[Cfrg] new draft specifying VRFs (verifiable random functions)
Sharon Goldberg <sharon.goldbe@gmail.com> Mon, 13 March 2017 14:27 UTC
Return-Path: <sharon.goldbe@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D7A112966D for <cfrg@ietfa.amsl.com>; Mon, 13 Mar 2017 07:27:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aO5FIS46y2z5 for <cfrg@ietfa.amsl.com>; Mon, 13 Mar 2017 07:27:52 -0700 (PDT)
Received: from mail-io0-x22c.google.com (mail-io0-x22c.google.com [IPv6:2607:f8b0:4001:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5218812940B for <cfrg@irtf.org>; Mon, 13 Mar 2017 07:27:52 -0700 (PDT)
Received: by mail-io0-x22c.google.com with SMTP id z13so85141855iof.2 for <cfrg@irtf.org>; Mon, 13 Mar 2017 07:27:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=5z7kurj3lj0P6miHf53M4MzOV4iMmJCPTKXMZteIysQ=; b=afr9gdoQ5PX74j/cNDooxSTtVP+r2SrSwq1T1xMjImlf4v4iXifebNgsn+WIbc5GQX 00OUoqa3LCGCMNTBaxYCeN/gybUVCBfWkh0Lf5jEIWaAOs7SK01WKaAtGQ+RvT9yg/EP ifcl4qmCAGSbhbLEZy044Ij4g2DqPviaMzHTipcdLllYC4Hqem+YqcKGtRyodJSf80HI EHGucZbGmG+7NvXdx5KvVjA36OznhvGkgqnThlsl0xVfJbluDMw0XNwgzgakPPHGC5ia 8mx1AXP8rNNEzqtKoGKgOEvcsfXA8JGmuJCzNfmmnspUMbLaowhBRyNo4IkuQjhgDGMS plKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=5z7kurj3lj0P6miHf53M4MzOV4iMmJCPTKXMZteIysQ=; b=dWHrbU+qLrxjDCD9BDpLkNOvwcrI2gFPN/sOlFjD75n8vTm7YtAtY6UmFb/HyJASEy TeEc9BDq7/rTrISvTPskjy+/e/9C4uyT9jgYwyuXQ3PGjC2CYA1ZLUbWXLtr4v8TM9HB jkoG2Trd61V540w3igViElX+sK7pDxUKIXWL5++8IBLxuhmaDbWV+ctN4KwQ5d00ip8r JJBii0TWFoFXm2LCYlZpMzKIVe97XTUhx3qgN0ZGNUNV5pGpzyB2CmeMsdas9LyQqoCG Wl8qFNKHxfDx34au4s2ib8g8nOInJaLLQqIuQ6mCmbMNVy7jSF+GODa6M4lsKN7zGYpv KKvg==
X-Gm-Message-State: AMke39m9Wsn0J/Y0XsJAv9NVqbGPmB1UVmGNgJrbk5AHqznhQCCMFuiJI9m8KOGXr7hJy1bAh000E6SadfFhgQ==
X-Received: by 10.107.135.136 with SMTP id r8mr27091914ioi.36.1489415271693; Mon, 13 Mar 2017 07:27:51 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.141.197 with HTTP; Mon, 13 Mar 2017 07:27:11 -0700 (PDT)
From: Sharon Goldberg <sharon.goldbe@gmail.com>
Date: Mon, 13 Mar 2017 10:27:11 -0400
Message-ID: <CAJHGrrRqchHCvTOBmqgshQ5sxZQ-Moy7ai-Vnoe-R6prJkSRAA@mail.gmail.com>
To: cfrg@irtf.org
Content-Type: multipart/alternative; boundary="001a113ec77c314817054a9d841f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/J-8YlvX2e4Z0NEb2_g3uIRKoj6I>
Subject: [Cfrg] new draft specifying VRFs (verifiable random functions)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Mar 2017 14:27:54 -0000
Several of us have been working a draft specification for Verifiable Random Functions (VRFs). A VRF is the public-key version of a keyed cryptographic hash function. Only the holder of the private VRF key can compute the hash, but anyone with the corresponding public key can verify the correctness of the hash. This draft has one VRF based on RSA, and another based on elliptic curves. https://datatracker.ietf.org/doc/draft-goldbe-vrf/ Our team is using a VRF to prevent zone enumeration with NSEC5 for DNSSEC [1,2]. The Google Key Transparency project is using a similar VRF to prevent key enumeration [3,4]. Open Whisper systems has also specified a similar VRF [5]. We think VRFs will be useful for other applications as well, so we think it would be helpful to have a standard way to implement them. We've requested an agenda slot at SAAG to talk about VRFs. The chairs have requested that we send out a note to CFRG ahead of time, so here it is. Hope to chat in person at IETF and/or on this list. Thanks, Sharon (with Dimitris Papadopoulos, Jan Vcelak, Leonid Reyzin, Shumon Huque, David C Lawrence) [1] https://datatracker.ietf.org/doc/draft-vcelak-nsec5/ [2] https://gitlab.labs.nic.cz/knot/nsec5-crypto [3] https://security.googleblog.com/2017/01/security-through-transparency.html [4] https://github.com/google/keytransparency/blob/master/core/vrf/vrf.go [5] https://whispersystems.org/docs/specifications/xeddsa/ --- Sharon Goldberg Associate Professor, Computer Science, Boston University Sloan Research Fellow http://www.cs.bu.edu/~goldbe
- [Cfrg] new draft specifying VRFs (verifiable rand… Sharon Goldberg
- Re: [Cfrg] new draft specifying VRFs (verifiable … Richard Barnes
- Re: [Cfrg] new draft specifying VRFs (verifiable … Tony Arcieri
- Re: [Cfrg] new draft specifying VRFs (verifiable … Sharon Goldberg