5.4.2. Committee Randomness Security

We assumed that an adversary has limited capacity such that he/she is subject to the usual cryptographic hardness assumptions and honest nodes never share their keys with each other or disclose the input string *x* of the VRF function before the end of randomness generation. Therefore, members of a new committee could be completely random owing to the unpredictability property of the VRF-based randomness string generation. In addition, given the assumption that an adversary can only control up to *f* byzantine validators, the chain finality achieves safety by making agreements on checkpoints if current PoENF committee has no less than 2 *f* + 1 honest members. Therefore, the adversary has at most *m* = 1/4 chance per round to control the checkpoint voting process. As a result, the probability that an adversary controls *n* consecutive checkpoint is upper-bounded by *P*[*X* ≥ *n*] = 14*n* < 10−*λ*. For *λ* = 6, the adversary will control at most ten consecutive chain finality runs.
