# SEP109: On-chain Verification of Verifiable Random Functions * [SEP-100: On-chain Verification of Verifiable Random Functions](#on-chain-verification-of-verifiable-random-functions) * [1. Summary](#1--summary) * [2. Abstract](#2--abstract) * [3. Motivation](#3--motivation) * [4. Status](#4--status) * [5. Specification](#5--specification) * [6. License](#6-license) ## 1. Summary This SEP specifies a precompiled contract which can verify VRFs (Verifiable Random Functions). ## 2. Abstract A [Verifiable Random Functions](https://tools.ietf.org/id/draft-irtf-cfrg-vrf-06.html) is the public-key version of a keyed cryptographic hash. Only the holder of the private key can compute the hash, but anyone with public key can verify the correctness of the hash. It is very hard to implmenent VRF using EVM's bytecode, since VRF needs a lot of computations on eliptic curves. So on smartBCH, we implement VRF using the native language (Golang) and expose its interface as a precompile contract, which has a predefined address: 10003. ## 3. Motivation Verifiable random functions are very useful in electing a random quorum in a fair way. They have been used in some blockchains, such as Algorand, VeChain and harmony.one. If smart contracts can support VRFs, on-chain governance can also use them in electing quorems, which will benefit smartBCH's ecosystem. ## 4. Status This SEP was already deployed at the XHedge upgrade. ## 5. Specification The smart contract at the address of 0x0000000000000000000000000000000000002713 can verify VRFs. It takes a byte string as input, which contains the following information: 1. `Alpha` (byte 0\~31), this is the preimage to be hashed. Although IETF's standard allows variable-length alpha, on smartBCH only fixed length preimages are supported. 2. `Public Key` (byte 32\~64), this is a 33-byte compress public key for the secp256k1 curve. 3. `Pi` (bytes 65\~end), this is the proof for hashing. It returns 32-byte output data and a status code. When `Public Key` and `Pi` are valid, the status code is 1 and the 32-byte output data is hash result of `Alpha`; when any of them is invalid, the status code is 0 and the output data are all zeros. Example usage in solidity: ```solidity function verify(uint alpha, bytes calldata pk, bytes calldata pi, bytes calldata beta) external returns (bool) { require(pk.length == 33, 'pk.length != 33'); (bool ok, bytes memory retData) = address(0x2713).call(abi.encodePacked(alpha, pk, pi)); return ok && keccak256(retData) == keccak256(beta); } ``` ## 6. License The content is licensed under [CC0](https://creativecommons.org/publicdomain/zero/1.0/). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.smartbch.org/smartbch/smartbch-evolution-proposals-seps/sep-109.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.