Advertisement

Hunting and Gathering – Verifiable Random Functions from Standard Assumptions with Short Proofs

  • Lisa KohlEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11443)

Abstract

A verifiable random function (VRF) is a pseudorandom function, where outputs can be publicly verified. That is, given an output value together with a proof, one can check that the function was indeed correctly evaluated on the corresponding input. At the same time, the output of the function is computationally indistinguishable from random for all non-queried inputs.

We present the first construction of a VRF which meets the following properties at once: It supports an exponential-sized input space, it achieves full adaptive security based on a non-interactive constant-size assumption and its proofs consist of only a logarithmic number of group elements for inputs of arbitrary polynomial length.

Our construction can be instantiated in symmetric bilinear groups with security based on the decision linear assumption. We build on the work of Hofheinz and Jager (TCC 2016), who were the first to construct a verifiable random function with security based on a non-interactive constant-size assumption. Basically, their VRF is a matrix product in the exponent, where each matrix is chosen according to one bit of the input. In order to allow verification given a symmetric bilinear map, a proof consists of all intermediary results. This entails a proof size of \(\varOmega (L)\) group elements, where L is the bit-length of the input.

Our key technique, which we call hunting and gathering, allows us to break this barrier by rearranging the function, which – combined with the partitioning techniques of Bitansky (TCC 2017) – results in a proof size of \(\ell \) group elements for arbitrary \(\ell \in \omega (1)\).

Notes

Acknowledgments

I would like to thank the anonymous reviewers of TCC 2018 and PKC 2019 for their helpful comments. Further, I would like to thank my advisor Dennis Hofheinz for his support and helpful feedback.

