Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [verifiable-random-function]

A verifiable random function is a public-key cryptosystem serving like a pseudorandom function under a secret key, with the additional characteristic that outputs are verifiable under the corresponding public key.

17 questions
15
votes
1 answer

What is the difference between signatures and VRF?

For example we have asymmetric signature scheme(RSA or ECC based) and VRF(also can be RSA/ECC based), both of them can be verified using public key of the signer/hasher and also are unique for each message. So what is the difference?
Kesha
  • 345
  • 2
  • 8
7
votes
1 answer

Simple application of verifiable random function?

I have been reading a little bit about verifiable random functions (e.g.). In the literature, these are described as "pseudo-random functions that provide a non-interactively verifiable proof for the correctness of their output". I'm having a little…
pg1989
  • 4,606
  • 21
  • 39
6
votes
4 answers

A source of randomness that anyone can independently, conveniently and robustly access?

Does there exist a source of randomness that anyone in the world can independently, conveniently and robustly access? For example, the 10th decimal place of the temperature in Mexico City is sufficiently random. But it's inconvenient for Bob to…
chausies
  • 335
  • 1
  • 10
6
votes
1 answer

What is the main difference between Unique signature and Verifiable Random Function?

The output of VRF contains two parts, the first is the output of the VRF hashing and the second is the proof of correctness. In a unique signature scheme, the signature also contains two parts which are similar to the VRF. The previous works…
Z.P.
  • 343
  • 1
  • 6
5
votes
1 answer

How can 4 users generate a provable fair random number?

The past few weeks I have been trying to solve a difficult problem. I have asked some cryptography experts but unfortunately they had no clue on how to solve the problem. The situation is as follows, an online casino wants to host an online bet,…
Mathijs
  • 51
  • 3
3
votes
1 answer

Commit the output of verifiable random functions

The problem setting is as follows. Suppose there exists a public input $x$ and the prover evaluates $y \gets VRF_{sk}(x)$, but the prover does not wish to reveal the output $y$. My question is would it be possible to let the prover publishes the…
Chenghong
  • 53
  • 5
3
votes
1 answer

Does an EC signature preserve entropy?

Assume I have a perfect source of entropy, which is unknown to me, and is used to generate a private key (also unknown to me, but usable). If I make a signature with this unknown private key on a constant piece of data (e.g. hash('foo')) and then…
asmiller
  • 133
  • 3
3
votes
1 answer

Proof-of-Randomness with an EC Public Key

I will be using a tRNG to generate EC keypairs on a Secure Integrated Controller. I need to demonstrate I, the issuer, can not know the private key without colluding with the user to obtain it, even if the tRNG is weak. I also don't want to reveal…
WindowCleaner
  • 31
  • 2
2
votes
3 answers

How are the keys used in cryptography generated?

It seems there are keys everywhere in cryptography. From things like HMAC to encryption (both asymmetric and symmetric). The bit I do not totally understand now is how are cryptographic keys generated? I know they have to be random, but is that all…
Finlay Weber
  • 474
  • 3
  • 10
2
votes
1 answer

Can we use BLS as a VRF?

Intuitively, it seems that the hash of a BLS signature could be used as a VRF as well. In a nutshell, BLS-Signature is the VRF output and the verification first checks the signature is valid, and then compute the hash over it to provide the VRF…
Nikkolasg
  • 204
  • 1
  • 7
2
votes
2 answers

Does this description of verifiable random functions seem accurate?

I've been thinking about verifiable random functions recently due to my interest in sortition (random selection of political officials). I wrote up this little paragraph below, and I'm wondering: Does this paragraph seem accurate? I'm not very…
Will
  • 133
  • 4
2
votes
0 answers

Can Verifiable Random Functions be used to pick a random node from a pool?

Let's say that I have a decentralized system and I have a list of nodes published on a public log like a blockchain. I want a node A to be able to connect to another node B. B should be chosen randomly from a subset S of the list of all nodes. Once…
David
  • 161
  • 1
1
vote
0 answers

Can we instantiate VRF without using pairing?

As my survey, most of(I am not sure if it is "all") the constructions of VRF are instantiated with the use of pairing. Can we construct a VRF without using pairing?
user77340
  • 777
  • 3
  • 12
1
vote
0 answers

Range proofs and Groth-Sahai PPEs

I'm looking for a set of pairing product equations (ala Groth-Sahai) which allow a prover to prove that the output of a VRF is in a specific range. In the E-cash system in [BCKL] there is a construction of VRF which basically outputs a weak…
Krypto Mouse
  • 11
  • 1
1
vote
0 answers

Group Verifiable Random Function

Is there any algorithm that allows to set up a VRF (Verifiable Random Function) from a set of Keypairs such that the knowledge of one private key and all the other public keys is enough to compute the VRF output as well as the Proof and the…
Markus Knecht
  • 213
  • 2
  • 4
1
2