> ## Documentation Index > Fetch the complete documentation index at: https://docs.magicblock.gg/llms.txt > Use this file to discover all available pages before exploring further. # Security > MagicBlock's VRF program is audited and generates verifiable randomness MagicBlock exposes randomness through [**VRF Program**](https://github.com/magicblock-labs/ephemeral-vrf/) – a Solana VRF implementation that uses a network of oracles to compute and verify random values. The protocol follows [RFC 9381](https://datatracker.ietf.org/doc/html/rfc9381), leveraging Curve25519's Ristretto group and Schnorr‑style signatures for proofs. See the [Technical Details](./technical-details) page for integration specifics. Upon randomness request, the VRF program computes a [unique hashId](https://github.com/magicblock-labs/ephemeral-vrf/blob/main/program/src/request_randomness.rs#L71) from various inputs and stores it in the onchain oracle queue: ```rust theme={null} let combined_hash = hashv(&[ &args.caller_seed, &slot.to_le_bytes(), &slothash, &args.callback_discriminator, &args.callback_program_id.to_bytes(), &time.to_le_bytes(), &idx.to_le_bytes(), ]); ``` Verified oracles sign the unique queue items with their private key, the resulted signature or `randomness proof` is verifiable onchain: The `randomness proof` is cryptographically bound to the input `caller_seed` and to MagicBlock's VRF signer identity. Your callback enforces this with: ```rust theme={null} #[account(address = ephemeral_vrf_sdk::consts::VRF_PROGRAM_IDENTITY)] pub vrf_program_identity: Signer<'info>, ``` Only the official MagicBlock oracle can trigger the callback, preventing spoofed or manipulated results. Invalid proofs automatically fail, and other programs cannot front‑run the request. EphemeralVrf checks for conditions like `InvalidProof` and `Unauthorized` so incorrect signatures or unauthorized callers are rejected before your game logic runs.