verifiable random functions and verifiable delay functions
play

Verifiable Random Functions and Verifiable Delay Functions Caleb - PowerPoint PPT Presentation

Sep 07, 2022 β€’149 likes β€’355 views

Verifiable Random Functions and Verifiable Delay Functions Caleb Smith University of Virginia Why do these matter? Alternative consensus protocols Applications to public randomness generation Leader election Bitcoin Proof of Work

  1. Verifiable Random Functions 
 and 
 Verifiable Delay Functions Caleb Smith University of Virginia

  2. Why do these matter? Alternative consensus protocols Applications to public randomness generation

  3. Leader election Bitcoin Proof of Work style Everyone generates a random number, and the largest is the leader?

  4. Generate random numbers Assume we have a hash function, , and we have a public challenge, h 𝑦 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 ) 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 ) 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 ) 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 ) 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 ) 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 )

  5. Generate random numbers Assume we have a hash function, , and we have a public challenge, h 𝑦 ? 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 ) 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 ) 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 ) 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 ) 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 ) 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 )

  6. Verifiable Random Function Introduced by Micali, Rabin, and Vadhan in 1999 πΏπ‘“π‘§π»π‘“π‘œ ( 1 πœ‡ ) β†’ ( 𝑑𝑙 , π‘žπ‘™ ) 𝑄𝑠𝑝𝑀𝑓 ( 𝑑𝑙 , 𝑦 ) β†’ ( 𝑧 , 𝜌 ) Proof Pseudorandom π‘Šπ‘“π‘ π‘—π‘”π‘§ ( π‘žπ‘™ , 𝑦 , 𝑧 , 𝜌 ) β†’ {0,1} Security Property: 𝐺𝑝𝑠 π‘π‘šπ‘š 𝑦 , π‘π‘œ 𝑏𝑒𝑀𝑓𝑠𝑑𝑏𝑠𝑧 π‘‘π‘π‘œπ‘œπ‘π‘’ π‘”π‘—π‘œπ‘’ 𝑧 0 β‰  𝑧 1 𝑑𝑣𝑑 h 𝑒 h 𝑏𝑒 π‘Šπ‘“π‘ π‘—π‘”π‘§ ( π‘žπ‘™ , 𝑦 , 𝑧 0 , 𝜌 0 ) = 1 = π‘Šπ‘“π‘ π‘—π‘”π‘§ ( π‘žπ‘™ , 𝑦 , 𝑧 1 , 𝜌 1 )

  7. Generate random numbers Assume we have a hash function, , and we have a public challenge, h 𝑦 ? 𝑑𝑙 , π‘žπ‘™ ← πΏπ‘“π‘§π»π‘“π‘œ 𝑑𝑙 , π‘žπ‘™ ← πΏπ‘“π‘§π»π‘“π‘œ 𝑑𝑙 , π‘žπ‘™ ← πΏπ‘“π‘§π»π‘“π‘œ 𝑑𝑙 , π‘žπ‘™ ← πΏπ‘“π‘§π»π‘“π‘œ 𝑑𝑙 , π‘žπ‘™ ← πΏπ‘“π‘§π»π‘“π‘œ 𝑑𝑙 , π‘žπ‘™ ← πΏπ‘“π‘§π»π‘“π‘œ 𝑧 , 𝜌 = 𝑄 𝑠𝑝𝑀𝑓 ( 𝑑𝑙 , 𝑦 ) 𝑧 , 𝜌 = 𝑄 𝑠𝑝𝑀𝑓 ( 𝑑𝑙 , 𝑦 ) 𝑧 , 𝜌 = 𝑄 𝑠𝑝𝑀𝑓 ( 𝑑𝑙 , 𝑦 ) 𝑧 , 𝜌 = 𝑄 𝑠𝑝𝑀𝑓 ( 𝑑𝑙 , 𝑦 ) 𝑧 , 𝜌 = 𝑄 𝑠𝑝𝑀𝑓 ( 𝑑𝑙 , 𝑦 ) 𝑧 , 𝜌 = 𝑄 𝑠𝑝𝑀𝑓 ( 𝑑𝑙 , 𝑦 )

