Nice writeup Paul! I would just add that if a staker wishes to withdraw, they should be required to remain for at least one full “shift” following their request. Otherwise, a staker who is targeting a particular shard could do “better than random” by withdrawing whenever they’re about to be assigned to a different shard.
I think of VRF-based randomness as being very similar to RANDAO, except that determinism removes the need for commitments. So if we want to reduce biasability, we can use similar techniques:
- Batch
kVRFs together, and use the result for the nextkblocks - The subcommittee scheme you proposed
- Avalanche RANDAO
We’re planning to use #1 for our project. Its biasability is worse than #2 and #3, but it’s still very low if we use a large batch size, and we prefer to avoid public key encryption.