[messaging] Random questions, kind of

Robert Ransom rransom.8774 at gmail.com
Mon Dec 22 08:25:03 PST 2014

On 12/22/14, Michael Rogers <michael at briarproject.org> wrote:
> Hash: SHA256
> On 22/12/14 05:48, David Gil wrote:
>> 1. Is there a good alternative to BLS or RSA-{OAEP/PKCSv15/FDH}
>> signatures for a verifiable unpredictable function?

Anna Lysyanskaya developed either a VUF or a VRF which should rely
only on a group in which discrete logarithms are hard, not on a
pairing.  I think there's a reference to that in Yevgeniy Dodis's
‘short-vrf’ paper (on a pairing-based VRF), which should be available
from <http://cs.nyu.edu/~dodis/ps/short-vrf.pdf>.

> Excuse (or feel free to ignore) the noobish question, but what
> distinguishes a verifiable unpredictable function from a generic
> digital signature function?

The Schnorr signature (and its relatives, e.g. Ed25519) can be
implemented in a deterministic way, but only someone who knows the
secret key can *verify* that a signature was generated

I don't remember the difference between a VUF and a VRF.

Robert Ransom

More information about the Messaging mailing list