3.5. Immediate transaction finality

To secure cross-chain operations, Sequentia must minimize the possibility of chain reorganization or orphaned blocks due to dynamics intrinsic to the Sequentia protocol, that is, not depending on a chain reorganization occurring on Bitcoin. The model chosen for Sequentia to grant immediate finality involves having leaders and committees shuffled at each new round based on a seed derived from the block of the immediately preceding round. Each participant computes their own Verifiable Random Function (VRF) using this seed (public) as input plus a key (secret) associated with the tokens at stake. The result defines a committee and a leader per block.

After having calculated the VRF output, each blocksigner checks the VRF function of the block proposers, selects the lowest VRF output, downloads the corresponding block proposed, and checks if it is a valid block complying with the consensus rules (if not, it moves on to the second-lowest VRF function). When enough commitments from blocksigners are collected, they sign the block with their countersignatures. Once enough blocksigners approve a block, it is “certified” and has immediate finality. Requiring a minimum amount of countersignatures to validate a block is necessary, despite being a significant restriction, as it prevents leaders from hiding their VRF result, generating a parallel private chain that will be published later in an attempt to reorganize the honest chain.

The participants allowed to countersign a block in a particular slot are chosen through a randomized process to avoid exposing selected blocksigners to possible attacks. Also, relying on a subset of participants rather than the entire population helps avoid an inappropriately extensive and costly round-robin cosigning process requiring messages between blocksigners.

Thus, a subset of blocksigners called a “committee” is defined in each round to countersign blocks. The selection is random, but participants are weighted by their stakes. The seed of the previous round determines the blocksigners of the next round in a deterministic way. Every round, each participant runs the VRF using the last Sequentia block as a randomization seed, and when nodes discover a new Bitcoin block, participants are able to shuffle the leader set again.

Therefore, the process of block production and transaction finality can be summarized as follows:

1. Full node operators desiring to participate in the block production mechanism must put SEQ at stake and publish a verification key (VF) associated with a secret key (SK) controlling the SEQ at stake.

2. Assuming that a block is published at round r-1. A public seed is deterministically derived from this block.

3. Each participant runs the VRF function using the seed published in the block at r-1 (public) and their secret key SK (private) as input.

4. Given the output of the VRF function, a committee is determined. Each participant in the committee publishes their result to the network (including a new seed for round r) in a proposed block.

5. Nodes check the outputs of the functions other participants published, verifying that no one is cheating because it is possible to publicly verify that a valid SK is used, i.e. one associated with the VF published ahead of time (see step 1). The SK is not revealed when doing so.

6. It is necessary to single out just one block among all published. Therefore, nodes only propagate valid block proposals with the lowest VRF hash calculated at timeout (enforced locally with a timer each node runs and resets after receiving each new block) to the network.

7. If a participant knows about a new Bitcoin block (not referenced in the Sequentia block at round r-1), this participant can propose a block referencing the newest Bitcoin block and use its hash to reshuffle leaders.

8. To ensure that only one block is certified, a selection process is used in which every participating node votes for the block with the lowest hash of the VRF output.

9. After the timeout, if no block reaches the quorum, blocksigners vote again on the proposed blocks in round-robin cycles.

10. Blocksigners verify that the block complies with consensus rules (that is, that there is no double spending, overspending, etc.). The verification is made only after the first vote is done as to reduce the computational effort required to verify more than one block. If the block reaching the quorum is not compliant, the round-robin cycle restarts with the previous step.

11. When a block reaches enough votes (and if it is also otherwise valid), blocksigners aggregate all signatures to countersign it.

12. When the block reaches the minimum threshold of countersignatures and is certified, then it represents the block for round r, and a randomization seed from that block will be determined and used in the subsequent steps (starting again from step 3 above) for the next round (r+1)