  8. Verifiable Random Function Assumptions RSA + Random Oracle [Micali, Rabin, and Vadhan 1999] Decisional Bilinear Diffie Hellman Inversion [Dodis and Yampolski 2004] Decisional Diffie Hellman + Random Oracle [Papadopoulos et al 2017]

  9. Verifiable Delay Functions Introduced by Boneh, Bonneau, BΓΌnz, and Fisch in 2018 Delay – Takes a minimum amount of parallel time to compute Function – Unique outputs Verifiable – Third parties can verify that it was evaluated correctly

  10. Verifiable Delay Function Alice wants to require Bob to spend solving a challenge π‘ˆ π‘žπ‘π‘ π‘π‘šπ‘šπ‘“π‘š 𝑒𝑗𝑛𝑓 Unique solution Takes parallel time, π‘ˆ 10

  11. Verifiable Delay Function Syntax A function that takes a long time to compute, has unique outputs, and can be verified quickly π‘‡π‘“π‘’π‘£π‘ž ( πœ‡ , π‘ˆ ) β†’ 𝑄𝑄 = ( 𝑓𝑙 , 𝑀𝑙 ) , specifies input and output space πΉπ‘€π‘π‘š ( 𝑓𝑙 , 𝑦 ) β†’ ( 𝑧 , 𝜌 ) , runs in at least π‘žπ‘π‘ π‘π‘šπ‘šπ‘“π‘š 𝑒𝑗𝑛𝑓 π‘ˆ Proof from the Evaluator to help the Verifier , runs in time π‘Šπ‘“π‘ π‘—π‘”π‘§ ( 𝑀𝑙 , 𝑦 , 𝑧 , 𝜌 ) β†’ { π΅π‘‘π‘‘π‘“π‘žπ‘’ , π‘†π‘“π‘˜π‘“π‘‘π‘’ } 𝑒 β‰ͺ π‘ˆ 11

  12. Verifiable Delay Function Properties Sequentiality – Eval( 𝑦 ) cannot be solved in less than , π‘žπ‘π‘ π‘π‘šπ‘šπ‘“π‘š 𝑒𝑗𝑛𝑓 π‘ˆ with π‘žπ‘π‘šπ‘§ ( π‘ˆ ) number of processors Uniqueness – If the adversary runs in time 𝑃 ( π‘žπ‘π‘šπ‘§ ( π‘ˆ , πœ‡ )) , then they are unable to find a 𝑧 β‰  πΉπ‘€π‘π‘š ( 𝑦 ) that passes verification 12

  13. Application - Randomness Beacon Generate a stream of public random values 𝑔 ( 𝑠 1 , 𝑠 2 , …, 𝑠 π‘œ ) = r 1 r 2 r 3 r 4 r 5 r 6 … r n 𝑠 1 βŠ• 𝑠 2 βŠ• … βŠ• 𝑠 π‘œ Can submit values from 1:00pm to 1:10pm 13

  14. Application - Randomness Beacon Generate a stream of public random values h ( 𝑠 1 , 𝑠 2 , …, 𝑠 π‘œ ) = 𝑦 r 1 r 2 r 3 r 4 r 5 r 6 … r n π‘ŠπΈπΊ . πΉπ‘€π‘π‘š ( 𝑦 ) β†’ ( 𝑧 , 𝜌 ) Can submit values from 1:00pm to 1:10pm 𝐹𝑦𝑒𝑠𝑏𝑑𝑒 ( 𝑧 ) β†’ 𝑀 14

  15. Application – Proof of Space and Time Cohen and Pietrzak from Chia Change the assumption from majority of computing power is honest to 2/3 of committed disk space is honest Proofs of Space will populate some disk space with some function and 𝑔 given a challenge, will find their β€œbest” solution almost instantly

  16. Why not just chain Proofs of Space? The next Proof of Space challenge is the hash of the previous Proof of Space solution and proof There are attacks where an adversary can β€œtweak” elements in their control to bias the next challenge This does not occur in Bitcoin because of the cost to split resources

