A Verifiable Random Function with Short Proofs and Keys

  • Yevgeniy Dodis
  • Aleksandr Yampolskiy
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3386)


We give a simple and efficient construction of a verifiable random function (VRF) on bilinear groups. Our construction is direct. In contrast to prior VRF constructions [14,15], it avoids using an inefficient Goldreich-Levin transformation, thereby saving several factors in security. Our proofs of security are based on a decisional bilinear Diffie-Hellman inversion assumption, which seems reasonable given current state of knowledge. For small message spaces, our VRF’s proofs and keys have constant size. By utilizing a collision-resistant hash function, our VRF can also be used with arbitrary message spaces. We show that our scheme can be instantiated with an elliptic group of very reasonable size. Furthermore, it can be made distributed and proactive.


Random Function Random Oracle Security Parameter Input Size Oracle Query 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bar-Ilan, J., Beaver, D.: Non-cryptographic fault-tolerant computing in a constant number of rounds. In: Proceedings of the ACM Symposium on Principles of Distributed Computation, pp. 201–209 (1989)Google Scholar
  2. 2.
    Ben-or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computing. In: Proceedings of the 20th Annual ACM Symposium on the Theory of Computing, pp. 1–10 (1988)Google Scholar
  3. 3.
    Boneh, D., Boyen, X.: Efficient selective-ID secure identity based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Silverberg, A.: Application of multilinear forms to cryptography. Cryptology ePrint Archive, Report 2002/080 (2002),
  7. 7.
    Buchmann, J.A., Loho, J., Zayer, J.: An implementation of the general number field sieve. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 159–166. Springer, Heidelberg (1994)Google Scholar
  8. 8.
    Dodis, Y.: Efficient construction of (distributed) verifiable random functions. In: Proceedings of 6th International Workshop on Theory and Practice in Public Key Cryptography, pp. 1–17 (2003)Google Scholar
  9. 9.
    Galbraith, S.D.: Supersingular curves in cryptography. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 495–513. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Goldreich, O., Levin, L.: A hard-core predicate for all one-way functions. In: Proceedings of the 21th Annual ACM Symposium on the Theory of Computing, pp. 25–32 (1989)Google Scholar
  11. 11.
    Goldwasser, S., Bellare, M.: Lecture notes on cryptography. In: Summer Course; Cryptography and Computer Security, pp. 1996–1999. MIT, Cambridge (1999)Google Scholar
  12. 12.
    Jarecki, S., Shmatikov, V.: Handcuffing big brother: an abuseresilient transaction escrow scheme. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 590–608. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Joux, A., Nguyen, K.: Separating Decision Diffie-Hellman from Diffie-Hellman in cryptographic groups. Cryptology ePrint Archive, Report 2001/003 (2001),
  14. 14.
    Lysyanskaya, A.: Unique signatures and verifiable random functions from DHDDH separation. In: Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology, pp. 597–612 (2002)Google Scholar
  15. 15.
    Micali, S., Rabin, M.O., Vadhan, S.P.: Verifiable random functions. In: Proceedings of the 40th IEEE Symposium on Foundations of Computer Science, pp. 120–130 (1999)Google Scholar
  16. 16.
    Micali, S., Reyzin, L.: Soundness in the public-key model. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 542–565. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Micali, S., Rivest, R.L.: Micropayments revisited. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 149–163. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  18. 18.
    Mitsunari, S., Sakai, R., Kasahara, M.: A new traitor tracing. IEICE Trans. Fundamentals, 481–484 (2002)Google Scholar
  19. 19.
    Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudorandom functions. In: Proceedings of the 38th IEEE Symposium on Foundations of Computer Science, pp. 458–467 (1997)Google Scholar
  20. 20.
    Schwartz, J.T.: Fast probabilistic algorithms for verification of polynomial identities. Journal of the Association for Computing Machinery 27, 701–717 (1980)zbMATHMathSciNetGoogle Scholar
  21. 21.
    Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)Google Scholar
  22. 22.
    Steiner, M., Tsudik, G., Waidner, M.: Diffie-Hellman key distribution extended to group communication. In: Proceedings of the 3rd ACM Conference on Computer and Communications Security, pp. 31–37 (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Yevgeniy Dodis
    • 1
  • Aleksandr Yampolskiy
    • 2
  1. 1.Department of Computer ScienceNew York UniversityNew YorkUSA
  2. 2.Department of Computer ScienceYale UniversityNew HavenUSA

Personalised recommendations