Journal of Cryptology

, Volume 27, Issue 3, pp 544–593

Verifiable Random Functions: Relations to Identity-Based Key Encapsulation and New Constructions


DOI: 10.1007/s00145-013-9153-x

Cite this article as:
Abdalla, M., Catalano, D. & Fiore, D. J Cryptol (2014) 27: 544. doi:10.1007/s00145-013-9153-x


In this paper we show a relation between the notions of verifiable random functions (VRFs) and identity-based key encapsulation mechanisms (IB-KEMs). In particular, we propose a class of IB-KEMs that we call VRF-suitable, and we propose a direct construction of VRFs from VRF-suitable IB-KEMs. Informally, an IB-KEM is VRF-suitable if it provides what we call unique decapsulation (i.e., given a ciphertext C produced with respect to an identity ID, all the secret keys corresponding to identity ID′, decapsulate to the same value, even if IDID′), and it satisfies an additional property that we call pseudo-random decapsulation. In a nutshell, pseudo-random decapsulation means that if one decapsulates a ciphertext C, produced with respect to an identity ID, using the decryption key corresponding to any other identity ID′, the resulting value looks random to a polynomially bounded observer. Our construction is of interest both from a theoretical and a practical perspective. Indeed, apart from establishing a connection between two seemingly unrelated primitives, our methodology is direct in the sense that, in contrast to most previous constructions, it avoids the inefficient Goldreich–Levin hardcore bit transformation. As an additional contribution, we propose a new VRF-suitable IB-KEM based on the decisional -weak Bilinear Diffie–Hellman Inversion assumption. Interestingly, when applying our transformation to this scheme, we obtain a new VRF construction that is secure under the same assumption, and it efficiently supports a large input space.

Key words

Verifiable random functions Identity-based encryption Pseudo-randomness 

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  1. 1.Département d’InformatiqueEcole Normale SupérieureParisFrance
  2. 2.Dipartimento di Matematica e InformaticaUniversità di CataniaCataniaItaly
  3. 3.Max Planck Institute for Software Systems (MPI-SWS)SaarbrückenGermany