Can Verifiable Delay Functions Be Based on Random Oracles?
Boneh, Bonneau, Bünz, and Fisch (CRYPTO 2018) recently introduced the notion of a verifiable delay function (VDF). VDFs are functions that take a long sequential time T to compute, but whose outputs y := Eval(x) can be efficiently verified (possibly given a proof π) in time t ≪ T (e.g., t = poly(λ, log T) where λ is the security parameter). The first security requirement on a VDF, called uniqueness, is that no polynomial-time algorithm can find a convincing proof π' that verifies for an input x and a different output y' ≠ y. The second security requirement, called sequentiality, is that no polynomial-time algorithm running in time σ < T for some parameter σ (e.g., σ = T^{1/10}) can compute y, even with poly(T,λ) many parallel processors. Starting from the work of Boneh et al., there are now multiple constructions of VDFs from various algebraic assumptions.
In this work, we study whether VDFs can be constructed from ideal hash functions in a black-box way, as modeled in the random oracle model (ROM). In the ROM, we measure the running time by the number of oracle queries and the sequentiality by the number of rounds of oracle queries. We rule out two classes of constructions of VDFs in the ROM:
- We show that VDFs satisfying perfect uniqueness (i.e., VDFs where no different convincing solution y' ≠ y exists) cannot be constructed in the ROM. More formally, we give an attacker that finds the solution y in ≈ t rounds of queries, asking only poly(T) queries in total.
- We also rule out tight verifiable delay functions in the ROM. Tight verifiable delay functions, recently studied by Döttling, Garg, Malavolta, and Vasudevan (ePrint Report 2019), require sequentiality for σ ≈ T-T^ρ for some constant 0 < ρ < 1. More generally, our lower bound also applies to proofs of sequential work (i.e., VDFs without the uniqueness property), even in the private verification setting, and sequentiality σ > T-(T)/(2t) for a concrete verification time t.
verifiable delay function
lower bound
random oracle model
Theory of computation~Cryptographic primitives
83:1-83:17
Track A: Algorithms, Complexity and Games
The full version of this paper is available at https://eprint.iacr.org/2019/663.
Mohammad
Mahmoody
Mohammad Mahmoody
University of Virginia, Charlottesville, VA, USA
Supported by NSF awards CCF-1350939, CCF-1910681, CNS-1936799 and a University of Virginia SEAS Research Innovation Award.
Caleb
Smith
Caleb Smith
University of Virginia, Charlottesville, VA, USA
David J.
Wu
David J. Wu
University of Virginia, Charlottesville, VA, USA
Supported by NSF CNS-1917414 and a University of Virginia SEAS Research Innovation Award.
10.4230/LIPIcs.ICALP.2020.83
Hamza Abusalah, Chethan Kamath, Karen Klein, Krzysztof Pietrzak, and Michael Walter. Reversible proofs of sequential work. In EUROCRYPT, pages 277-291, 2019.
Joël Alwen and Vladimir Serbinenko. High parallel complexity graphs and memory-hard functions. In STOC, pages 595-603, 2015.
Boaz Barak and Mohammad Mahmoody. Merkle’s key agreement protocol is optimal: An o(n^2) attack on any key agreement from random oracles. J. Cryptology, 30(3):699-734, 2017.
Ingrid Biehl, Johannes A. Buchmann, Safuat Hamdy, and Andreas Meyer. A signature scheme based on the intractability of computing roots. Des. Codes Cryptogr., 25(3):223-236, 2002.
Dan Boneh, Joseph Bonneau, Benedikt Bünz, and Ben Fisch. Verifiable delay functions. In CRYPTO, pages 757-788, 2018.
Zvika Brakerski, Jonathan Katz, Gil Segev, and Arkady Yerukhimovich. Limits on the power of zero-knowledge proofs in cryptographic constructions. In TCC, pages 559-578, 2011.
