How Chainlink VRF guarantees randomness
I was trying to look for an explanation as how the randomness of Chainlink VRF is guaranteed, and I had trouble finding the answer as most search results simply talked about how to intergrate Chainlink VRF.
After some digging, I found the answer in one of Chainlink’s blog post — https://blog.chain.link/chainlink-vrf-on-chain-verifiable-randomness/#how_chainlink_vrf_works.
It’s in the Technical Walkthrough section.
The paper that Chainlink VRF is based upon is this Goldberg et. al paper: https://eprint.iacr.org/2017/099.pdf.
Sadly, Chainlink’s blog fails to include the et al.
, making it seem like it was only Goldberg. We should give credit to the other authors too!
Here are their names:
I won’t be able to explain better than how Chainlink does it in the blog post or how the original authors have laid it out, but essentially, the Verifiable Randomness is guaranteed through having block data as input and putting that through secp256k1 to obtain a random sample. The oracle’s public key is another input for the secp256k1 sample generation.
For the full explanation, you can read the blog post. Here’s the link again: https://blog.chain.link/chainlink-vrf-on-chain-verifiable-randomness/#how_chainlink_vrf_works