verifiable random functions and verifiable delay functions
play

Verifiable Random Functions and Verifiable Delay Functions Caleb - PowerPoint PPT Presentation

Sep 07, 2022 β€’149 likes β€’355 views

Verifiable Random Functions and Verifiable Delay Functions Caleb Smith University of Virginia Why do these matter? Alternative consensus protocols Applications to public randomness generation Leader election Bitcoin Proof of Work

  1. Verifiable Random Functions 
 and 
 Verifiable Delay Functions Caleb Smith University of Virginia

  2. Why do these matter? Alternative consensus protocols Applications to public randomness generation

  3. Leader election Bitcoin Proof of Work style Everyone generates a random number, and the largest is the leader?

  4. Generate random numbers Assume we have a hash function, , and we have a public challenge, h 𝑦 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 ) 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 ) 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 ) 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 ) 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 ) 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 )

  5. Generate random numbers Assume we have a hash function, , and we have a public challenge, h 𝑦 ? 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑙𝑓𝑧 ← {0,1} π‘œ 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 ) 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 ) 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 ) 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 ) 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 ) 𝑧 = h ( 𝑙𝑓𝑧 || 𝑦 )

  6. Verifiable Random Function Introduced by Micali, Rabin, and Vadhan in 1999 πΏπ‘“π‘§π»π‘“π‘œ ( 1 πœ‡ ) β†’ ( 𝑑𝑙 , π‘žπ‘™ ) 𝑄𝑠𝑝𝑀𝑓 ( 𝑑𝑙 , 𝑦 ) β†’ ( 𝑧 , 𝜌 ) Proof Pseudorandom π‘Šπ‘“π‘ π‘—π‘”π‘§ ( π‘žπ‘™ , 𝑦 , 𝑧 , 𝜌 ) β†’ {0,1} Security Property: 𝐺𝑝𝑠 π‘π‘šπ‘š 𝑦 , π‘π‘œ 𝑏𝑒𝑀𝑓𝑠𝑑𝑏𝑠𝑧 π‘‘π‘π‘œπ‘œπ‘π‘’ π‘”π‘—π‘œπ‘’ 𝑧 0 β‰  𝑧 1 𝑑𝑣𝑑 h 𝑒 h 𝑏𝑒 π‘Šπ‘“π‘ π‘—π‘”π‘§ ( π‘žπ‘™ , 𝑦 , 𝑧 0 , 𝜌 0 ) = 1 = π‘Šπ‘“π‘ π‘—π‘”π‘§ ( π‘žπ‘™ , 𝑦 , 𝑧 1 , 𝜌 1 )

  7. Generate random numbers Assume we have a hash function, , and we have a public challenge, h 𝑦 ? 𝑑𝑙 , π‘žπ‘™ ← πΏπ‘“π‘§π»π‘“π‘œ 𝑑𝑙 , π‘žπ‘™ ← πΏπ‘“π‘§π»π‘“π‘œ 𝑑𝑙 , π‘žπ‘™ ← πΏπ‘“π‘§π»π‘“π‘œ 𝑑𝑙 , π‘žπ‘™ ← πΏπ‘“π‘§π»π‘“π‘œ 𝑑𝑙 , π‘žπ‘™ ← πΏπ‘“π‘§π»π‘“π‘œ 𝑑𝑙 , π‘žπ‘™ ← πΏπ‘“π‘§π»π‘“π‘œ 𝑧 , 𝜌 = 𝑄 𝑠𝑝𝑀𝑓 ( 𝑑𝑙 , 𝑦 ) 𝑧 , 𝜌 = 𝑄 𝑠𝑝𝑀𝑓 ( 𝑑𝑙 , 𝑦 ) 𝑧 , 𝜌 = 𝑄 𝑠𝑝𝑀𝑓 ( 𝑑𝑙 , 𝑦 ) 𝑧 , 𝜌 = 𝑄 𝑠𝑝𝑀𝑓 ( 𝑑𝑙 , 𝑦 ) 𝑧 , 𝜌 = 𝑄 𝑠𝑝𝑀𝑓 ( 𝑑𝑙 , 𝑦 ) 𝑧 , 𝜌 = 𝑄 𝑠𝑝𝑀𝑓 ( 𝑑𝑙 , 𝑦 )

