Can Verifiable Delay Functions Be Based on Random Oracles?

Authors Mohammad Mahmoody, Caleb Smith, David J. Wu

Thumbnail PDF


  • Filesize: 0.51 MB
  • 17 pages

Document Identifiers

Author Details

Mohammad Mahmoody
  • University of Virginia, Charlottesville, VA, USA
Caleb Smith
  • University of Virginia, Charlottesville, VA, USA
David J. Wu
  • University of Virginia, Charlottesville, VA, USA

Cite AsGet BibTex

Mohammad Mahmoody, Caleb Smith, and David J. Wu. Can Verifiable Delay Functions Be Based on Random Oracles?. In 47th International Colloquium on Automata, Languages, and Programming (ICALP 2020). Leibniz International Proceedings in Informatics (LIPIcs), Volume 168, pp. 83:1-83:17, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2020)


Boneh, Bonneau, Bünz, and Fisch (CRYPTO 2018) recently introduced the notion of a verifiable delay function (VDF). VDFs are functions that take a long sequential time T to compute, but whose outputs y := Eval(x) can be efficiently verified (possibly given a proof π) in time t ≪ T (e.g., t = poly(λ, log T) where λ is the security parameter). The first security requirement on a VDF, called uniqueness, is that no polynomial-time algorithm can find a convincing proof π' that verifies for an input x and a different output y' ≠ y. The second security requirement, called sequentiality, is that no polynomial-time algorithm running in time σ < T for some parameter σ (e.g., σ = T^{1/10}) can compute y, even with poly(T,λ) many parallel processors. Starting from the work of Boneh et al., there are now multiple constructions of VDFs from various algebraic assumptions. In this work, we study whether VDFs can be constructed from ideal hash functions in a black-box way, as modeled in the random oracle model (ROM). In the ROM, we measure the running time by the number of oracle queries and the sequentiality by the number of rounds of oracle queries. We rule out two classes of constructions of VDFs in the ROM: - We show that VDFs satisfying perfect uniqueness (i.e., VDFs where no different convincing solution y' ≠ y exists) cannot be constructed in the ROM. More formally, we give an attacker that finds the solution y in ≈ t rounds of queries, asking only poly(T) queries in total. - We also rule out tight verifiable delay functions in the ROM. Tight verifiable delay functions, recently studied by Döttling, Garg, Malavolta, and Vasudevan (ePrint Report 2019), require sequentiality for σ ≈ T-T^ρ for some constant 0 < ρ < 1. More generally, our lower bound also applies to proofs of sequential work (i.e., VDFs without the uniqueness property), even in the private verification setting, and sequentiality σ > T-(T)/(2t) for a concrete verification time t.

Subject Classification

ACM Subject Classification
  • Theory of computation → Cryptographic primitives
  • verifiable delay function
  • lower bound
  • random oracle model


