eng
Schloss Dagstuhl – Leibniz-Zentrum für Informatik
Leibniz International Proceedings in Informatics
1868-8969
2019-01-08
60:1
60:15
10.4230/LIPIcs.ITCS.2019.60
article
Simple Verifiable Delay Functions
Pietrzak, Krzysztof
1
Institute of Science and Technology Austria, Austria
We construct a verifiable delay function (VDF) by showing how the Rivest-Shamir-Wagner time-lock puzzle can be made publicly verifiable.
Concretely, we give a statistically sound public-coin protocol to prove that a tuple (N,x,T,y) satisfies y=x^{2^T} mod N where the prover doesn't know the factorization of N and its running time is dominated by solving the puzzle, that is, compute x^{2^T}, which is conjectured to require T sequential squarings. To get a VDF we make this protocol non-interactive using the Fiat-Shamir heuristic.
The motivation for this work comes from the Chia blockchain design, which uses a VDF as a key ingredient. For typical parameters (T <=2^{40},N=2048), our proofs are of size around 10KB, verification cost around three RSA exponentiations and computing the proof is 8000 times faster than solving the puzzle even without any parallelism.
https://drops.dagstuhl.de/storage/00lipics/lipics-vol124-itcs2019/LIPIcs.ITCS.2019.60/LIPIcs.ITCS.2019.60.pdf
Verifiable delay functions
Time-lock puzzles