Jin-yi Cai, Richard J. Lipton, Robert Sedgewick, and Andrew Chi-Chih Yao. Towards uncheatable benchmarks. In Structure in Complexity Theory Conference, pages 2-11, 1993.
Bram Cohen and Krzysztof Pietrzak. Simple proofs of sequential work. In EUROCRYPT, pages 451-467, 2018.
Jean-Sébastien Coron, Jacques Patarin, and Yannick Seurin. The random oracle model and the ideal cipher model are equivalent. In CRYPTO, pages 1-20, 2008.
Nico Döttling, Sanjam Garg, Giulio Malavolta, and Prashant Nalini Vasudevan. Tight verifiable delay functions. IACR Cryptology ePrint Archive, 2019:659, 2019.
Nico Döttling, Russell W. F. Lai, and Giulio Malavolta. Incremental proofs of sequential work. In EUROCRYPT, pages 292-323, 2019.
Cynthia Dwork and Moni Naor. Pricing via processing or combatting junk mail. In CRYPTO, pages 139-147, 1992.
Naomi Ephraim, Cody Freitag, Ilan Komargodski, and Rafael Pass. Continuous verifiable delay functions. IACR Cryptology ePrint Archive, 2019:619, 2019.
Luca De Feo, Simon Masson, Christophe Petit, and Antonio Sanso. Verifiable delay functions from supersingular isogenies and pairings. In ASIACRYPT, pages 248-277, 2019.
Thomas Holenstein, Robin Künzler, and Stefano Tessaro. The equivalence of the random oracle model and the ideal cipher model, revisited. In STOC, pages 89-98, 2011.
Matt Howard and Bram Cohen. Chia network announces 2nd VDF competition with $100,000 in total prize money, 2019.
Russell Impagliazzo and Steven Rudich. Limits on the provable consequences of one-way permutations. In STOC, pages 44-61, 1989.
Eleftherios Kokoris-Kogias, Philipp Jovanovic, Nicolas Gailly, Ismail Khoffi, Linus Gasser, and Bryan Ford. Enhancing bitcoin security and performance with strong consistency via collective signing. In USENIX Security Symposium, pages 279-296, 2016.
Esteban Landerreche, Marc Stevens, and Christian Schaffner. Non-interactive cryptographic timestamping based on verifiable delay functions. IACR Cryptology ePrint Archive, 2019:197, 2019.
Arjen K. Lenstra and Benjamin Wesolowski. A random zoo: sloth, unicorn, and trx. IACR Cryptology ePrint Archive, 2015:366, 2015.
Mohammad Mahmoody, Tal Moran, and Salil P. Vadhan. Time-lock puzzles in the random oracle model. In CRYPTO, pages 39-50, 2011.
Mohammad Mahmoody, Tal Moran, and Salil P. Vadhan. Publicly verifiable proofs of sequential work. In ITCS, pages 373-388, 2013.
Takahiro Matsuda and Kanta Matsuura. On black-box separations among injective one-way functions. In TCC, pages 597-614, 2011.
Krzysztof Pietrzak. Simple verifiable delay functions. In ITCS, pages 60:1-60:15, 2019.
R. L. Rivest, A. Shamir, and D. A. Wagner. Time-lock puzzles and timed-release crypto, 1996.
Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM, 21(2):120-126, 1978.
Steven Rudich. Limits on the Provable Consequences of One-way Functions. PhD thesis, EECS Department, University of California, Berkeley, 1988. URL: http://www2.eecs.berkeley.edu/Pubs/TechRpts/1988/6060.html.
http://www2.eecs.berkeley.edu/Pubs/TechRpts/1988/6060.html
Barak Shani. A note on isogeny-based hybrid verifiable delay functions. IACR Cryptology ePrint Archive, 2019:205, 2019.
Benjamin Wesolowski. Efficient verifiable delay functions. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 379-407. Springer, 2019.
Mohammad Mahmoody, Caleb Smith, and David J. Wu
Creative Commons Attribution 3.0 Unported license
https://creativecommons.org/licenses/by/3.0/legalcode