3.5. Immediate transaction finality
Sequentia should maximize the persistence of the network through immediate transaction finality unless a change in the status of the Bitcoin blockchain enforces a chain reorganization.
To secure cross-chain operations, Sequentia must minimize the possibility of chain reorganization or orphaned blocks due to dynamics intrinsic to the Sequentia protocol, that is, not depending on a chain reorganization occurring on Bitcoin. The model chosen for Sequentia to grant immediate finality has leaders and committees shuffled at each new round based on a seed derived from the block of the immediately preceding round. Each participant computes their own Verifiable Random Function (VRF) using as input this seed (public), plus a key (secret) associated with the coins at stake. The result defines a committee and a leader per block.
After having calculated the VRF output, each blocksigner checks the VRF function of the block proposers, selects the lowest VRF output, downloads the corresponding block proposed, and checks if it is a valid block complying with the consensus rules (if not, it moves on to the second-lowest VRF function). When enough commitments from blocksigners are collected, they sign the block with their countersignatures. Once enough blocksigners approve the block, it is “certified” and has immediate finality. Requiring a minimum amount of countersignatures to validate a block is necessary, despite being a significant restriction, as it prevents leaders from hiding their VRF result, generating a parallel private chain that will be published later in an attempt to reorganize the honest chain.
The participants allowed to countersign a block at a particular slot are chosen through a randomized process to avoid exposing selected blocksigners to possible attacks. Also, relying on a subset of participants rather than the entire population helps avoid a too extensive and costly round-robin cosigning process requiring messages between blocksigners.
A subset of blocksigners called “committee” is defined at each round to countersign the blocks. The selection is random, but participants are weighted by their stakes. The seed of the previous round determines the blocksigners of the next round in a deterministic way. Every round, each participant runs the VRF using the last Sequentia block as a randomization seed, and when nodes discover a new Bitcoin block, participants are able to shuffle the leader set again.
Therefore, the process of block creation and transaction finality can be summarized as follows:
- 1.Every participant puts SEQ at stake, publishing the verification key VF associated with the secret key SK controlling the coins at stake
- 2.Let us assume that a block at round r-1 is published. A public seed is deterministically derived from the block
- 3.Each participant runs the VRF function using as input the seed published in the block at r-1 (public) and their secret key SK (private).
- 4.Given the output of the VRF function, a committee is determined. Each participant in the committee publishes their result to the network (including a new seed for round r) in a proposed block.
- 5.Nodes check the outputs of the functions other participants published, verifying that no one is cheating because it is possible to publicly verify that a valid SK is used, associated with the VF published ahead (see step 1). Indeed, SK is not revealed.
- 6.Of all blocks published, it is necessary to single out just one among many. Therefore, nodes propagate to the network only the valid block proposal with the lowest VRF hash calculated at the timeout (enforced locally with a timer each node runs and resets after receiving each new block).
- 7.If a new Bitcoin block (not referenced in the Sequentia block at round r-1) is known by a participant, this participant can propose a block referencing the newest Bitcoin block and use its hash to reshuffle leaders.
- 8.To be sure only one block is certified, there is a selection process where every node gives his vote for the block with the lowest hash of the VRF output.
- 9.After the timeout, if no block reaches the quorum, blocksigners vote again on the proposed blocks in round robin-cycles.
- 10.Blocksigners verify that the block complies with the consensus rules (that is, there is no double spending, overspending, etc.). The verification is made only after the first vote is done to reduce the computational effort required to verify more than one block. Indeed, if the block reaching the quorum is not compliant, the round-robin cycle starts with the previous step.
- 11.When a block reaches enough votes and is valid, blocksigners aggregate all signatures to countersign it
- 12.When the block reaches the minimum threshold of countersignatures and is certified, then it represents the block for round r, and a randomization seed from that block will be determined and used in the subsequent steps (starting again from step 3 above) for the next round (r+1)