### Abstract

We give the first simple and efficient construction of verifiable random functions (VRFs). VRFs, introduced by Micali et al. [13], combine the properties of regular pseudorandom functions (PRFs) (i.e., indistinguishability from a random function) and digital signatures (i.e., one can provide an unforgeable proof that the VRF value is correctly computed). The efficiency of our VRF construction is only slightly worse than that of a regular PRF construction of Naor and Reingold [16]. In contrast to our direct construction, all previous VRF constructions [13, 12] involved an expensive generic transformation from verifiable unpredictable functions (VUFs). We also provide the first construction of distributed VRFs. Our construction is more efficient than the only known construction of distributed (non-verifiable) PRFs [17], but has more applications than the latter. For example, it can be used to distributively implement the random oracle model in a publicly verifiable manner, which by itself has many applications. Our construction is based on a new variant of decisional Diffie-Hellman (DDH) assumption on certain groups where the regular DDH assumption does not hold [10, 9]. Nevertheless, this variant of DDH seems to be plausible based on our current understanding of these groups. We hope that the demonstrated power of our assumption will serve as a motivation for its closer study.

Original language | English (US) |
---|---|

Title of host publication | Public Key Cryptography - PKC 2003 - 6th International Workshop on Practice and Theory in Public Key Cryptography, Proceedings |

Publisher | Springer Verlag |

Pages | 1-17 |

Number of pages | 17 |

Volume | 2567 |

ISBN (Print) | 354000324X, 9783540362883 |

DOIs | |

State | Published - 2002 |

Event | 6th International Workshop on Practice and Theory in Public Key Cryptography, PKC 2003 - Miami, United States Duration: Jan 6 2003 → Jan 8 2003 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Volume | 2567 |

ISSN (Print) | 03029743 |

ISSN (Electronic) | 16113349 |

### Other

Other | 6th International Workshop on Practice and Theory in Public Key Cryptography, PKC 2003 |
---|---|

Country | United States |

City | Miami |

Period | 1/6/03 → 1/8/03 |

### Fingerprint

### ASJC Scopus subject areas

- Computer Science(all)
- Theoretical Computer Science

### Cite this

*Public Key Cryptography - PKC 2003 - 6th International Workshop on Practice and Theory in Public Key Cryptography, Proceedings*(Vol. 2567, pp. 1-17). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2567). Springer Verlag. https://doi.org/10.1007/3-540-36288-6_1

**Efficient construction of (distributed) verifiable random functions.** / Dodis, Yevgeniy.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

*Public Key Cryptography - PKC 2003 - 6th International Workshop on Practice and Theory in Public Key Cryptography, Proceedings.*vol. 2567, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 2567, Springer Verlag, pp. 1-17, 6th International Workshop on Practice and Theory in Public Key Cryptography, PKC 2003, Miami, United States, 1/6/03. https://doi.org/10.1007/3-540-36288-6_1

}

TY - GEN

T1 - Efficient construction of (distributed) verifiable random functions

AU - Dodis, Yevgeniy

PY - 2002

Y1 - 2002

N2 - We give the first simple and efficient construction of verifiable random functions (VRFs). VRFs, introduced by Micali et al. [13], combine the properties of regular pseudorandom functions (PRFs) (i.e., indistinguishability from a random function) and digital signatures (i.e., one can provide an unforgeable proof that the VRF value is correctly computed). The efficiency of our VRF construction is only slightly worse than that of a regular PRF construction of Naor and Reingold [16]. In contrast to our direct construction, all previous VRF constructions [13, 12] involved an expensive generic transformation from verifiable unpredictable functions (VUFs). We also provide the first construction of distributed VRFs. Our construction is more efficient than the only known construction of distributed (non-verifiable) PRFs [17], but has more applications than the latter. For example, it can be used to distributively implement the random oracle model in a publicly verifiable manner, which by itself has many applications. Our construction is based on a new variant of decisional Diffie-Hellman (DDH) assumption on certain groups where the regular DDH assumption does not hold [10, 9]. Nevertheless, this variant of DDH seems to be plausible based on our current understanding of these groups. We hope that the demonstrated power of our assumption will serve as a motivation for its closer study.

AB - We give the first simple and efficient construction of verifiable random functions (VRFs). VRFs, introduced by Micali et al. [13], combine the properties of regular pseudorandom functions (PRFs) (i.e., indistinguishability from a random function) and digital signatures (i.e., one can provide an unforgeable proof that the VRF value is correctly computed). The efficiency of our VRF construction is only slightly worse than that of a regular PRF construction of Naor and Reingold [16]. In contrast to our direct construction, all previous VRF constructions [13, 12] involved an expensive generic transformation from verifiable unpredictable functions (VUFs). We also provide the first construction of distributed VRFs. Our construction is more efficient than the only known construction of distributed (non-verifiable) PRFs [17], but has more applications than the latter. For example, it can be used to distributively implement the random oracle model in a publicly verifiable manner, which by itself has many applications. Our construction is based on a new variant of decisional Diffie-Hellman (DDH) assumption on certain groups where the regular DDH assumption does not hold [10, 9]. Nevertheless, this variant of DDH seems to be plausible based on our current understanding of these groups. We hope that the demonstrated power of our assumption will serve as a motivation for its closer study.

UR - http://www.scopus.com/inward/record.url?scp=84958742006&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84958742006&partnerID=8YFLogxK

U2 - 10.1007/3-540-36288-6_1

DO - 10.1007/3-540-36288-6_1

M3 - Conference contribution

AN - SCOPUS:84958742006

SN - 354000324X

SN - 9783540362883

VL - 2567

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 1

EP - 17

BT - Public Key Cryptography - PKC 2003 - 6th International Workshop on Practice and Theory in Public Key Cryptography, Proceedings

PB - Springer Verlag

ER -