Open
Description
Blockchain verifiers do not necessarily need an RNG access and we have proven in the past (Libra project) that a careless implementation could result in consensus inconsistency. One option is to replace RNG randomizer exponents with Merlin type Fiat-Shamir derivation.
This RNG-based batch verification is currently the case for both EdDSA and BLS.