[PDF] Top 20 Verifiable Random Functions from Weaker Assumptions

... a verifiable random function (VRF) with large in- put space and full adaptive security from a static, non-interactive complexity as- sumption, like decisional Diffie-Hellman, has proven to be a ... See full document

... In order to be able to efficiently instantiate the code-based AHFs, it is important to reduce the length of code words n. This is because applications usually embed the AHF in the public keys or public parameters of a ... See full document

... negligible functions negl, there exists a security parameter κ and negl(κ) < Succ(Exp-IV-Int(Ext2Int(Γ, Π, Σ, H), A, ...unforgeability from A: B(pd, κ) ... See full document

... with the PRF output F (k, x), so that the user receiving (y, π) will be able to verify whether the value y he received is indeed the correct PRF output F(k, x). But on points x ∈ X for which π is not received, the PRF ... See full document

... onewayness of f. Thus f (ω ∗ ) = x with all but negligible probability, and the soundness follows. Concurrent zero-knowledgeness. We will mainly assume that the zero-knowledge protocols are run sequentially in this ... See full document

... Verifiable Random Function The verifiable random function introduced by Micali, Rabin and Vadhan [MRV99] is a type of pseudorandom function by which anyone can verify the validity of the ... See full document

... drawn from previ- ous works, specifically, code-voting and double ballots from [7], and secret-sharing homomorphisms from [8], but also introduces a number of novel elements that enable us to prove ... See full document

... are verifiable random functions, the scheme [6] is a strongly un- forgeable signature, and the others are verifiable unpredictable functions (unique ...differs from that of ... See full document

... the functions of public key encryption and digital ...novel verifiable authenticated encryp- tion (VAE) scheme with the functionality of recipient ...the random oracle proof ... See full document

... ideal random invertible permutation model. Unfortunately, unlike for random oracles, there is no standard cryptographic object which could be used to directly instantiate random invertible ... See full document

... non-interactive verifiable out- sourced computation based on FHE without using garble circuit, which eliminat- ed the large public key from Gennaro et ...several random inputs in the offline ... See full document

... Key-encapsulation techniques in functional encryption. Key encapsulation (also known as “hybrid encryption”) is an extremely useful approach in the design of encryption schemes, both for improved efficiency and for ... See full document

... ` from the set Primes(2λ) instead of Primes(λ); otherwise there is a ˜ O(2 λ/2 ) time attack on the non-interactive succinct ...` from Primes(2λ) makes the attack time ˜ O(2 λ ), which is ...the ... See full document

... parameter from T to T /2 at the cost of having two instead just one statement to ...the random exponent r) if the original statement was wrong, no matter what µ the malicious prover did ... See full document

... Homomorphic signature schemes allow to check the correctness of a com- putations result without having to perform the computation oneself. This allows a client to delegate computations to a computationally more pow- ... See full document

... Related work. VRFs have been constructed in bilinear groups by Lysyanskaya [Lys02] and Dodis [Dod03]. Based on Boneh-Boyen signatures [BB04b], Dodis and Yampolskiy [DY05] gave the first efficient scheme that is secure ... See full document

... While the group structure and bilinear map enable public verification, they only support a limited set of homomorphic operations, namely quadratic polynomials. As a result, we can only handle protocols where both the ... See full document

... construction from a special type of identity-based key encapsulation ...complexity assumptions, the exceptions [28, 11, 2, 29] were mentioned ...interactive assumptions to prevent circular arguments, ... See full document

... seemingly random nonces or data either on a trusted or untrusted channel is the hardness of verify- ing the correctness of such ...systems. Verifiable random functions[1] presented by Micali ... See full document

... the random oracle model is quite controversial, an important open problem after the construction of the Boneh-Franklin scheme was to develop an identity based encryption scheme which is provably secure in the ... See full document