Problem Context

Colluding consensus nodes can bias the randomness in the main chain by exploiting the fork-choice rule:

Lets assume that E is the set of malicious consensus nodes, who try to bias the source of randomness.
Whenever a member of group E is a primary, it checks whether any of the unfinalized blocks includes a target transaction. If this is the case, and the source of randomness is not favourable, the primary proposes a fork which includes target transaction.
this sampling process can be repeated as long as the block with the target transaction is unfinalized and members of E are frequently-enough primaries

I feel that a critical security aspect might be that we need to consider blocks as part of the chain with the ability of consensus nodes to bias this chain.

Impact

Attack has zero financial risk: It is indistinguishable from normal operations of the blockchain under non-ideal conditions.

This attack is specifically relevant for

Randomness in cadence: the colluding consensus nodes could bias the outcome of some transactions in favor of some party (e.g. a gambling dapp that is bribing them to do so).
Safety of the Flow protocol: at Epoch switchover, many parameters of the specific network are randomly sampled. For example, collectors are randomly partitioned into clusters, the random beacon committee is selected from the consensus nodes. Source of randomness is also used to assign verifiers to chunks. Biasing the source of randomness might undermine the security of the network by increasing the probability of byzantine attacks.

[Proposal] Mitigation Strategy

The threshold signature signs the latest finalized block instead of the parent block:

➕ whatever fork the primary chooses, the source of randomness is the same. Malicious primaries can't manipulate the source of randomness.

➖ a source of randomness of a block is only available once the block is finalized, this makes the pipeline to execute a block is 3 blocks longer.
The threshold signature signs the block view:

➕ whatever fork the primary chooses, the source of randomness is the same.

➖ Malicious nodes can compute all source of randomness of the current epoch ahead of time, since the message to sign does not depend on blocks.
The threshold signature signs the block height:

➖ a malicious primary can choose the fork with the best source of randomness and therefore manipulates the source.

➕ all sources values will be used at some point, even if a certain source is manipulated a fork is chosen, that same source will be used for a later block.

➖ Malicious nodes can compute all source of randomness of the current epoch ahead of time, since the message to sign does not depend on blocks.
The source of randomness is only generated once a block is finalized. The threshold signature signs the finalized block, but, threshold signature shares are shared with the primary only when the block is finalized. If an informant finds out a signature share is shared ahead of time, the signer gets slashed:

➖ a source of randomness of a block is only available once the block is finalized, this makes the pipeline to execute a block 3 blocks longer.

➕ a malicious primary can't predict the source of randomness at the time it proposes the block.

➕ Sources of randomness of the epoch can't be computed ahead of time.

➖ the idea doesn't work if there exists a transformation $f$ such that images of the shares are shared publicly, the images do not allow slashing an early signer, but all images allow evaluating if a source of randomness is favourable to a malicious node.