Generation signature

Generation signature is the variable in the average block generation time formula. It is used to check whether the current generating node is eligible to generate the next block.

The generation signature is calculated using VRF (opens new window) (A Verifiable Random Function with Short Proofs and Keys) — a pseudo-random function that uses a message and the private key of an account to provide a non-interactively verifiable proof for the correctness of its output.

This improvement allows resisting stake grinding (opens new window) attacks aimed at influencing block generation randomness to skip miner's opportunity to create a block.

The use of VRF makes signature generation unpredictable because of the need to know the private key for calculation. Only the holder of the private key can compute the hash, but verifying the correctness of the hash using the public key from block header is available to anyone.

The VRF contains calculateVRF function, which calculates proof for some message, and verifyVRF function, which verifies proof from calculateVRF function with a message and the public key of the signer.

Considering that a block’s generation signature is equal to calculateVRF output for a previous generation signature with account private key sk (of generator of i+1-th block):

generationSignature_i+1 = VRFproof = calculateVRF_sk(VRF_i)

The output of calculateVRF function is a VRF proof, which means that the validity of the signature can be checked.

The output of function verifyVRF(pk_i, generationSignature_i) is used to define the time delay between i+99 and i+100 blocks for concrete block generator.

Before activation of feature #15 “Ride V4, VRF, Protobuf, Failed transactions”

In the prior implementation of the generation signature formula, the randomness of a block N+1 was dependent on the generator of the block N and is determined for each miner.

The computation of the block's generation signature generationSignature_i+1 was done by the following steps:

1. Choosing the block. Let h will be the current blockchain height. If h ≥ 100, then the block at height h-100 will be chosen. Otherwise, the block at height h-1 will be chosen.
2. Hashing the chosen block's generation signature generationSignature_i and miner's account public key pk using Blake2b256 (opens new window): generationSignature_i+1 = Blake2b256(generationSignature_i, pk)

The resulting hash was the generation signature.

The first 8 bytes of the resulting 32 bytes hash was converted to a number, referred to as the account hit. The hit from i-th block affected how soon a i+100-th block’s generator (current miner) will be able to generate a block after i+99-th block.