Merge pull request #1110 from multiversx/development

Merge development to main

Author: danielailie

docs/developers/relayed-transactions.md

@@ -116,5 +116,5 @@ Here's an example of a relayed v3 transaction. Its intent is to call the `add` m
 The SDKs have built-in support for relayed transactions. Please follow:
  - [mxpy support](/sdk-and-tools/sdk-py/mxpy-cli/#relayed-transactions-v3)
  - [sdk-py support](/sdk-and-tools/sdk-py/sdk-py-cookbook/#relayed-transactions)
- - [sdk-js v14 support](/sdk-and-tools/sdk-js/sdk-js-cookbook-v14#relayed-transactions)
+ - [sdk-js v14 support](/sdk-and-tools/sdk-js/sdk-js-cookbook#relayed-transactions)
  - [sdk-js v13 support (legacy)](/sdk-and-tools/sdk-js/sdk-js-cookbook-v13#preparing-a-relayed-transaction)

docs/developers/sc-calls-format.md

@@ -76,7 +76,7 @@ There are multiple ways of formatting the data field:
 
 - manually convert each argument, and then join the function name, alongside the argument via the `@` character.
 - use a pre-defined arguments serializer, such as [the one found in sdk-js](https://github.com/multiversx/mx-sdk-js-core/blob/main/src/smartcontracts/argSerializer.ts).
-- use sdk-js's [contract calls](/sdk-and-tools/sdk-js/sdk-js-cookbook-v14/#smart-contracts).
+- use sdk-js's [contract calls](/sdk-and-tools/sdk-js/sdk-js-cookbook/#smart-contracts).
 - use sdk-cpp's [contract calls](https://github.com/multiversx/mx-sdk-cpp/blob/main/src/smartcontracts/contract_call.cpp).
 - and so on
 

docs/developers/signing-transactions/signing-programmatically.md

@@ -5,5 +5,5 @@ title: Signing programmatically
 
 In order to sign a transaction (or a message) using one of the SDKs, follow:
 
-- [Signing objects using **sdk-js**](/sdk-and-tools/sdk-js/sdk-js-cookbook-v14#signing-objects)
+- [Signing objects using **sdk-js**](/sdk-and-tools/sdk-js/sdk-js-cookbook#signing-objects)
 - [Signing objects using **sdk-py**](/sdk-and-tools/sdk-py/sdk-py-cookbook#signing-objects)

docs/learn/consensus.md

@@ -3,18 +3,116 @@ id: consensus
 title: Consensus
 ---
 
-MultiversX's approach for consensus is called Secure Proof of Stake (SPoS). It innovates in the manner in which validator nodes are selected for consensus out of a shard and also in the steps taken by the validators to complete the consensus process as efficiently as possible. Let's take a look.
+# Consensus (Secure Proof‑of‑Stake – SPoS)
 
-At the beginning of each round, SPoS selects validators for consensus using a **randomness source** that can be neither predicted, nor influenced. It is surprisingly simple, requiring only to be calculated from the previous block and to be signed by the consensus leader of the current round (also known as the _block proposer_). The resulting signature will be the randomness source for the next round, and due to its reliance on the immediately preceding block, it cannot be known more than a round in advance.
+## 1.  How Consensus Works in MultiversX (post-Andromeda)
 
-In each round, a new consensus group is selected to propose a block. But only one validator in the group will be the **block proposer**. This is the validator in the consensus group which has the hash of the public key and randomness source is the smallest, numerically. The block proposer will produce the block for the round, and the rest of the consensus group will validate and sign it.
+Consensus is the protocol that keeps every shard and the Metachain in lock‑step, ensuring all honest participants share **one canonical history**. MultiversX uses a bespoke scheme called **Secure Proof‑of‑Stake (SPoS)**, a blend of stake‑weighted validator selection, VRF‑style randomness, and a high‑speed BLS multisignature algorithm that guarantees _single‑block finality_.
 
-The time necessary for random selection of the consensus group is exceptionally short (around 100 ms, often less). This efficiency is a consequence of the fact that consensus selection is deterministic once the randomness source is known, thus there is no communication requirement. This allows total round times on the order of mere seconds.
+Below is a step‑by‑step walk‑through of *one* six‑second block cycle (round `r`). The same engine runs independently in **every execution shard** and in the **Metachain**.
 
-There is a security advantage to having rounds this short: SPoS is built on the premise that a malevolent actor cannot adapt faster than the timeframe allowed by a round in order to influence the block that will be proposed.
+### 1.1  Validator set and epochs
 
-Like other Proof of Stake methods, SPoS selects validator nodes for consensus based on the amount of EGLD tokens staked by their operators. Additionally, each validator has an individual **rating score** that is taken into account - stake alone may only influence, but not completely determine the selection for consensus. Rating expresses the past behavior of the specific validator and is taken into account during consensus selection: validators with a higher rating are more likely to be selected. The rating of a validator is recalculated at the end of each epoch, with a few specific exceptions when rating is adjusted immediately. This way, SPoS promotes meritocracy among validators, encouraging their operators to keep them running smoothly.
+* **Validators.** Nodes that stake a minimum of 2500EGLD and run the MultiversX node client software. Each validator holds a long‑lived BLS key that is rotated only when they unbond/unstake, anyway the keys are shuffled among shards each epoch.
+* **Epoch.** A period of 24 hours (≈ 14 400 blocks on a 6 s cadence-round). At the start of every epoch the 400 validators in each shard are reshuffled using a deterministic permutation seeded with verifiable randomness. The composition of a shard remains fixed for the whole epoch.
 
