Re: [Cfrg] I-D Action: draft-irtf-cfrg-vrf-06.txt

Manu Sporny <> Tue, 11 February 2020 21:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BAC1112081F for <>; Tue, 11 Feb 2020 13:50:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.89
X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 0xEeYj4wfNQa for <>; Tue, 11 Feb 2020 13:50:17 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B8289120018 for <>; Tue, 11 Feb 2020 13:50:17 -0800 (PST)
Received: from [] by with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from <>) id 1j1dVh-0001mb-Lx for; Tue, 11 Feb 2020 16:56:01 -0500
References: <> <>
From: Manu Sporny <>
Message-ID: <>
Date: Tue, 11 Feb 2020 16:50:15 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-SA-Exim-Scanned: No (on; SAEximRunCond expanded to false
Archived-At: <>
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-vrf-06.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 11 Feb 2020 21:50:20 -0000

On 2/11/20 12:31 PM, Leonid Reyzin wrote:
> This most recent update to the VRF draft consists of minor clarifications.

Hi Leo, Sharon, Jan, and Dimitris,

I've been following this work for years now and I still don't know why
VRFs are useful. Every time you publish a new draft, I got out and scour
the Web for an easily readable description of a use case that is solved
by the use of a VRF and end up reading things like:

"It is a pseudo-random function that provides publicly verifiable proofs
of its outputs' correctness."

"VRFs are useful for preventing enumeration of hash-based data structures."

"VRFs ... useful for providing a 1:1 mapping of low entropy inputs (e.g.
names, email addresses, phone numbers) to some random values which can
be committed to in advance, e.g. through a timestamping service such as
a transparency log."

I say this as someone that spends quite a bit of time reading IETF
cryptography specs and writing specifications that directly utilize
IETF/CFRG cryptography specs (at IETF and W3C).

Can you please add a few real world use cases where one would use a VRF?
Are they useful for committing values on a public blockchain in a
privacy preserving manner? If so, what sorts of values? Are they useful
when voting? Are they useful for distributed gaming scenarios? Some
concrete uses would be more helpful than the overly general text in the
current spec.

-- manu

Manu Sporny (skype: msporny, twitter: manusporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches