Secret sharing scheme opens up a whole class of protocols united under the "threshold" umbrella. We can speak about "threshold" schemes when we need M
honest participants from N
to disclose some information, and the set of honest participants can be an arbitrary subset of N
. They allow to deal with the issue of the "last actor": if the attacker does not reveal his part of the secret, another honest participant will do it instead. In turn, this enables us to agree on the only meaning, even if some participants are sabotaging the protocol.
Combining deterministic signatures and threshold-schemes, we get to develop a very convenient and promising PVRB scheme - deterministic threshold-signatures. Here's an article
about various threshold-signatures and use cases, another good longread
by Dash is available here.
The last article covers BLS public and private signatures and keys (BLS stands for Boneh-Lynn-Shacham, you can learn more here
, that can be combined using simple mathematical operations - that comes in handy for developers. The combinations remain valid keys and signatures, making it easy to aggregate many signatures into one and many public keys into one. Their determinism allows to obtain the same result having the same input data. Due to this quality, BLS signature combinations become valid keys, which makes it possible for M honest participants from N total to produce the only signature that is deterministic, publicly verifiable, and unpredictable until revealed by the M participant .
In the BLS threshold signature scheme each participant signs something using BLS (for example, the previous random number) and sends his share to the blockchain. Cryptographic properties of BLS signatures satisfy randomness quality requirements, as the threshold-part protects against the "last-actor", and the unique compatibility of keys allows for many interesting algorithms (for example, ones that effectively aggregate protocol messages).
So, if you are building PVRB for your blockchain in spring-summer 2019, you will most likely come to the BLS threshold signatures scheme; several projects are already using it. For example, DFinity (here
) a benchmarking tool that implements the scheme, and here
is an example of verifiable secret sharing implementation), Keep.network (here is their random beacon yellowpaper
, and here is an example of a smart contract servicing the protocol an example