Idea: Reduce number of forks in BABE

[bkchr]

BABE is using a VRF to determine who is the next block author. Only the block author itself knows that it is a block author. The problem of the VRF is that not always exactly one fulfills the requirements. This means that there can be more than one author or also zero authors per slot that are eligible to build a block. To prevent that a slot is skipped, there exists the secondary block author list which is using round robin to determine the next block author. So, each slot there is the secondary block author and zero or many VRF based block authors.

My rough idea is the following:

• Introduce an optional networking protocol for BABE which only accepts authorities to connect.
• If a node has solved the VRF and is eligible to build a block, it should send around a zk proof to all the other authorities that it will build a block.
• The output of the zk proof should be primary threshold. This threshold should be used to determine the final block author if there are multiple VRF "winners".
• The networking protocol should use some grid based gossip to have some sort of privacy. Each node is sending the proof to the row & column to prevent others knowing the origin of the proof.

So, the block building node would reveal a proof over the successful solving of the VRF to the other validators in the network, before sending out the block. By not directly knowing the source of the message, the actual block author is hidden. For sure the solution is not perfect and someone could find out who is the origin of the message, but the time frame would also be quite short. The time of sending the proof could also be delayed randomly from the start of the slot. The main requirement would be a reasonable fast zk prover that can be run by the validators to generate the zk proof. (@burdges is that possible? :P)

[xlc]

or just upgrade to Safrole?

[bkchr]

Reasonable proposal, but I don't think we will go through this hassle of changing the consensus and wait for Jam ;)

[burdges]

If a node has solved the VRF and is eligible to build a block, it should send around a zk proof to all the other authorities that it will build a block.

This isn't a lot simpler than sasafrass.

If you want a lot simpler, then the VRF winner could contact only the round-robin winner, and send them the VRF proving they should not make a block. This hurts the anonymity and weakens the protocol, but sassafras does similar, so the sassafras analysis should prove this secure, maybe with slightly longer epochs or something.

An even simpler solution: Just make VRF winner make their blocks earlier, but make round-robin winners make their blocks later, and skip making their block if they've recieved a VRF winning block. This brings no anonymity weaknesses, but likely works often enough in practice.

These both depend upon the round-robin winner being honest, which yeah sure sucks, but the question is how to do something simpler than sassafras.

Aside: Safrole is just sasafrass minus the "erased keys", which do not matter for the RC, but look useful for parachains block producers, so parachains should probably use sassafras not safrole. If safrole suffices for some parachain, then a shuffle based scheme maybe more sensible if there are vew collators.