Timelock Puzzles With VDFs

Written by Ryan Walker, former MistyWest employee.

Proof of work is the traditional method of forming consensus on a distributed network; it relies on an arbitrary set of decentralized nodes which are all solving similar hashing puzzles. Unfortunately, PoW has a non negligible carbon footprint and as a response, researchers have been building alternate consensus mechanisms. Each technique aims to bring the same level of security while reducing the energy requirements. There are numerous replacements; however, Proof of Stake (PoS) is generally considered the best protocol for balancing decentralization, security and efficiency.

In a PoS system, validators introduce new blocks into the chain. To become a validator, one must stake some coins into a pool. During the validation period, if you are deemed to have misbehaved by other validators then these coins can be slashed. Nodes are incentivized to be validators as they earn interest for producing blocks. Any node on the network can be a validator, but there are only a certain amount of active validators at one time. These validators are chosen at random.

Distributed randomness is a much harder problem than it sounds. A previous model requires each node to submit a random number. After all network participants submit their number, all the numbers get concatenated and hashed. The output of this hashing function is the final random number.


Figure 1

Examined more closely, it becomes apparent that the last person who submitted a number can manipulate the final output maliciously. As pictured above in Figure 1: Random Number Generation Party, as Walker was the last to submit a number he could pre-calculate various hashes and pick a number to manipulate the output. However, if the hashing function takes longer than the last participant has to submit, it becomes impossible to evaluate the hash in time. This is where VDFs come into play.

A Verifiable Delay Function, or VDF, is a mathematical sequential function which forces a time delay. Afterwards, a proof can be generated to verify that this time delay did in fact happen. By replacing the hash in the random number generation scheme above (Figure 1) with a VDF, it would be possible to force a time delay which would not allow Walker to evaluate the output prematurely. This resolves the issue of malicious actors and keeps the numbers truly random.

There are lots of resources online explaining how VFDs work. For further context, let me present you with a food based analogy.


Figure 2


An apple goes into the VDF oven. After some time, a pi will come out. It’s then possible to take a slice (this is the proof). Anyone can take the slice of the pi and confirm that those apples made that pi. Since pi’s take time to make, and VDFs take time to run, you have now proven that someone has spent some time making the pi. One of the most important aspects of VDFs is that they are sequential functions; you can’t run a bunch in parallel and get the pi faster. Just like buying more ovens won’t bake the pi faster.

This brings me to my main point: while PoS can be highly secure, it’s not timelocked in the same way a PoW blockchain is. In PoW, there is a difficulty argument, which dynamically changes as a function of the hashing power on the network. This mechanic keeps the blocktime constant, while inherently creating a timelocked linked list of which energy was used to create. New nodes on the network know to treat the longest chain as the real chain. In a PoS blockchain, 51% of the staking power could spin up a new chain, which could be longer than the real chain in a matter of hours. If this were to happen, new nodes would not be able to determine the state of the network.

Instead of using energy as the resource to stake against blocks, as done in PoW. It’s possible to use VDFs to stake time against blocks. To timelock a PoS blockchain, you simply need to run the hash of the validated block through a VDF and adjust the difficulty to whichever blocktime you want. For this system to work, you only need one honest node online hosting a VDF. Ideally, however, you would want redundant VDFs running to ensure you never drop below one.


Figure 3


This adds another layer to the PoS security; for a history rewrite, an attacker will now need:

  1. 51% of the staking power.

  2. A VDF N times faster than the current VDF.

  3. Time T = B * (Tk / N); B being the block height and Tk the old VDF execution time.


The necessity of the extra security layer is still yet to be seen, as the possibility of a 51% attack in a PoS system is highly unlikely. However, the value and applications of VDFs in distributed systems are yet to be realized. In the next couple of years, VDFs will drastically transform the blockchain space to make them more efficient, usable and most importantly: green.

Leave a Comment

Your email address will not be published. Required fields are marked *

Please wait...
Scroll to Top