  8. Verifiable Random Function Assumptions RSA + Random Oracle [Micali, Rabin, and Vadhan 1999] Decisional Bilinear Diffie Hellman Inversion [Dodis and Yampolski 2004] Decisional Diffie Hellman + Random Oracle [Papadopoulos et al 2017]

  9. Verifiable Delay Functions Introduced by Boneh, Bonneau, BΓΌnz, and Fisch in 2018 Delay – Takes a minimum amount of parallel time to compute Function – Unique outputs Verifiable – Third parties can verify that it was evaluated correctly

  10. Verifiable Delay Function Alice wants to require Bob to spend solving a challenge π‘ˆ π‘žπ‘π‘ π‘π‘šπ‘šπ‘“π‘š 𝑒𝑗𝑛𝑓 Unique solution Takes parallel time, π‘ˆ 10

  11. Verifiable Delay Function Syntax A function that takes a long time to compute, has unique outputs, and can be verified quickly π‘‡π‘“π‘’π‘£π‘ž ( πœ‡ , π‘ˆ ) β†’ 𝑄𝑄 = ( 𝑓𝑙 , 𝑀𝑙 ) , specifies input and output space πΉπ‘€π‘π‘š ( 𝑓𝑙 , 𝑦 ) β†’ ( 𝑧 , 𝜌 ) , runs in at least π‘žπ‘π‘ π‘π‘šπ‘šπ‘“π‘š 𝑒𝑗𝑛𝑓 π‘ˆ Proof from the Evaluator to help the Verifier , runs in time π‘Šπ‘“π‘ π‘—π‘”π‘§ ( 𝑀𝑙 , 𝑦 , 𝑧 , 𝜌 ) β†’ { π΅π‘‘π‘‘π‘“π‘žπ‘’ , π‘†π‘“π‘˜π‘“π‘‘π‘’ } 𝑒 β‰ͺ π‘ˆ 11

  12. Verifiable Delay Function Properties Sequentiality – Eval( 𝑦 ) cannot be solved in less than , π‘žπ‘π‘ π‘π‘šπ‘šπ‘“π‘š 𝑒𝑗𝑛𝑓 π‘ˆ with π‘žπ‘π‘šπ‘§ ( π‘ˆ ) number of processors Uniqueness – If the adversary runs in time 𝑃 ( π‘žπ‘π‘šπ‘§ ( π‘ˆ , πœ‡ )) , then they are unable to find a 𝑧 β‰  πΉπ‘€π‘π‘š ( 𝑦 ) that passes verification 12

  13. Application - Randomness Beacon Generate a stream of public random values 𝑔 ( 𝑠 1 , 𝑠 2 , …, 𝑠 π‘œ ) = r 1 r 2 r 3 r 4 r 5 r 6 … r n 𝑠 1 βŠ• 𝑠 2 βŠ• … βŠ• 𝑠 π‘œ Can submit values from 1:00pm to 1:10pm 13

  14. Application - Randomness Beacon Generate a stream of public random values h ( 𝑠 1 , 𝑠 2 , …, 𝑠 π‘œ ) = 𝑦 r 1 r 2 r 3 r 4 r 5 r 6 … r n π‘ŠπΈπΊ . πΉπ‘€π‘π‘š ( 𝑦 ) β†’ ( 𝑧 , 𝜌 ) Can submit values from 1:00pm to 1:10pm 𝐹𝑦𝑒𝑠𝑏𝑑𝑒 ( 𝑧 ) β†’ 𝑀 14

  15. Application – Proof of Space and Time Cohen and Pietrzak from Chia Change the assumption from majority of computing power is honest to 2/3 of committed disk space is honest Proofs of Space will populate some disk space with some function and 𝑔 given a challenge, will find their β€œbest” solution almost instantly

  16. Why not just chain Proofs of Space? The next Proof of Space challenge is the hash of the previous Proof of Space solution and proof There are attacks where an adversary can β€œtweak” elements in their control to bias the next challenge This does not occur in Bitcoin because of the cost to split resources