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. Hamza Abusalah, Chethan Kamath, Karen Klein, Krzysztof Pietrzak, and Michael Walter. Reversible proofs of sequential work. In EUROCRYPT, pages 277-291, 2019. Google Scholar
  2. Joël Alwen and Vladimir Serbinenko. High parallel complexity graphs and memory-hard functions. In STOC, pages 595-603, 2015. Google Scholar
  3. Boaz Barak and Mohammad Mahmoody. Merkle’s key agreement protocol is optimal: An o(n^2) attack on any key agreement from random oracles. J. Cryptology, 30(3):699-734, 2017. Google Scholar
  4. Ingrid Biehl, Johannes A. Buchmann, Safuat Hamdy, and Andreas Meyer. A signature scheme based on the intractability of computing roots. Des. Codes Cryptogr., 25(3):223-236, 2002. Google Scholar
  5. Dan Boneh, Joseph Bonneau, Benedikt Bünz, and Ben Fisch. Verifiable delay functions. In CRYPTO, pages 757-788, 2018. Google Scholar
  6. Zvika Brakerski, Jonathan Katz, Gil Segev, and Arkady Yerukhimovich. Limits on the power of zero-knowledge proofs in cryptographic constructions. In TCC, pages 559-578, 2011. Google Scholar
  7. Jin-yi Cai, Richard J. Lipton, Robert Sedgewick, and Andrew Chi-Chih Yao. Towards uncheatable benchmarks. In Structure in Complexity Theory Conference, pages 2-11, 1993. Google Scholar
  8. Bram Cohen and Krzysztof Pietrzak. Simple proofs of sequential work. In EUROCRYPT, pages 451-467, 2018. Google Scholar
  9. Jean-Sébastien Coron, Jacques Patarin, and Yannick Seurin. The random oracle model and the ideal cipher model are equivalent. In CRYPTO, pages 1-20, 2008. Google Scholar
  10. Nico Döttling, Sanjam Garg, Giulio Malavolta, and Prashant Nalini Vasudevan. Tight verifiable delay functions. IACR Cryptology ePrint Archive, 2019:659, 2019. Google Scholar
  11. Nico Döttling, Russell W. F. Lai, and Giulio Malavolta. Incremental proofs of sequential work. In EUROCRYPT, pages 292-323, 2019. Google Scholar
  12. Cynthia Dwork and Moni Naor. Pricing via processing or combatting junk mail. In CRYPTO, pages 139-147, 1992. Google Scholar
  13. Naomi Ephraim, Cody Freitag, Ilan Komargodski, and Rafael Pass. Continuous verifiable delay functions. IACR Cryptology ePrint Archive, 2019:619, 2019. Google Scholar
  14. Luca De Feo, Simon Masson, Christophe Petit, and Antonio Sanso. Verifiable delay functions from supersingular isogenies and pairings. In ASIACRYPT, pages 248-277, 2019. Google Scholar
  15. Thomas Holenstein, Robin Künzler, and Stefano Tessaro. The equivalence of the random oracle model and the ideal cipher model, revisited. In STOC, pages 89-98, 2011. Google Scholar
  16. Matt Howard and Bram Cohen. Chia network announces 2nd VDF competition with $100,000 in total prize money, 2019. Google Scholar
  17. Russell Impagliazzo and Steven Rudich. Limits on the provable consequences of one-way permutations. In STOC, pages 44-61, 1989. Google Scholar
  18. Eleftherios Kokoris-Kogias, Philipp Jovanovic, Nicolas Gailly, Ismail Khoffi, Linus Gasser, and Bryan Ford. Enhancing bitcoin security and performance with strong consistency via collective signing. In USENIX Security Symposium, pages 279-296, 2016. Google Scholar
  19. Esteban Landerreche, Marc Stevens, and Christian Schaffner. Non-interactive cryptographic timestamping based on verifiable delay functions. IACR Cryptology ePrint Archive, 2019:197, 2019. Google Scholar
  20. Arjen K. Lenstra and Benjamin Wesolowski. A random zoo: sloth, unicorn, and trx. IACR Cryptology ePrint Archive, 2015:366, 2015. Google Scholar
  21. Mohammad Mahmoody, Tal Moran, and Salil P. Vadhan. Time-lock puzzles in the random oracle model. In CRYPTO, pages 39-50, 2011. Google Scholar
  22. Mohammad Mahmoody, Tal Moran, and Salil P. Vadhan. Publicly verifiable proofs of sequential work. In ITCS, pages 373-388, 2013. Google Scholar
  23. Takahiro Matsuda and Kanta Matsuura. On black-box separations among injective one-way functions. In TCC, pages 597-614, 2011. Google Scholar
  24. Krzysztof Pietrzak. Simple verifiable delay functions. In ITCS, pages 60:1-60:15, 2019. Google Scholar
  25. R. L. Rivest, A. Shamir, and D. A. Wagner. Time-lock puzzles and timed-release crypto, 1996. Google Scholar
  26. Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM, 21(2):120-126, 1978. Google Scholar
  27. Steven Rudich. Limits on the Provable Consequences of One-way Functions. PhD thesis, EECS Department, University of California, Berkeley, 1988. URL:
  28. Barak Shani. A note on isogeny-based hybrid verifiable delay functions. IACR Cryptology ePrint Archive, 2019:205, 2019. Google Scholar
  29. Benjamin Wesolowski. Efficient verifiable delay functions. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 379-407. Springer, 2019. Google Scholar
Questions / Remarks / Feedback

Feedback for Dagstuhl Publishing

Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail