing is a constant time operation, while proof of work is anything but constant. There are also claims of empty blocks being mined in the Ethereum block chain in order for the miner to get the block out in time and receive the block reward.


Note that this is an extremely simplistic view of the Dfinity protocol (I’ve left things like block notarization out). But I didn’t want to inundate readers with complex explanations and math proofs. I understand, however, that Dfinity must go through this pedantry in a white paper, particularly to defend the block speeds they’re claiming to achieve.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jackson Kelley

Jackson Kelley

crypto @robinhoodapp | ex-@amazon | @yAcademyDAO resident | whitehat @securityoak & @spearbitdao | built & sold @ConsoleWeekly