# Verifiable Delay Functions

@article{Boneh2018VerifiableDF, title={Verifiable Delay Functions}, author={Dan Boneh and Joseph Bonneau and Benedikt B{\"u}nz and Ben Fisch}, journal={IACR Cryptol. ePrint Arch.}, year={2018}, volume={2018}, pages={601} }

We study the problem of building a verifiable delay function (VDF). A \(\text {VDF}\)requires a specified number of sequential steps to evaluate, yet produces a unique output that can be efficiently and publicly verified. \(\text {VDF}\)s have many applications in decentralized systems, including public randomness beacons, leader election in consensus protocols, and proofs of replication. We formalize the requirements for \(\text {VDF}\)s and present new candidate constructions that are the…

## 251 Citations

Delay Function with Fixed Effort Verification

- Computer Science, MathematicsArXiv
- 2021

This paper proposes a verifiable delay function that requires fixed effort during verification and this effort to verify is independent of the security parameter of the scheme.

Two Sequential Squaring Verifiable Delay Function

- Computer Science, Mathematics
- 2021

This paper proposes a verifiable delay function that requires only 2modulo squaring for verification, so the sequential effort required for verification is independent of the security parameter.

How Hard Are Verifiable Delay Functions?

- Computer ScienceArXiv
- 2022

This paper shows that the class of all the VDFs, VDF * IP, is constructed from an EXP-complete language and reduced to the derived VDF, which means if VDF ⊆ PSPACE = IP then EXP ⊬ = IP which has no proof yet.

Nakamoto Consensus with Verifiable Delay Puzzle

- Computer Science, MathematicsArXiv
- 2019

This paper summarizes the work-in-progress on a new consensus protocol based on verifiable delay function, which resembles the hashing puzzle used in the PoW mechanism but can only be solved sequentially and shows that VDP can be combined with the Nakamoto consensus in a proof-of-stake/proof- of-delay hybrid protocol.

A Survey of Two Verifiable Delay Functions

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2018

This short note briefly surveys and compares two recent beautiful Verifiable Delay Functions (VDFs), one due to Pietrzak and the other due to Wesolowski, and provides a new computational proof of security for one of them.

RandRunner: Distributed Randomness from Trapdoor VDFs with Strong Uniqueness

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2020

This design allows RandRunner to tolerate adversarial or failed leaders while guaranteeing safety and liveness of the protocol despite possible periods of asynchrony, and avoids the necessity of a BFT consensus protocol and its accompanying high complexity and communication overhead.

Efficient verifiable delay functions

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2018

This work constructs a verifiable delay function (VDF) based on groups of unknown order such as an RSA group, or the class group of an imaginary quadratic field, which is very short, and the verification of correctness is very efficient.

Efficient Verifiable Delay Functions

- Computer Science, MathematicsJ. Cryptol.
- 2020

This work constructs a verifiable delay function (VDF) based on groups of unknown order such as an RSA group or the class group of an imaginary quadratic field, and the output of the construction is very short, the verification of correctness is very efficient.

Efficient Verifiable Delay Functions (extended version)

- Computer Science, Mathematics
- 2021

This work constructs a verifiable delay function (VDF) based on groups of unknown order such as an RSA group, or the class group of an imaginary quadratic field, which is very short, and the verification of correctness is very efficient.

Simple Verifiable Delay Functions

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2018

A statistically sound public-coin protocol to prove that a tuple (N,x,T,y) satisfies y=x2T (mod N) where the prover doesn’t know the factorization of N and its running time is dominated by solving the puzzle, that is, compute x2T, which is conjectured to require T sequential squarings.

## References

SHOWING 1-10 OF 83 REFERENCES

Efficient verifiable delay functions

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2018

This work constructs a verifiable delay function (VDF) based on groups of unknown order such as an RSA group, or the class group of an imaginary quadratic field, which is very short, and the verification of correctness is very efficient.

Simple Verifiable Delay Functions

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2018

A statistically sound public-coin protocol to prove that a tuple (N,x,T,y) satisfies y=x2T (mod N) where the prover doesn’t know the factorization of N and its running time is dominated by solving the puzzle, that is, compute x2T, which is conjectured to require T sequential squarings.

Tight Verifiable Delay Functions

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2019

This work studies tight VDFs, where the function can be evaluated in time not much more than the sequentiality bound T.

Simple Proofs of Sequential Work

- Mathematics, Computer ScienceIACR Cryptol. ePrint Arch.
- 2018

At ITCS 2013, Mahmoody, Moran and Vadhan [MMV13] introduce and construct publicly verifiable proofs of sequential work, which is a protocol for proving that one spent sequential computational work…

Publicly verifiable proofs of sequential work

- Computer Science, MathematicsITCS '13
- 2013

A publicly verifiable protocol for proving computational work based on collision-resistant hash functions and a new plausible complexity assumption regarding the existence of "inherently sequential" hash functions that makes a novel use of "depth-robust" directed acyclic graphs.

SCRAPE: Scalable Randomness Attested by Public Entities

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2017

This work presents a coin tossing protocol for an honest majority that allows for any entity to verify that an output was honestly generated by observing publicly available information (even after the execution is complete), while achieving both guaranteed output delivery and scalability.

Snow White: Provably Secure Proofs of Stake

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2016

It is argued that any consensus protocol satisfying functionalities and robustness requirements can be used for proofs-of-stake, as long as money does not switch hands too quickly, and this work is the first to formally articulate a set of requirements for consensus candidates for proofs ofstake.

PoReps: Proofs of Space on Useful Data

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2018

A rational security notion for PoReps is introduced called -rational replication based on the notion of an -Nash equilibrium, which captures the property that a server does not gain any significant advantage by storing its data in any other (non-redundant) format.

Recursive composition and bootstrapping for SNARKS and proof-carrying data

- Computer Science, MathematicsSTOC '13
- 2013

This work constructs the first fully-succinct publicly-verifiable SNARK, and recursively compose the SNARK to obtain a "weak" PCD system for shallow distributed computations, and uses the PCD framework to attain stronger notions of SNARKs and PCD systems.

Bitcoin Beacon

- Mathematics, Computer ScienceArXiv
- 2016

It is shown that πbeacon can be instantiated via Bitcoin under sensible assumptions, and an adversary with an arbitrarily large initial budget who may not operate at a loss indefinitely is considered.