The random beacon service is responsible for providing a source of unbiased randomness on each epoch. It uses a commit-reveal scheme backed by a PVSS scheme such that as long as the threshold of participants is met, and one participant is honest, secure entropy will be generated.
The service interface definition lives in go/beacon/api
. It defines the
supported queries and transactions. For more information you can also check out
the consensus service API documentation and the beacon ADR specification.
Each node generates and maintains a long term elliptic curve point and scalar pair (public/private key pair), the point (public key) of which is included in the node descriptor stored by the registry service. In the initial implementation, the curve is P-256.
The beacon generation process is split into three sequential stages. Any failures in the Commit and Reveal phases result in a failed protocol round, and the generation process will restart after disqualifying participants who have induced the failure.
Upon epoch transition or a prior failed round the commit phase is initiated and
the consensus service will select particpants
nodes from the current validator
set (in order of descending stake) to serve as entropy contributors.
The beacon state is (re)-initialized, and an event is broadcast to signal to the
participants that they should generate and submit their encrypted shares via a
beacon.SCRAPECommit
transaction.
Each commit phase lasts exactly commit_interval
blocks, at the end of which,
the round will be closed to further commits.
At the end of the commit phase, the protocol state is evaluated to ensure that
threshold
of nodes have published encrypted shares, and if an insufficient
number of nodes have published them, the round is considered to have failed.
The following behaviors are currently candidates for a node being marked as malicious/non-particpatory and subject to exclusion from future rounds and slashing:
-
Not submitting a commitment.
-
Malformed commitments (corrupted/fails to validate/etc).
-
Attempting to alter an existing commitment for a given epoch/round.
When the commit_interval
has passed, assuming that a sufficient number of
commits have been received, the consensus service transitions into the reveal
phase and broadcasts an event to signal to the participants that they should
reveal the decrypted values of the encrypted shares received from other
participants via a beacon.PVSSReveal
transaction.
Each reveal phase lasts exactly reveal_interval
blocks, at the end of which,
the round will be closed to further reveals.
At the end of the reveal phase, the protocol state is evaluated to ensure that
threshold
nodes have published decrypted shares, and if an insufficient number
of nodes have published in either case, the round is considered to have failed.
The following behaviors are currently candidates for a node being marked as malicious/non-participatory and subject to exclusion from future rounds and slashing:
-
Not submitting a reveal.
-
Malformed commitments (corrupted/fails to validate/etc).
-
Attempting to alter an existing reveal for a given Epoch/Round.
When the reveal_interval
has passed, assuming that a sufficient number of
reveals have been received, the beacon service recovers the final entropy output
(the hash of the secret shared by each participant) and transitions into the
complete (transition wait) phase and broadcasting an event to signal to
participants the completion of the round.
No meaningful protocol activity happens once a round has successfully completed, beyond the scheduling of the next epoch transition.
The following sections describe the methods supported by the consensus beacon service. Note that the methods can only be called by validators and only when they are the block proposer.
Submits a PVSS commit.
Method name:
beacon.PVSSCommit
Body:
type PVSSCommit struct {
Epoch EpochTime `json:"epoch"`
Round uint64 `json:"round"`
Commit *pvss.Commit `json:"commit,omitempty"`
}
Submits a PVSS reveal.
Method name:
beacon.PVSSReveal
Body:
type PVSSReveal struct {
Epoch EpochTime `json:"epoch"`
Round uint64 `json:"round"`
Reveal *pvss.Reveal `json:"reveal,omitempty"`
}
-
participants
is the number of participants to be selected for each beacon generation protocol round. -
threshold
is the minimum number of participants which must successfully contribute entropy for the final output to be considered valid. This is also the minimum number of participants that are required to reconstruct a PVSS secret from the corresponding decrypted shares. -
commit_interval
is the duration of the Commit phase, in blocks. -
reveal_interval
is the duration of the Reveal phase, in blocks. -
transition_delay
is the duration of the post Reveal phase delay, in blocks.