Efficient Verifiable Delay Functions

  • Benjamin WesolowskiEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11478)


We construct a verifiable delay function (VDF). A VDF is a function whose evaluation requires running a given number of sequential steps, yet the result can be efficiently verified. They have applications in decentralised systems, such as the generation of trustworthy public randomness in a trustless environment, or resource-efficient blockchains. To construct our VDF, we actually build a trapdoor VDF. A trapdoor VDF is essentially a VDF which can be evaluated efficiently by parties who know a secret (the trapdoor). By setting up this scheme in a way that the trapdoor is unknown (not even by the party running the setup, so that there is no need for a trusted setup environment), we obtain a simple VDF. Our construction is based on groups of unknown order such as an RSA group, or the class group of an imaginary quadratic field. The output of our construction is very short (the result and the proof of correctness are each a single element of the group), and the verification of correctness is very efficient.



The author wishes to thank a number of people with whom interesting discussions helped improve the present work, in alphabetical order, Dan Boneh, Justin Drake, Alexandre Gélin, Novak Kaluđerović, Arjen K. Lenstra and Serge Vaudenay.


  1. 1.
    Bellare, M., Goldwasser, S.: Encapsulated key escrow. Technical report (1996)Google Scholar
  2. 2.
    Bellare, M., Goldwasser, S.: Verifiable partial key escrow. In: Proceedings of the 4th ACM Conference on Computer and Communications Security, CCS 1997, pp. 78–91. ACM, New York, NY, USA (1997)Google Scholar
  3. 3.
    Biehl, I., Buchmann, J., Hamdy, S., Meyer, A.: A signature scheme based on the intractability of computing roots. Des. Codes Crypt. 25(3), 223–236 (2002)MathSciNetCrossRefGoogle Scholar
  4. 4.
    Boneh, D., Bonneau, J., Bünz, B., Fisch, B.: Verifiable delay functions. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 757–788. Springer, Cham (2018). Scholar
  5. 5.
    Boneh, D., Bünz, B., Fisch, B.: A survey of two verifiable delay functions. Cryptology ePrint Archive, report 2018/712 (2018).
  6. 6.
    Boneh, D., Franklin, M.: Efficient generation of shared RSA keys. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 425–439. Springer, Heidelberg (1997). Scholar
  7. 7.
    Boneh, D., Naor, M.: Timed commitments. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 236–254. Springer, Heidelberg (2000). Scholar
  8. 8.
    Buchmann, J., Hamdy, S.: A survey on IQ cryptography. In: Proceedings of Public Key Cryptography and Computational Number Theory, pp. 1–15 (2001)Google Scholar
  9. 9.
    Buchmann, J., Williams, H.C.: A key-exchange system based on imaginary quadratic fields. J. Cryptol. 1(2), 107–118 (1988)MathSciNetCrossRefGoogle Scholar
  10. 10.
    CPU-Z OC world records (2018).
  11. 11.
    Dodis, Y., Katz, J., Smith, A., Walfish, S.: Composability and on-line deniability of authentication. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 146–162. Springer, Heidelberg (2009). Scholar
  12. 12.
    Drake, J.: Ethereum 2.0 randomness. August 2018 Workshop at Stanford Hosted by the Ethereum Foundation and the Stanford Center for Blockchain Research (2018)Google Scholar
  13. 13.
    Drake, J.: Minimal VDF randomness beacon. Ethereum Research Post (2018).
  14. 14.
    Hafner, J.L., McCurley, K.S.: A rigorous subexponential algorithm for computation of class groups. J. Am. Math. Soc. 2(4), 837–850 (1989)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Lenstra, A.K., Wesolowski, B.: Trustworthy public randomness with sloth, unicorn and trx. Int. J. Appl. Cryptol. 3, 330–343 (2016)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Pietrzak, K.: Simple verifiable delay functions. In: Blum, A. (ed.), 10th Innovations in Theoretical Computer Science Conference, ITCS 2019, San Diego, California, USA, 10–12 January 2019, pp. 60:1–60:15 (2019)Google Scholar
  17. 17.
    Rabin, M.O.: Transaction protection by beacons. J. Comput. Syst. Sci. 27(2), 256–267 (1983)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock puzzles and timed-release crypto. Technical report (1996)Google Scholar
  19. 19.
    Sander, T.: Efficient accumulators without trapdoor extended abstract. In: Varadharajan, V., Mu, Y. (eds.) ICICS 1999. LNCS, vol. 1726, pp. 252–262. Springer, Heidelberg (1999). Scholar
  20. 20.
    Vollmer, U.: Asymptotically fast discrete logarithms in quadratic number fields. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 581–594. Springer, Heidelberg (2000). Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.EPFL IC LACALLausanneSwitzerland
  2. 2.Cryptology GroupCWIAmsterdamThe Netherlands

Personalised recommendations