  17. Adding Verifiable Delay Functions Take the solution and proof of the Proof of Space, ( 𝑧 , 𝜌 𝑄𝑝𝑇 ) , and 𝑦 = h ( 𝑧 | 𝜌 𝑄𝑝𝑇 ) , π‘ŠπΈπΊ . πΉπ‘€π‘π‘š ( 𝑦 ) β†’ ( 𝑧 , 𝜌 π‘ŠπΈπΊ ) compute 𝑔 ( 𝑧 ) Then determines the next Proof of Space challenge We can now argue that an adversary cannot determine how to β€œtweak” anything to bias the next challenge

  18. Verifiable Delay Function Assumptions Repeated squaring in group of unknown order is inherently sequential Let be an RSA modulus where nobody knows the factorization 𝑂 𝑦 2 π‘ˆ 𝑛𝑝𝑒 𝑂 Conjectured to take sequential squarings π‘ˆ

  19. Questions? 19

Recommend

VERIFIABLE DELAY FUNCTIONS Benjamin Wesolowski VERIFIABLE DELAY FUNCTIONS How to slow things

VERIFIABLE DELAY FUNCTIONS Benjamin Wesolowski VERIFIABLE DELAY FUNCTIONS How to slow things

Confrence de lancement de l'ANR Ciao, Fvrier 2020, Bordeaux, France VERIFIABLE DELAY FUNCTIONS Benjamin Wesolowski VERIFIABLE DELAY FUNCTIONS How to slow things down VERIFIABLE DELAY FUNCTIONS [Boneh, Bonneau, Bnz, Fisch 2018] A VDF is

616 views β€’ 32 slides
Unique Aggregate Signatures with Applications to Distributed Verifiable Random Functions

Unique Aggregate Signatures with Applications to Distributed Verifiable Random Functions

Unique Aggregate Signatures with Applications to Distributed Verifiable Random Functions Veronika Kuchta and Mark Manulis CANS 2013, Paraty, Brazil November 21, 2013 Overview Unique Signature Schemes Verifiable Random Functions Unique

420 views β€’ 13 slides
Verifiable Delay Functions: How to Slow Things Down (Verifiably) Dan Boneh Stanford University

Verifiable Delay Functions: How to Slow Things Down (Verifiably) Dan Boneh Stanford University

NutMiC19, June, 2019 Verifiable Delay Functions: How to Slow Things Down (Verifiably) Dan Boneh Stanford University What is a VDF? (verifiable delay function) Intuition: a function X Y that (1) takes time T to evaluate, even with

694 views β€’ 30 slides
Verifiable Delay Functions and More from Isogenies and Pairings Luca De Feo based on joint work

Verifiable Delay Functions and More from Isogenies and Pairings Luca De Feo based on joint work

Verifiable Delay Functions and More from Isogenies and Pairings Luca De Feo based on joint work with J. Burdges, S. Masson, C. Petit, A. Sanso IBM Research Zrich December 4, 2019, ECC, Bochum Slides online at https://defeo.lu/docet

928 views β€’ 72 slides
Verifiable Delay Functions from Isogenies and Pairings Luca De Feo joint work with J. Burdges, S.

Verifiable Delay Functions from Isogenies and Pairings Luca De Feo joint work with J. Burdges, S.

Verifiable Delay Functions from Isogenies and Pairings Luca De Feo joint work with J. Burdges, S. Masson, C. Petit, A. Sanso Universit Paris Saclay UVSQ, France July 13, 2019, SIAM AG, Bern Slides online at https://defeo.lu/docet Tired of

350 views β€’ 23 slides
Verifiable Delay Functions Dan Boneh, Joe Bonneau, Benedikt Bnz, Ben Fisch Crypto 2018 1

Verifiable Delay Functions Dan Boneh, Joe Bonneau, Benedikt Bnz, Ben Fisch Crypto 2018 1

