Welcome to the resource topic for 2023/223
Title:
Classical and Quantum Security of Elliptic Curve VRF, via Relative Indifferentiability
Authors: Chris Peikert, Jiayu Xu
Abstract:Verifiable random functions (VRFs) are essentially pseudorandom
functions for which selected outputs can be proved correct and unique,
without compromising the security of other outputs. VRFs have numerous
applications across cryptography, and in particular they have recently
been used to implement committee selection in the Algorand protocol.
Elliptic Curve VRF (ECVRF) is an elegant construction,
originally due to Papadopoulos et al., that is now under consideration
by the Internet Research Task Force. Prior work proved that ECVRF
possesses the main desired security properties of a VRF, under
suitable assumptions. However, several recent versions of ECVRF
include changes that make some of these proofs inapplicable. Moreover,
the prior analysis holds only for classical attackers, in the
random-oracle model (ROM); it says nothing about whether any of the
desired properties hold against quantum attacks, in the
quantumly accessible ROM. We note that certain important properties
of ECVRF, like uniqueness, do not rely on assumptions that are
known to be broken by quantum computers, so it is plausible that these
properties could hold even in the quantum setting.
This work provides a multi-faceted security analysis of recent
versions of ECVRF, in both the classical and quantum settings. First,
we motivate and formally define new security properties for VRFs, like
non-malleability and binding, and prove that recent versions of ECVRF
satisfy them (under standard assumptions). Second, we identify a
subtle obstruction in proving that recent versions of ECVRF have
uniqueness via prior indifferentiability definitions and
theorems, even in the classical setting. Third, we fill this gap by
defining a stronger notion called relative indifferentiability,
and extend prior work to show that a standard domain extender used in
ECVRF satisfies this notion, in both the classical and quantum
settings. This final contribution is of independent interest and we
believe it should be applicable elsewhere.
ePrint: https://eprint.iacr.org/2023/223
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .