Abstract: A Verifiable Random Function (VRF) is the public-key version of keyed cryptographic hash. Only the holder of the VRF secret key can compute the hash, but anyone with the public key can verify the correctness of the hash. VRFs can be used to prevent dictionary attacks on hash-based data structures, and have applications to key transparency (CONIKS), DNSSEC (NSEC5), and cryptocurrencies (Algorand). The project specifies and implements fast and practical VRFs. One of our VRFs is based on elliptic curves (under the DDH assumption) and another VRF is based on RSA. Our VRFs come with formal concrete cryptographic security proofs (in the random oracle model) with careful analysis, including fixing bugs in prior work.
IETF Internet Draft (draft-goldbe-vrf)
ePrint Report 2017/099 (see Figures 1-2 and Appendix B-C).
CFRG at IETF'99 (Sharon Goldberg, 7/2017)
EUROCRYPT'17 rump session (Leonid Reyzin, 5/2017)
SAAG at IETF'98 (Sharon Goldberg, 3/2017)
Below is a collection of links to open-source projects that use a VRF. Not all of these implementations are compatible with our specification, although they are all very similar. Please contact us if you want your implementation to be added here.
Team: (in alphabetical order)
This material is based upon work supported by the US National Science Foundation under Grants 017907, 1347525, 1012798, and 1012910, a gift from Verisign Labs, the Israel Science Foundation , BSF and IMOS, and from the I-CORE Program of the Planning and Budgeting Committee and the Israel Science Foundation. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the sponsors.
Last updated July 11, 2017.