Verifiable Delay Functions Dan Boneh, Joe Bonneau, Benedikt Bnz, Ben Fisch Crypto 2018 1 What is a VDF? Verifier 2 What is a VDF? Setup( , T ) public parameters pp pp specify domain X and range Y Eval( pp , x )

638 views β€’ 37 slides
Verifiable Delay Functions Joe Netti Overview of VDFs (Boneh, Bonneau, et al. 2019) Goal: Prove

Verifiable Delay Functions Joe Netti Overview of VDFs (Boneh, Bonneau, et al. 2019) Goal: Prove

Verifiable Delay Functions Joe Netti Overview of VDFs (Boneh, Bonneau, et al. 2019) Goal: Prove the passage of time VDF Properties: 1. slow to calculate (delay), fast to verify (polynomial time). 2. Parallelization does not speed up

185 views β€’ 15 slides
Verifiable Cloud Outsourcing for Network Func9ons (+

Verifiable Cloud Outsourcing for Network Func9ons (+

Verifiable Cloud Outsourcing for Network Func9ons (+ Verifiable Resource Accoun9ng for Cloud Services) Vyas Sekar vNFO joint with Seyed Fayazbakhsh,

434 views β€’ 28 slides
Generating Verifiable Java Code from Verified PVS Specifications NFM2012 Generating Verifiable

Generating Verifiable Java Code from Verified PVS Specifications NFM2012 Generating Verifiable

Leonard Lensink, Sjaak Smetsers and Marko van Eekelen Generating Verifiable Java Code from Verified PVS Specifications NFM2012 Generating Verifiable Java Code from Verified PVS Specifications Overview Motivation Code generation

544 views β€’ 26 slides
Delegation with (nearly) optimal time/space overhead Justin Holmgren Ron Rothblum MIT MIT

Delegation with (nearly) optimal time/space overhead Justin Holmgren Ron Rothblum MIT MIT

Delegation with (nearly) optimal time/space overhead Justin Holmgren Ron Rothblum MIT MIT Verifiable Computation Verifiable Computation Verifiable Computation M(x)=? M(x) = y Verifiable Computation M(x)=? , challenge , proof

1.73k views β€’ 119 slides
A Survey of Verifiable Delegation of Computations Rosario Gennaro The City College of New York

A Survey of Verifiable Delegation of Computations Rosario Gennaro The City College of New York

A Survey of Verifiable Delegation of Computations Rosario Gennaro The City College of New York rosario@cs.ccny.cuny.edu CANS 2013, Paraty, Brasil November 22, 2013 Outline Motivation Verifiable Computation Memory Delegation Conclusion

937 views β€’ 80 slides
Verifiable Security of Boneh-Franklin Identity-Based Encryption Federico Olmedo Gilles Barthe

Verifiable Security of Boneh-Franklin Identity-Based Encryption Federico Olmedo Gilles Barthe

Verifiable Security of Boneh-Franklin Identity-Based Encryption Federico Olmedo Gilles Barthe Santiago Zanella Bguelin IMDEA Software Institute, Madrid, Spain 5 th International Conference on Provable Security 2011.10.17 Verifiable Security

457 views β€’ 41 slides
More on Functions Thomas Schwarz, SJ Marquette University Functions of Functions Functions

More on Functions Thomas Schwarz, SJ Marquette University Functions of Functions Functions

More on Functions Thomas Schwarz, SJ Marquette University Functions of Functions Functions are full-fledged objects in Python This means you can pass functions as parameters Example: Calculate the average of the values of a function at

332 views β€’ 12 slides
The algebra of functions Given two functions, say f ( x ) = x 2 and g ( x ) = x + 1 , we can, in

The algebra of functions Given two functions, say f ( x ) = x 2 and g ( x ) = x + 1 , we can, in

The algebra of functions Given two functions, say f ( x ) = x 2 and g ( x ) = x + 1 , we can, in obvious ways, add, subtract, multiply and divide these functions. For example, the function f + g is defined simply by Elementary Functions ( f + g )(

404 views β€’ 5 slides
New functions for Random samples generation using Stata 15 G. Aguilera-Venegas, J.L. Gal

New functions for Random samples generation using Stata 15 G. Aguilera-Venegas, J.L. Gal

Generating random samples from Statistical Distributions Pros and cons of current functions and commands Our approach Conclusions New functions for Random samples generation using Stata 15 G. Aguilera-Venegas, J.L. Gal an-Garc a, M.

