# Verifiable Random Function (VRF)

In cryptography, a verifiable random function (VRF) is a random number generator (RNG) that generates an output that can be cryptographically verified as random. Verifiable randomness is essential to many blockchain applications because its tamper-proof unpredictability enables exciting gameplay, rare NFTs, and unbiased outcomes.

In this article, we examine what verifiable random functions are, explore how randomness is used in blockchains, and see how smart contract developers can leverage a secure source of randomness in their own dApps using Chainlink Verifiable Random Function (VRF).

What Is a Verifiable Random Function (VRF)?A verifiable random function is a cryptographic function that takes a series of inputs, computes them, and produces a pseudorandom output, along with a proof of authenticity that can be verified by anyone.

Inputs for a VRF typically include a public/private key pair (also known as a verification key and secret key) and a seed. A public/private key pair is created and a seed is selected. Those values are passed into the VRF, where the private key and seed are used to generate a random number. The VRF then outputs a random number along with a proof. Critically, the generation of a proof makes the function verifiable, while keeping the private key hidden ensures the number is unpredictable.

As the name suggests, a verifiable random function is defined by its core features:

Verifiable—Anyone can verify that the random number generated by a VRF is valid. All they need to do is inspect the proof and verify the correctness of the hash output. While only the holder of the VRF secret key can compute the hash, anyone with the public key can verify the correctness of the hash. Random—The output of a VRF is entirely unpredictable (uniformly distributed) to anyone who doesn’t know the seed or private key and follows no pattern. In a VRF, every possible output is equally likely. The randomness is generated by combining the seed and private key in a unique manner. Function—VRFs rely on a mathematical algorithm to produce both the random number and a proof that verifies its authenticity. For a function to be considered a VRF, the RNG must keep the seed hidden (implicit) to preserve its unpredictability, while the proof must be explicit and calculable by everyone (explicit) to ensure its verifiability. History of VRFThe concept of verifiable random functions was introduced in a paper published by acclaimed computer scientists and mathematicians Silvio Micali, Michael Rabin, and Salil Vadhan in 1999. Notably, Silvio Micali went on to launch the Algorand blockchain, which uses a VRF in its consensus mechanism.

There have since been a number of key breakthroughs in the development of VRFs. The technology was improved in 2005 when Yevgeniy Dodis and Aleksandr Yampolskiy enhanced its efficiency by utilizing a collision-resistant hash function that enabled shorter proofs and keys. Then in 2015, Dennis Hofheinz and Tibor Jager created a provably secure VRF using elliptic curve cryptography. And in 2019, Nir Bitansky showed that VRFs can be constructed with general primitives rather than simply algebraic constructions. Many VRF implementations today rely on these innovations.

Interestingly, in 2020 researchers proposed a VRF that uses lattice-based cryptography that’s secure enough to protect against attacks from a quantum computer, suggesting that VRF can remain an important technology long into the future.

VRF Use CasesMost RNGs don’t produce a random number that can be cryptographically verified, leaving them vulnerable to manipulation and thereby limiting their use cases. By guaranteeing the security of a random number, VRFs unlock a number of important use cases such as:

Internet security—VRF is used to help secure domain name system (DNS) messages. Zero-knowledge technology—VRF is used in the protocol design for zero-knowledge proofs and zero-knowledge databases. Non-interactive lottery systems—VRF enables provably fair and efficient outcomes for lotteries. Verifiable transaction escrow schemes—VRF can help support automated escrow services that preserve user anonymity. Blockchains and smart contracts—VRF has become an important part of decentralized protocols and applications. VRF in BlockchainA number of layer-1 blockchains, including Algorand, Cardano, Internet Computer, and Polkadot, use VRF in their consensus mechanisms to randomly select block producers.