References

  1. 1.
    Abdalla, M., Catalano, D., Fiore, D.: Verifiable random functions from identity-based key encapsulation. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 554–571. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-01001-9_32CrossRefGoogle Scholar
  2. 2.
    Abdalla, M., Catalano, D., Fiore, D.: Verifiable random functions: relations to identity-based key encapsulation and new constructions. J. Cryptol. 27(3), 544–593 (2014).  https://doi.org/10.1007/s00145-013-9153-xMathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Abdalla, M., Fiore, D., Lyubashevsky, V.: From selective to full security: semi-generic transformations in the standard model. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 316–333. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-30057-8_19CrossRefGoogle Scholar
  4. 4.
    Au, M.H., Susilo, W., Mu, Y.: Practical compact E-Cash. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 431–445. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-73458-1_31CrossRefGoogle Scholar
  5. 5.
    Badrinarayanan, S., Goyal, V., Jain, A., Sahai, A.: A note on VRFs from verifiable functional encryption. Cryptology ePrint Archive, Report 2017/051 (2017). http://eprint.iacr.org/2017/051
  6. 6.
    Belenkiy, M., Chase, M., Kohlweiss, M., Lysyanskaya, A.: Compact E-Cash and simulatable VRFs revisited. In: Shacham, H., Waters, B. (eds.) Pairing 2009. LNCS, vol. 5671, pp. 114–131. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03298-1_9CrossRefGoogle Scholar
  7. 7.
    Bitansky, N.: Verifiable random functions from non-interactive witness-indistinguishable proofs. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017, Part II. LNCS, vol. 10678, pp. 567–594. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70503-3_19CrossRefGoogle Scholar
  8. 8.
    Boneh, D., Boyen, X.: Secure identity based encryption without random oracles. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 443–459. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28628-8_27CrossRefGoogle Scholar
  9. 9.
    Boneh, D., Montgomery, H.W., Raghunathan, A.: Algebraic pseudorandom functions with improved efficiency from the augmented cascade. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) ACM CCS 2010. ACM Press, October 2010, pp. 131–140 (2010).  https://doi.org/10.1145/1866307.1866323
  10. 10.
    Cash, D., Hofheinz, D., Kiltz, E., Peikert, C.: Bonsai trees, or how to delegate a lattice basis. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 523–552. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_27CrossRefGoogle Scholar
  11. 11.
    Dodis, Y.: Efficient construction of (distributed) verifiable random functions. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 1–17. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36288-6_1CrossRefGoogle Scholar
  12. 12.
    Dodis, Y., Yampolskiy, A.: A verifiable random function with short proofs and keys. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 416–431. Springer, Heidelberg (2005).  https://doi.org/10.1007/978-3-540-30580-4_28CrossRefGoogle Scholar
  13. 13.
    Escala, A., Herold, G., Kiltz, E., Ràfols, C., Villar, J.: An algebraic framework for Diffie-Hellman assumptions. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part II. LNCS, vol. 8043, pp. 129–147. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40084-1_8CrossRefGoogle Scholar
  14. 14.
    Freire, E.S.V., Hofheinz, D., Paterson, K.G., Striecks, C.: Programmable hash functions in the multilinear setting. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 513–530. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_28CrossRefzbMATHGoogle Scholar
  15. 15.
    Goldreich, O.: Computational complexity: a conceptual perspective. ACM Sigact News 39(3), 35–39 (2008)CrossRefGoogle Scholar
  16. 16.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Goldreich, O., Oren, Y.: Definitions and properties of zero-knowledge proof systems. J. Cryptol. 7(1), 1–32 (1994)Google Scholar
  18. 18.
    Goyal, R., Hohenberger, S., Koppula, V., Waters, B.: A generic approach to constructing and proving verifiable random functions. Cryptology ePrint Archive, Report 2017/021 (2017). http://eprint.iacr.org/2017/021
  19. 19.
    Groth, J., Ostrovsky, R., Sahai, A.: New techniques for noninteractive zero-knowledge. J. ACM 59(3), 11:1–11:35 (2012).  https://doi.org/10.1145/2220357.2220358. ISSN 0004–5411MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Hofheinz, D., Jager, T.: Verifiable random functions from standard assumptions. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016, Part I. LNCS, vol. 9562, pp. 336–362. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49096-9_14CrossRefGoogle Scholar
  21. 21.
    Hohenberger, S., Waters, B.: Constructing verifiable random functions with large input spaces. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 656–672. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_33CrossRefGoogle Scholar
  22. 22.
    Hofheinz, D., Jager, T.: Verifiable random functions from standard assumptions. Cryptology ePrint Archive, Report 2015/1048 (2015). http://eprint.iacr.org/2015/1048
  23. 23.
    Jager, T.: Verifiable random functions from weaker assumptions. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015, Part II. LNCS, vol. 9015, pp. 121–143. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46497-7_5CrossRefGoogle Scholar
  24. 24.
    Jarecki, S., Shmatikov, V.: Handcuffing big brother: an abuse-resilient transaction escrow scheme. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 590–608. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24676-3_35CrossRefGoogle Scholar
  25. 25.
    Katsumata, S.: On the untapped potential of encoding predicates by arithmetic circuits and their applications. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part III. LNCS, vol. 10626, pp. 95–125. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70700-6_4CrossRefGoogle Scholar
  26. 26.
    Liskov, M.: Updatable zero-knowledge databases. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 174–198. Springer, Heidelberg (2005).  https://doi.org/10.1007/11593447_10CrossRefGoogle Scholar
  27. 27.
    Lysyanskaya, A.: Unique signatures and verifiable random functions from the DH-DDH separation. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 597–612. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45708-9_38CrossRefGoogle Scholar
  28. 28.
    Micali, S., Rabin, M.O., Vadhan, S.P.: Verifiable random functions. In: 40th FOCS. IEEE Computer Society Press, pp. 120–130, October 1999.  https://doi.org/10.1109/SFFCS.1999.814584
  29. 29.
    Micali, S., Reyzin, L.: Soundness in the public-key model. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 542–565. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44647-8_32CrossRefzbMATHGoogle Scholar
  30. 30.
    Micali, S., Rivest, R.L.: Micropayments revisited. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 149–163. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45760-7_11CrossRefGoogle Scholar
  31. 31.
    Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudo-random functions. J. ACM 51(2), 231–262 (2004)Google Scholar
  32. 32.
    Reed, I.S., Solomon, G.: Polynomial codes over certain finite fields. J. Soc. Ind. Appl. Math. 8(2), 300–304 (1960)MathSciNetCrossRefGoogle Scholar
  33. 33.
    Roşie, R.: Adaptive-secure VRFs. Cryptology ePrint Archive, Report 2017/750 (2017). http://eprint.iacr.org/2017/750
  34. 34.
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005).  https://doi.org/10.1007/11426639_7CrossRefGoogle Scholar
  35. 35.
    Yamada, S.: Asymptotically compact adaptively secure lattice IBEs and verifiable random functions via generalized partitioning techniques. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part III. LNCS, vol. 10403, pp. 161–193. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63697-9_6CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.Karlsruhe Institute of TechnologyKarlsruheGermany

Personalised recommendations