CryptoDB
Exponent-VRFs and Their Applications
| Authors: |
|
|---|---|
| Download: | |
| Conference: | EUROCRYPT 2025 |
| Abstract: | Verifiable random functions (VRFs) are pseudorandom functions where the function owner can prove that a generated output is correct relative to a committed key. In this paper we introduce the notion of an exponent-VRF (eVRF): a VRF that does not provide its output y explicitly, but instead provides Y = y*G, where G is a generator of some finite cyclic group (or Y=g^y in multiplicative notation). We construct eVRFs from the Paillier encryption scheme and from DDH (both in the random-oracle model). We then show that an eVRF is a powerful tool that has many important applications in threshold cryptography. In particular, we construct (1) a one-round fully simulatable distributed key-generation protocol (after a single two-round initialization phase), (2) a two-round fully simulatable signing protocol for multiparty Schnorr with a deterministic variant, (3) a two-party ECDSA protocol that has a deterministic variant, (4) a threshold Schnorr signing protocol where the parties can later prove that they signed without being able to frame another group, and (5) an MPC-friendly and verifiable HD-derivation. All these applications are derived from this single new eVRF abstraction. The resulting protocols are concretely efficient. |
BibTeX
@inproceedings{eurocrypt-2025-34998,
title={Exponent-VRFs and Their Applications},
publisher={Springer-Verlag},
author={Dan Boneh and Iftach Haitner and Yehuda Lindell and Gil Segev},
year=2025
}