  17. Adding Verifiable Delay Functions Take the solution and proof of the Proof of Space, ( 𝑧 , 𝜌 𝑄𝑝𝑇 ) , and 𝑦 = h ( 𝑧 | 𝜌 𝑄𝑝𝑇 ) , π‘ŠπΈπΊ . πΉπ‘€π‘π‘š ( 𝑦 ) β†’ ( 𝑧 , 𝜌 π‘ŠπΈπΊ ) compute 𝑔 ( 𝑧 ) Then determines the next Proof of Space challenge We can now argue that an adversary cannot determine how to β€œtweak” anything to bias the next challenge

  18. Verifiable Delay Function Assumptions Repeated squaring in group of unknown order is inherently sequential Let be an RSA modulus where nobody knows the factorization 𝑂 𝑦 2 π‘ˆ 𝑛𝑝𝑒 𝑂 Conjectured to take sequential squarings π‘ˆ

  19. Questions? 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

VERIFIABLE DELAY FUNCTIONS Benjamin Wesolowski VERIFIABLE DELAY FUNCTIONS How to slow things

VERIFIABLE DELAY FUNCTIONS Benjamin Wesolowski VERIFIABLE DELAY FUNCTIONS How to slow things

Confrence de lancement de l'ANR Ciao, Fvrier 2020, Bordeaux, France VERIFIABLE DELAY FUNCTIONS Benjamin Wesolowski VERIFIABLE DELAY FUNCTIONS How to slow things down VERIFIABLE DELAY FUNCTIONS [Boneh, Bonneau, Bnz, Fisch 2018] A VDF is

616 views β€’ 32 slides
Unique Aggregate Signatures with Applications to Distributed Verifiable Random Functions

Unique Aggregate Signatures with Applications to Distributed Verifiable Random Functions

Unique Aggregate Signatures with Applications to Distributed Verifiable Random Functions Veronika Kuchta and Mark Manulis CANS 2013, Paraty, Brazil November 21, 2013 Overview Unique Signature Schemes Verifiable Random Functions Unique

420 views β€’ 13 slides
Verifiable Delay Functions: How to Slow Things Down (Verifiably) Dan Boneh Stanford University

Verifiable Delay Functions: How to Slow Things Down (Verifiably) Dan Boneh Stanford University

NutMiC19, June, 2019 Verifiable Delay Functions: How to Slow Things Down (Verifiably) Dan Boneh Stanford University What is a VDF? (verifiable delay function) Intuition: a function X Y that (1) takes time T to evaluate, even with

694 views β€’ 30 slides
Verifiable Delay Functions and More from Isogenies and Pairings Luca De Feo based on joint work

Verifiable Delay Functions and More from Isogenies and Pairings Luca De Feo based on joint work

Verifiable Delay Functions and More from Isogenies and Pairings Luca De Feo based on joint work with J. Burdges, S. Masson, C. Petit, A. Sanso IBM Research Zrich December 4, 2019, ECC, Bochum Slides online at https://defeo.lu/docet

928 views β€’ 72 slides
Verifiable Delay Functions from Isogenies and Pairings Luca De Feo joint work with J. Burdges, S.

Verifiable Delay Functions from Isogenies and Pairings Luca De Feo joint work with J. Burdges, S.

Verifiable Delay Functions from Isogenies and Pairings Luca De Feo joint work with J. Burdges, S. Masson, C. Petit, A. Sanso Universit Paris Saclay UVSQ, France July 13, 2019, SIAM AG, Bern Slides online at https://defeo.lu/docet Tired of

350 views β€’ 23 slides
Verifiable Delay Functions Dan Boneh, Joe Bonneau, Benedikt Bnz, Ben Fisch Crypto 2018 1

Verifiable Delay Functions Dan Boneh, Joe Bonneau, Benedikt Bnz, Ben Fisch Crypto 2018 1

Verifiable Delay Functions Dan Boneh, Joe Bonneau, Benedikt Bnz, Ben Fisch Crypto 2018 1 What is a VDF? Verifier 2 What is a VDF? Setup( , T ) public parameters pp pp specify domain X and range Y Eval( pp , x )

638 views β€’ 37 slides
Verifiable Delay Functions Joe Netti Overview of VDFs (Boneh, Bonneau, et al. 2019) Goal: Prove