403 views β€’ 16 slides
Verifiable Homomorphic Oblivious Transfer and Private Equality Test Helger Lipmaa Helsinki

Verifiable Homomorphic Oblivious Transfer and Private Equality Test Helger Lipmaa Helsinki

Verifiable Homomorphic Oblivious Transfer and Private Equality Test Helger Lipmaa Helsinki University of Technology http://www.tcs.hut.fi/helger Asiacrypt 2003, 03.12.2003 Verifiable Homomorphic OT and PET, Helger Lipmaa 1 Overview of

891 views β€’ 29 slides
Properties of (functions may return functions) Functions may be passed as parameter

Properties of (functions may return functions) Functions may be passed as parameter

Functions as first class citizens Function may be a value of an expression Properties of (functions may return functions) Functions may be passed as parameter functional Functions may be stored in data structures languages

306 views β€’ 11 slides
New verifiable sufficient conditions for metric subregularity of constraint systems with

New verifiable sufficient conditions for metric subregularity of constraint systems with

New verifiable sufficient conditions for metric subregularity of constraint systems with application to disjunctive programs Michal Cervinka , Based on the joint work with Mat Benko and Tim Hoheisel Institute of

558 views β€’ 21 slides
Lecture 12 Digital Signatures from one-way functions Signatures vs. MACs Signatures MAC s

Lecture 12 Digital Signatures from one-way functions Signatures vs. MACs Signatures MAC s

Lecture 12 Digital Signatures from one-way functions Signatures vs. MACs Signatures MAC s users require only secretkeys users require n 2 secretkeys Privately verifiable and non-transferable Same signature

764 views β€’ 53 slides
Functions Declarations vs Definitions Inline Functions Class Member functions

Functions Declarations vs Definitions Inline Functions Class Member functions

2/21/2017 Functions in C++ Functions Declarations vs Definitions Inline Functions Class Member functions Overloaded Functions For : COP 3330. Pointers to functions Object oriented Programming (Using C++) Recursive

184 views β€’ 6 slides
Verifiable Autonomy how can you trust your robots? Michael Fisher ( and Louise Dennis )

Verifiable Autonomy how can you trust your robots? Michael Fisher ( and Louise Dennis )

Verifiable Autonomy how can you trust your robots? Michael Fisher ( and Louise Dennis ) Department of Computer Science and Centre for Autonomous Systems Technology University of Liverpool Part II: Verification and Application Formal

710 views β€’ 44 slides
park ber Enforcing Verifiable Object Abstractions for Automated Compositional Security

park ber Enforcing Verifiable Object Abstractions for Automated Compositional Security

park ber Enforcing Verifiable Object Abstractions for Automated Compositional Security Analysis of a Hypervisor Amit Vasudevan (CyLab-CMU), Sagar Chaki (SEI-CMU), Petros Maniatis (Google Inc.), Limin Jia, Anupam Datta (ECE/CSD-CMU)

517 views β€’ 24 slides
Under the Robotic Knife: A Verifiable Controller for use of Multiple Robotic Arms in Surgery

Under the Robotic Knife: A Verifiable Controller for use of Multiple Robotic Arms in Surgery

Zachary Barnes CS 15-424: CPS Grand Prix Under the Robotic Knife: A Verifiable Controller for use of Multiple Robotic Arms in Surgery Multi-Arm Surgical Robotics Conclusion Problem Models

651 views β€’ 15 slides
3 Functions of a Random Variable Consider a gas in thermal equilibrium and imagine that the

3 Functions of a Random Variable Consider a gas in thermal equilibrium and imagine that the

35 Functions of a Random Variable 3 Functions of a Random Variable Consider a gas in thermal equilibrium and imagine that the probability den- sity for the speed of an atom p v ( ) is known. The variable of interest, for a particular

526 views β€’ 13 slides

More recommend