-A modified BLS multisignature scheme with 2 communication rounds is used by the consensus group for signing the block produced by the block proposer. Refer to the animation below for a step-by-step description of this process:
+### 1.2  Round randomness
 
-![img](https://gblobscdn.gitbook.com/assets%2F-LhHlNldCYgbyqXEGXUS%2F-LiMxIign95mclxNqYGx%2F-LiMxWSVhwOjpz3wB71V%2Fspos.gif?alt=media&token=734c6439-d245-4e83-9a81-a72e6e27ce32)
+Randomness must be unpredictable yet verifiable. For round `r` the seed is:
+
+```
+rand_r = BLS_sign(prev_block_hash, proposer_{r-1})
+```
+
+Because the identity of the previous proposer is only revealed at the end of round `r – 1`, no one can bias or predict `rand_r` ahead of time.
+
+### 1.3  Proposer election
+
+Each validator hashes together its public key and `rand_r`:
+
+```
+score_i = Hash(PK_i ‖ rand_r)
+```
+
+The lowest score wins and becomes the **proposer** for round `r`. Ties are astronomically unlikely.
+
+### 1.4  Two‑phase BLS consensus
+
+Once chosen, the proposer assembles a block and broadcasts it to the other 399 validators. Consensus then runs in **two BLS rounds**—`prepare` and `commit`—similar to PBFT but with aggregated signatures:
+
+1. **Prepare.** Validators check the block (state root, signatures, gas limits). If valid they sign its hash and return a 96‑byte BLS share.
+2. **Commit.** The proposer (or any validator) aggregates ≥ ⅔ of the shares into a single 96‑byte signature and broadcasts a **commit message**.
+
+Because **all 400 validators** participate (post‑Andromeda), a share threshold of 268 guarantees Byzantine safety.
+
+### 1.5  Equivalent Consensus Proof (ECP)
+
+The final artefact attached to the block header is an **ECP**:
+
+```
+ECP = (agg_signature, bitmap_400)
+```
+
+* `agg_signature` – aggregated BLS signature from ≥ 268 validators.
+* `bitmap_400` – 400‑bit field indicating which keys took part.
+
+Any validator can perform the aggregation; there is no single point of failure. Because the validator set and aggregation order are deterministic inside the epoch, *exactly one* valid ECP can exist for a given block—making equivocation impossible.
+
+### 1.6  Notarisation and finality
+
+* **Execution shards**: A block is **final the moment its ECP is broadcast**. No confirmation block is needed.
+* **Metachain**: Collects hashes of all shard blocks plus their ECPs, notarises them in the metablock of the next round, and itself reaches finality via the same BLS protocol.
+
+**Latency:** ~6 s for intra‑shard txs, ~18 s for cross‑shard (three‑block path).
+
+## 2.  Consensus group size: 63 → 400
+
+| Era | Execution‑shard consensus group | Metachain |
+|-----|---------------------------------|-----------|
+| **Pre‑Andromeda** | 63 of 400 eligible validators, shuffled _every round_ | 400 validators |
+| **Andromeda** | **All 400 validators** every round (fixed for the whole epoch) | **Unchanged** (400) |
+
+Using the full validator set removes the need for a confirmation block; a single consensus proves majority acceptance.
+
+## 3.  Consensus flow (post‑Andromeda)
+
+```mermaid
+sequenceDiagram
+    participant P as Proposer
+    participant V as Validators (399)
+    participant M as Metachain
+
+    %% Round r
+    P->>V: ① Block proposal (header + txs)
+    V->>P: ② Prepare signatures (first BLS round)
+    P->>V: ③ Commit message (aggregated sig ≥ ⅔)
+    V->>M: ④ Broadcast final block + ECP
+    M--)P: ⑤ Block notarised (instant finality)
+```
+
+**Equivalent Consensus Proof (ECP)**  
+Any validator can aggregate ≥ ⅔ BLS shares into an ECP. Because aggregation order is fixed and the validator set is constant across the epoch, the proof is uniquely determined – _equivocation is impossible_.
+
+## 4.  Confirmation blocks removed
+
+*Pre‑Andromeda*: each execution shard produced a **block** and, one round later, a **confirmation block** to seal it. The Metachain applied the same pattern to eliminate double‑spend risk.  
+*Andromeda*: one block is enough; once its ECP is broadcast the block is final, so no confirmation blocks are produced. This halves average time‑to‑finality.
+
+## 5.  Validator rating & selection
+
+* **Rating** still measures historical performance and influences shard assignment probability at the **epoch shuffle** step.  
+* Because every validator now participates in every round, rating no longer affects _per‑round_ selection but continues to impact rewards via uptime and signature participation.
+
+## 6.  Security considerations
+
+* **Byzantine tolerance**: With 400 signatures per block the network tolerates up to 133 malicious validators per shard (≈ ⅓).  
+* **Rogue‑key protection**: Implemented via KOSK and deterministic aggregation order – enabling fast verification of 400‑party BLS signatures.  
+* **Proposer failure**: Because ECP finalisation is permissionless, the network is no longer sensitive to a single proposer going offline.
+
+## TL;DR
+
+* **400/400 validators** now sign every shard block.
+* **Equivalent Consensus Proofs (ECP)** replace leader‑only finalisation – _any_ validator can finalise.
+* **Confirmation blocks are gone**: a block is final the moment ≥ ⅔ signatures are aggregated.
+* Randomness & proposer selection remain **per‑round** and still depend on the previous block hash.
+* Validator **rating** and **stake** continue to influence shard assignment and rewards – unchanged.