Verifiable Delay Functions Joe Netti Overview of VDFs (Boneh, Bonneau, et al. 2019) Goal: Prove

Verifiable Delay Functions Joe Netti Overview of VDFs (Boneh, Bonneau, et al. 2019) Goal: Prove the passage of time VDF Properties: 1. slow to calculate (delay), fast to verify (polynomial time). 2. Parallelization does not speed up

185 views β€’ 15 slides
Verifiable Cloud Outsourcing for Network Func9ons (+

Verifiable Cloud Outsourcing for Network Func9ons (+

Verifiable Cloud Outsourcing for Network Func9ons (+ Verifiable Resource Accoun9ng for Cloud Services) Vyas Sekar vNFO joint with Seyed Fayazbakhsh,

434 views β€’ 28 slides
Generating Verifiable Java Code from Verified PVS Specifications NFM2012 Generating Verifiable

Generating Verifiable Java Code from Verified PVS Specifications NFM2012 Generating Verifiable

Leonard Lensink, Sjaak Smetsers and Marko van Eekelen Generating Verifiable Java Code from Verified PVS Specifications NFM2012 Generating Verifiable Java Code from Verified PVS Specifications Overview Motivation Code generation

544 views β€’ 26 slides
Delegation with (nearly) optimal time/space overhead Justin Holmgren Ron Rothblum MIT MIT

Delegation with (nearly) optimal time/space overhead Justin Holmgren Ron Rothblum MIT MIT

Delegation with (nearly) optimal time/space overhead Justin Holmgren Ron Rothblum MIT MIT Verifiable Computation Verifiable Computation Verifiable Computation M(x)=? M(x) = y Verifiable Computation M(x)=? , challenge , proof

1.73k views β€’ 119 slides
A Survey of Verifiable Delegation of Computations Rosario Gennaro The City College of New York

A Survey of Verifiable Delegation of Computations Rosario Gennaro The City College of New York

A Survey of Verifiable Delegation of Computations Rosario Gennaro The City College of New York rosario@cs.ccny.cuny.edu CANS 2013, Paraty, Brasil November 22, 2013 Outline Motivation Verifiable Computation Memory Delegation Conclusion

937 views β€’ 80 slides
Verifiable Security of Boneh-Franklin Identity-Based Encryption Federico Olmedo Gilles Barthe

Verifiable Security of Boneh-Franklin Identity-Based Encryption Federico Olmedo Gilles Barthe

Verifiable Security of Boneh-Franklin Identity-Based Encryption Federico Olmedo Gilles Barthe Santiago Zanella Bguelin IMDEA Software Institute, Madrid, Spain 5 th International Conference on Provable Security 2011.10.17 Verifiable Security

457 views β€’ 41 slides
More on Functions Thomas Schwarz, SJ Marquette University Functions of Functions Functions

More on Functions Thomas Schwarz, SJ Marquette University Functions of Functions Functions

More on Functions Thomas Schwarz, SJ Marquette University Functions of Functions Functions are full-fledged objects in Python This means you can pass functions as parameters Example: Calculate the average of the values of a function at

332 views β€’ 12 slides
The algebra of functions Given two functions, say f ( x ) = x 2 and g ( x ) = x + 1 , we can, in

The algebra of functions Given two functions, say f ( x ) = x 2 and g ( x ) = x + 1 , we can, in

The algebra of functions Given two functions, say f ( x ) = x 2 and g ( x ) = x + 1 , we can, in obvious ways, add, subtract, multiply and divide these functions. For example, the function f + g is defined simply by Elementary Functions ( f + g )(

404 views β€’ 5 slides
New functions for Random samples generation using Stata 15 G. Aguilera-Venegas, J.L. Gal

New functions for Random samples generation using Stata 15 G. Aguilera-Venegas, J.L. Gal

Generating random samples from Statistical Distributions Pros and cons of current functions and commands Our approach Conclusions New functions for Random samples generation using Stata 15 G. Aguilera-Venegas, J.L. Gal an-Garc a, M.

