[messaging] Random questions, kind of
Robert Ransom
rransom.8774 at gmail.com
Mon Dec 22 08:25:03 PST 2014
On 12/22/14, Michael Rogers <michael at briarproject.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 22/12/14 05:48, David Gil wrote:
>> 1. Is there a good alternative to BLS or RSA-{OAEP/PKCSv15/FDH}
>> signatures for a verifiable unpredictable function?
Anna Lysyanskaya developed either a VUF or a VRF which should rely
only on a group in which discrete logarithms are hard, not on a
pairing. I think there's a reference to that in Yevgeniy Dodis's
‘short-vrf’ paper (on a pairing-based VRF), which should be available
from <http://cs.nyu.edu/~dodis/ps/short-vrf.pdf>.
> Excuse (or feel free to ignore) the noobish question, but what
> distinguishes a verifiable unpredictable function from a generic
> digital signature function?
The Schnorr signature (and its relatives, e.g. Ed25519) can be
implemented in a deterministic way, but only someone who knows the
secret key can *verify* that a signature was generated
deterministically.
I don't remember the difference between a VUF and a VRF.
Robert Ransom
More information about the Messaging
mailing list