Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [verifiable-random-function]

A verifiable random function is a public-key cryptosystem serving like a pseudorandom function under a secret key, with the additional characteristic that outputs are verifiable under the corresponding public key.

24 questions
17
votes
1 answer

What is the difference between signatures and VRF?

For example we have asymmetric signature scheme(RSA or ECC based) and VRF(also can be RSA/ECC based), both of them can be verified using public key of the signer/hasher and also are unique for each message. So what is the difference?
Kesha
  • 365
  • 3
  • 8
8
votes
4 answers

A source of randomness that anyone can independently, conveniently and robustly access?

Does there exist a source of randomness that anyone in the world can independently, conveniently and robustly access? For example, the 10th decimal place of the temperature in Mexico City is sufficiently random. But it's inconvenient for Bob to…
chausies
  • 365
  • 1
  • 11
8
votes
1 answer

Simple application of verifiable random function?

I have been reading a little bit about verifiable random functions (e.g.). In the literature, these are described as "pseudo-random functions that provide a non-interactively verifiable proof for the correctness of their output". I'm having a little…
pg1989
  • 4,736
  • 25
  • 43
7
votes
1 answer

What is the main difference between Unique signature and Verifiable Random Function?

The output of VRF contains two parts, the first is the output of the VRF hashing and the second is the proof of correctness. In a unique signature scheme, the signature also contains two parts which are similar to the VRF. The previous works…
Z.P.
  • 353
  • 1
  • 6
6
votes
1 answer

How can 4 users generate a provable fair random number?

The past few weeks I have been trying to solve a difficult problem. I have asked some cryptography experts but unfortunately they had no clue on how to solve the problem. The situation is as follows, an online casino wants to host an online bet,…
Mathijs
  • 61
  • 3
4
votes
2 answers

Does this description of verifiable random functions seem accurate?

I've been thinking about verifiable random functions recently due to my interest in sortition (random selection of political officials). I wrote up this little paragraph below, and I'm wondering: Does this paragraph seem accurate? I'm not very…
Will
  • 153
  • 4
3
votes
1 answer

Commit the output of verifiable random functions

The problem setting is as follows. Suppose there exists a public input $x$ and the prover evaluates $y \gets VRF_{sk}(x)$, but the prover does not wish to reveal the output $y$. My question is would it be possible to let the prover publishes the…
Chenghong
  • 53
  • 5
3
votes
1 answer

Does an EC signature preserve entropy?

Assume I have a perfect source of entropy, which is unknown to me, and is used to generate a private key (also unknown to me, but usable). If I make a signature with this unknown private key on a constant piece of data (e.g. hash('foo')) and then…
asmiller
  • 133
  • 3
3
votes
1 answer

Proof-of-Randomness with an EC Public Key

I will be using a tRNG to generate EC keypairs on a Secure Integrated Controller. I need to demonstrate I, the issuer, can not know the private key without colluding with the user to obtain it, even if the tRNG is weak. I also don't want to reveal…
WindowCleaner
  • 31
  • 2
2
votes
3 answers

How are the keys used in cryptography generated?

It seems there are keys everywhere in cryptography. From things like HMAC to encryption (both asymmetric and symmetric). The bit I do not totally understand now is how are cryptographic keys generated? I know they have to be random, but is that all…
Finlay Weber
  • 504
  • 1
  • 3
  • 12
2
votes
1 answer

Can we use BLS as a VRF?

Intuitively, it seems that the hash of a BLS signature could be used as a VRF as well. In a nutshell, BLS-Signature is the VRF output and the verification first checks the signature is valid, and then compute the hash over it to provide the VRF…
Nikkolasg
  • 204
  • 1
  • 7
2
votes
0 answers

Can Verifiable Random Functions be used to pick a random node from a pool?

Let's say that I have a decentralized system and I have a list of nodes published on a public log like a blockchain. I want a node A to be able to connect to another node B. B should be chosen randomly from a subset S of the list of all nodes. Once…
David
  • 161
  • 1
2
votes
1 answer

Why do the authors state "an arbitrary circuit can be transformed into a layered monotonic circuit of polynomially related size."

I have recently been reading "Constrained Pseudorandom Functions" by Boneh and Waters, and "Constrained Verifiable Random Functions" by Fuchsbauer. One of the claimed results is that, for any circuit $C$, you can constrain a PRF key $k$ into a key…
Franklin Harding
  • 81
  • 4
2
votes
1 answer

How could a 1024‒bits RSA modulus be most economically factored within months today?

Of course this is a question with an answer that is due to evolve. A 2002 paper about TWIRL stated that the cost would be around 10M\$ and an other 10M\$ to manufacture the device. A later 2007 paper claimed to have improved the design and created…
user2284570
  • 324
  • 4
  • 19
1
vote
0 answers

Can we instantiate VRF without using pairing?

As my survey, most of(I am not sure if it is "all") the constructions of VRF are instantiated with the use of pairing. Can we construct a VRF without using pairing?
Eric_Qin
  • 807
  • 7
  • 13
1
2