403 views β€’ 16 slides
Verifiable Homomorphic Oblivious Transfer and Private Equality Test Helger Lipmaa Helsinki

Verifiable Homomorphic Oblivious Transfer and Private Equality Test Helger Lipmaa Helsinki

Verifiable Homomorphic Oblivious Transfer and Private Equality Test Helger Lipmaa Helsinki University of Technology http://www.tcs.hut.fi/helger Asiacrypt 2003, 03.12.2003 Verifiable Homomorphic OT and PET, Helger Lipmaa 1 Overview of

891 views β€’ 29 slides
Foundations of Chemical Kinetics Lecture 25: The Gillespie stochastic simulation algorithm Marc

Foundations of Chemical Kinetics Lecture 25: The Gillespie stochastic simulation algorithm Marc

Foundations of Chemical Kinetics Lecture 25: The Gillespie stochastic simulation algorithm Marc R. Roussel Department of Chemistry and Biochemistry The chemical master equation vs simulations As noted earlier, the chemical master equation

358 views β€’ 11 slides
RNGs for Resource-Constrained Devices Werner Schindler Bundesamt fr Sicherheit in der

RNGs for Resource-Constrained Devices Werner Schindler Bundesamt fr Sicherheit in der

RNGs for Resource-Constrained Devices Werner Schindler Bundesamt fr Sicherheit in der Informationstechnik (BSI), Bonn, Germany Bochum, November 6, 2017 Outline Crypto for IoT: some general thoughts RNGs on resource-constrained

443 views β€’ 22 slides
Stochastic Simulation Random number generation Bo Friis Nielsen Applied Mathematics and Computer

Stochastic Simulation Random number generation Bo Friis Nielsen Applied Mathematics and Computer

Stochastic Simulation Random number generation Bo Friis Nielsen Applied Mathematics and Computer Science Technical University of Denmark 2800 Kgs. Lyngby Denmark Email: bfn@imm.dtu.dk Random number generation Random number generation

464 views β€’ 18 slides
Simulation - part 2 Stat 133 Gaston Sanchez Department of Statistics, UCBerkeley

Simulation - part 2 Stat 133 Gaston Sanchez Department of Statistics, UCBerkeley

Simulation - part 2 Stat 133 Gaston Sanchez Department of Statistics, UCBerkeley gastonsanchez.com github.com/gastonstat Course web: gastonsanchez.com/stat133 Random Numbers in R 2 Generating Random Numbers Generation of random numbers

1.34k views β€’ 77 slides
Pseudorandom Algorithms Derek Soeder Christopher Abad Gabriel Acevedo

Pseudorandom Algorithms Derek Soeder Christopher Abad Gabriel Acevedo

Black-Box Assessment of Pseudorandom Algorithms Derek Soeder Christopher Abad Gabriel Acevedo dsoeder@cylance.com cabad@cylance.com gacevedo@cylance.com Agenda About PRNGs PRNGs by Example Attack Methodology

574 views β€’ 29 slides
Lecture 20 Random Samples 0/ 13 One of the most important concepts in statistics is that of a

Lecture 20 Random Samples 0/ 13 One of the most important concepts in statistics is that of a

Lecture 20 Random Samples 0/ 13 One of the most important concepts in statistics is that of a random sample. The definition of a random sample is rather abstract. However it is critical to understand the idea behind the definition, so we

266 views β€’ 14 slides
Group Keys Mathy Vanhoef - imec-DistriNet, KU Leuven @vanhoefm Observation General Wi-Fi

Group Keys Mathy Vanhoef - imec-DistriNet, KU Leuven @vanhoefm Observation General Wi-Fi

Predicting and Abusing WPA2/802.11 Group Keys Mathy Vanhoef - imec-DistriNet, KU Leuven @vanhoefm Observation General Wi-Fi crypto is widely studied Predictable pre-shared Recover pre-shared key & dictionary attack key(s) protecting

534 views β€’ 51 slides
More Graphics and Objects Rose-Hulman Institute of Technology Computer Science and Software

More Graphics and Objects Rose-Hulman Institute of Technology Computer Science and Software

More Graphics and Objects Rose-Hulman Institute of Technology Computer Science and Software Engineering Check out 06-MoreGraphicsAndObjects from SVN. Get help if youre stuck. No quiz today. Announcements Sunday sessions: new poll on

275 views β€’ 11 slides

More recommend