Re: [Cfrg] new draft specifying VRFs (verifiable random functions)
Tony Arcieri <bascule@gmail.com> Tue, 14 March 2017 21:15 UTC
Return-Path: <bascule@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 92222129B40
for <cfrg@ietfa.amsl.com>; Tue, 14 Mar 2017 14:15:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.099
X-Spam-Level:
X-Spam-Status: No, score=-0.099 tagged_above=-999 required=5
tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id OWBcoEtRfIBj for <cfrg@ietfa.amsl.com>;
Tue, 14 Mar 2017 14:15:57 -0700 (PDT)
Received: from mail-pg0-x22f.google.com (mail-pg0-x22f.google.com
[IPv6:2607:f8b0:400e:c05::22f])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 42E42129B46
for <cfrg@irtf.org>; Tue, 14 Mar 2017 14:15:57 -0700 (PDT)
Received: by mail-pg0-x22f.google.com with SMTP id g2so78724936pge.3
for <cfrg@irtf.org>; Tue, 14 Mar 2017 14:15:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc; bh=jKlnEDCXGVCUfDHKSDFMs9bdHQaI1ywBtC8vqXfIGDg=;
b=GlNEp4GqT8JWedja8f8iUxWzMuY1V3qgoez3KOcSI480OC5TYmH0dfKb3kHGVRYlRY
WAvYh/3eH+plHibPNN5Zj/zBAmcMa8U5ynCbFkyiBKdPTQEfeOEXJ4qy3BHnwfNwFTAh
nWcr18IbDdiH0UG+MMir5hsbEK/zNCk3MCfiRZo4FDWXMayQUZi7job5bwzdhxKzyWSY
pbyl1MbhrrZjEYMW0xyR9dT+xcqdt06A87w2qCseTtHOnKrzrI6kpRl0bUiWysq/Rgjm
J9Muu5HBnghDJLrda97/L990l/bqBAd/KgrVfNdL4407XIUtGS12qBvh0rSlv2CJjK/Q
IXyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc;
bh=jKlnEDCXGVCUfDHKSDFMs9bdHQaI1ywBtC8vqXfIGDg=;
b=OqLsENuLDqOWcwgx/XKv5nyIOfafXb/4AQAygUKOSSrQXRH5jwhtpCKAVJOvja78Ts
UeqS0x3rKXeAcaAv6fAMQHZvxkabA0mvP3qpvFqUsg+4MCg4gurmLKtiQax9fqRonDqn
KzKZuvjOK/+hbPgbYolA9ijWLtXSgm7tfQOBZdvypIFMR09FRjeqA/6gCNyqnwPWlW+c
9KrxaEsTXzwmuBHY/Tj7bu2niQXzNxCNI2Zgo/HJMsddmnV4+XcLdlmNTbcXqDoKnHF+
27ohBEpzp4FQHNyVqTilQei7kEh1XMhu359Fhvp/hR2V2+e+ERd/QE5IozhkNXXNyUTh
Yl3Q==
X-Gm-Message-State: AMke39m7Q2eBCnN++X8IEIjVb1KVEaT/EGcl9BgcohxeNbLmEjGbwqglhfyy1AFOpyeLrbxFXxWNECIkRYdhKQ==
X-Received: by 10.84.129.195 with SMTP id b61mr58497343plb.83.1489526156785;
Tue, 14 Mar 2017 14:15:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.178.234 with HTTP; Tue, 14 Mar 2017 14:15:36 -0700 (PDT)
In-Reply-To: <CAL02cgR1eL=hQu-vQdAbS=-tyGXxatSZD6zJpPpk+w9UoRJS-w@mail.gmail.com>
References: <CAJHGrrRqchHCvTOBmqgshQ5sxZQ-Moy7ai-Vnoe-R6prJkSRAA@mail.gmail.com>
<CAL02cgR1eL=hQu-vQdAbS=-tyGXxatSZD6zJpPpk+w9UoRJS-w@mail.gmail.com>
From: Tony Arcieri <bascule@gmail.com>
Date: Tue, 14 Mar 2017 14:15:36 -0700
Message-ID: <CAHOTMVKy3pmZqwoXZ524njsFwXP-y=FLVd+xTCugrbCNy8M8Qw@mail.gmail.com>
To: Richard Barnes <rlb@ipv.sx>
Cc: Sharon Goldberg <sharon.goldbe@gmail.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary=94eb2c144968757cd6054ab75514
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/VAU2MnJyPwwZB2Fllqv5jTk67Zs>
Subject: Re: [Cfrg] new draft specifying VRFs (verifiable random functions)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>,
<mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>,
<mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Mar 2017 21:15:58 -0000
On Tue, Mar 14, 2017 at 2:11 PM, Richard Barnes <rlb@ipv.sx> wrote: > Thanks for writing this up. One quick, probably trivial question: How do > these VRFs differ from signature schemes? From the API point of view, they > seem very similar, if you view the proof as the signature value. > They are similar, however VRFs are not malleable in the same way as signatures (VRFs guarantee a unique mapping of input to random output), and specifically designed so the proof can be delivered separately from the output (so the output can e.g. be recorded in a Merkle tree for timestamping/transparency purposes). The latter prevents low-entropy inputs from being preimaged, even if the public key and output are known to the attacker (but not the proof). -- Tony Arcieri
- [Cfrg] new draft specifying VRFs (verifiable rand… Sharon Goldberg
- Re: [Cfrg] new draft specifying VRFs (verifiable … Richard Barnes
- Re: [Cfrg] new draft specifying VRFs (verifiable … Tony Arcieri
- Re: [Cfrg] new draft specifying VRFs (verifiable … Sharon Goldberg