Ef£cient Construction of (Distributed) Veri£able Random Functions
نویسنده
چکیده
We give the £rst simple and ef£cient construction of veri£able random functions (VRFs). VRFs, introduced by Micali et al. [MRV99], combine the properties of regular pseudorandom functions (PRFs) [GGM86] (i.e., indistinguishability from a random function) and digital signatures [GMR88] (i.e., one can provide an unforgeable proof that the VRF value is correctly computed). The ef£ciency of our VRF construction is only slightly worse than that of a regular PRF construction of Naor and Reingold [NR97]. In contrast to ours, the previous VRF constructions [MRV99, Lys02] all involved an expensive generic transformation from veri£able unpredictable functions (VUFs), while our construction is simple and direct. We also provide the £rst construction of distributed VRFs. Our construction is more ef£cient than the only known construction of distributed (non-veri£able) PRFs [Nie02], but has more applications than the latter. For example, it can be used to distributively implement the random oracle model in a publicly veri£able manner, which by itself has many applications (e.g., constructing threshold signature schemes). Our main construction is based on a new variant of decisional Dif£e-Hellman (DDH) assumption on certain groups where the regular DDH assumption does not hold. We do not make any claims about the validity of our assumption (which we call sum-free DDH, or sf-DDH). However, this assumption seems to be plausible based on our current understanding of certain candidate elliptic and hyperelliptic groups which were recently proposed for use in cryptography [JN01, Jou00]. We hope that the demonstrated power of our sf-DDH assumption will serve as a motivation for its closer study. Department of Computer Science, New York University, 251 Mercer Street, New York, NY 10012, USA. Email: [email protected]
منابع مشابه
Efcient Multi-Party Digital Signature using Adaptive Secret Sharing for Low-Power Devices in Wireless Networks
In this paper, we propose an efcient multi-party signature scheme for wireless networks where a given number of signees can jointly sign a document, and it can be veried by any entity who possesses the certied group public key. Our scheme is based on an efcient threshold key generation scheme which is able to defend against both static and adaptive adversaries. Specically, our key generati...
متن کاملNew Constructions of Mechanisms with Veri cation
A social choice function A is implementable with veri cation if there exists a payment scheme P such that (A,P ) is a truthful mechanism for veri able agents [Nisan and Ronen STOC 99]. In this paper we address the following questions. Given an objective function μ, does there exist a social choice function that is implementable with veri cation and that minimizes (or maximizes) μ? From a more a...
متن کاملDense Probabilistic Encryption
This paper describes a method of dense probabilistic encryption. Previous probabilistic encryption methods require large numbers of random bits and produce large amounts of ciphertext for the encryption of each bit of plaintext. This paper develops a method of probabilistic encryption in which the ratio of ciphertext text size to plaintext size and the proportion of random bits to plaintext can...
متن کاملTrapdoor Smooth Projective Hash Functions
Katz and Vaikuntanathan recently improved smooth projective hash functions in order to build oneround password-authenticated key exchange protocols (PAKE). To achieve security in the UC framework they allowed the simulator to extract the hashing key, which required simulation-sound non-interactive zero-knowledge proofs that are unfortunately ine cient. We improve the way the latter extractabili...
متن کاملScalable compression of volumetric images
An important problem in medical imaging is that of ef cient volumetric image compression. In addition to compression ef ciency, scalable representations which allow access to the data at various qualities up to and including lossless reproduction are particularly important. Also important is the ability to access local regions of the volumetric data set or to alter the delity or resolution with...
متن کامل