Elsewhere in the blockchain technology ecosystem, smart contract developers also require a source of randomness for their applications. However, on-chain applications do not have access to a secure RNG due to the deterministic nature of blockchain networks. Using on-chain blockhashes as a source of randomness can result in manipulation by blockchain miners/validators who discard blocks with unfavorable hashes and can “re-roll the dice,” changing the RNG value. Naive off-chain solutions are opaque and provide no proof that the RNG value produced is legitimate and has not been manipulated by either the data source or oracle node.

Blockchain miners/validators can exploit blockchain-based RNG solutions.Well-designed systems relying on randomness would ideally want it to be provably fair and equally uncertain to all contract participants and also reduce the risk that an adversary could exploit contracts by predicting its outcomes.

Chainlink VRFChainlink VRF is a provably fair and verifiable RNG that meets these requirements, providing smart contracts with a secure source of randomness backed by cryptographic proof that cannot be manipulated by oracle nodes, users, or development teams.

Chainlink VRF provides developers with a wide array of benefits, including:

Unpredictability—Chainlink VRF is unpredictable: No one can predict the randomness to increase their odds of success because block data is unknown at the time the request is being made. Fairness—Chainlink VRF is fair and unbiased because the random number is based on uniform distribution, meaning that all numbers in the range have an equal chance of being selected. Randomness—Chainlink VRF is provably random because it relies on blockhashes that are unknown ahead of time as the seed for the RNG that is built into the VRF node. Tamper-proof—Chainlink VRF is tamper-proof because no one—not the oracle, external entities, or the development team—can tamper with the RNG process.Chainlink VRF serves as an abstraction layer between the user and the blockchain, enabling smart contract developers to access a secure source of randomness that they can use in their applications.

Chainlink VRF uses open-source code and cryptography to create a tamper-proof source of randomness that users can verify as fair and unbiased.Chainlink VRF is an implementation of Goldberg’s Verifiable Random Function (VRF) as described in this paper. For each randomness request, Chainlink VRF generates one or more random values along with cryptographic proof of how those values were determined. The proof is published and verified on-chain before any consuming application can use it.

Chainlink VRF Use CasesChainlink VRF is being used as a secure source of on-chain randomness across the Web3 ecosystem, including in leading GameFi, DeFi, and NFT projects.

Chainlink VRF use cases include:

Assigning randomized attributes to NFTs—Chainlink VRF can help create unique NFTs during the minting process. Axie Infinity used Chainlink VRF to provide each Origin Axie with a random set of characteristics. Fairly distributing rare NFTs—Chainlink VRF provides auditable evidence that NFTs were distributed fairly. Bored Ape Yacht Club (BAYC) used Chainlink VRF to randomly distribute its new Mutant Serum NFTs to current BAYC NFT holders. Unpredictable gaming outcomes—Developers can build more fun blockchain games by leveraging random outcomes. For example, Blockmine uses Chainlink VRF to support random draws in its Next Card game. Fairly selecting participants—Distribute highly coveted items like tickets to exclusive events, choose presale winners for luxury items, and select participants in a popular public sale. For example, Centaur uses Chainlink VRF to select participants for its on-chain public sale. Randomly selecting winners—With Chainlink VRF, users will be able to verify that each winner is selected with an unbiased source of randomness. For example, PoolTogether is a no-loss savings game that pools user deposits and distributes the earned interest on the pool to a randomly selected winner in daily and weekly drawings. PoolTogether uses Chainlink VRF to help randomly choose winners in its no-loss savings game. ConclusionIn the blockchain space, Chainlink VRF is the industry-leading secure random number generator (RNG), enabling smart contracts and off-chain systems to access a verifiably tamper-proof source of randomness.

Providing a source of randomness that is both cryptography secure and verifiable enables developers to build systems that are more open, accessible, and tamper-proof than the current alternatives. Ultimately, Chainlink VRF and smart contracts help fulfill the blockchain vision of moving society away from weak trust-based systems and toward stronger math-based systems built on cryptographic truth.

If you’re a developer and want to quickly get your application connected to Chainlink VRF, visit the developer documentation and join the technical discussion on Discord. If you want to schedule a call to discuss the integration more in-depth, reach out here.

Additional Resources