A Verifiable Random Function with Short Proofs and Keys

Dodis, Yevgeniy; Yampolskiy, Aleksandr

doi:10.1007/978-3-540-30580-4_28

Cited by 313 publications

(279 citation statements)

References 21 publications

Supporting

Mentioning

277

Contrasting

Order By: Relevance

“…Occasionally we drop the t and and refer to the (decision) -BDHE in G. We note that the -BDHE assumption is a natural extension of the bilinear-DHI assumption previously used in [BB04,DY05]. Furthermore, Boneh et al [BBG05] show that the -BDHE assumption holds in generic bilinear groups [Sho97].…”

Section: Definition 3 We Say That the (Decision) (T )-Bdhe Assumpmentioning

confidence: 97%

Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys

Boneh

Gentry²,

Waters

2005

Lecture Notes in Computer Science

758

645

View full text Add to dashboard Cite

Abstract. We describe two new public key broadcast encryption systems for stateless receivers. Both systems are fully secure against any number of colluders. In our first construction both ciphertexts and private keys are of constant size (only two group elements), for any subset of receivers. The public key size in this system is linear in the total number of receivers. Our second system is a generalization of the first that provides a tradeoff between ciphertext size and public key size. For example, we achieve a collusion resistant broadcast system for n users where both ciphertexts and public keys are of size O( √ n) for any subset of receivers. We discuss several applications of these systems.

show abstract

Section: Definition 3 We Say That the (Decision) (T )-Bdhe Assumpmentioning

confidence: 97%

Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys

Boneh

Gentry²,

Waters

2005

Lecture Notes in Computer Science

758

645

View full text Add to dashboard Cite

show abstract

“…Unfortunately, both of these works rely on interactive complexity assumptions (for large input spaces.) Dodis and Yampolskiy [14] gave a very efficient VRF under a non-interactive assumption by applying the deterministic version of Boneh-Boyen [6] signatures. In a bilinear group G of prime order p, its seed is a single element of Z p and its proof is a single element of G. Its main drawback is that its security only holds for small input spaces.…”

Section: Related Workmentioning

confidence: 99%

“…For the reasons above, existing VRF systems employ a different strategy when proving the security of VRFs. Almost all proofs of VRF constructions (that do not rely on interactive assumptions) [25,14,1] use a type of "all but one" technique for proving pseudorandoness. In these proofs a reduction algorithm will first guess the attacker's challenge input as some random string w in {0, 1} n , where n is the bit length of inputs.…”

Section: Introductionmentioning

confidence: 99%

“…Furthermore, in the -type assumptions used in bilinear map constructions of Dodis-Yampolskiy [14], the number of terms (i.e., ) associated with the assumption increases exponentially in n. 2 In general, we would like to prove security for large input spaces based on a "smaller" and more standard complexity assumption, which contains at most a polynomial number of terms.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Constructing Verifiable Random Functions with Large Input Spaces

Hohenberger

Waters

2010

Advances in Cryptology – EUROCRYPT 2010

View full text Add to dashboard Cite

We present a family of verifiable random functions which are provably secure for exponentially-large input spaces under a non-interactive complexity assumption. Prior constructions required either an interactive complexity assumption or one that could tolerate a factor 2 n security loss for n-bit inputs. Our construction is practical and inspired by the pseudorandom functions of Naor and Reingold and the verifiable random functions of Lysyanskaya. Set in a bilinear group, where the Decisional DiffieHellman problem is easy to solve, we require the -Decisional Diffie-Hellman Exponent assumption in the standard model, without a common reference string. Our core idea is to apply a simulation technique where the large space of VRF inputs is collapsed into a small (polynomial-size) input in the view of the reduction algorithm. This view, however, is information-theoretically hidden from the attacker. Since the input space is exponentially large, we can first apply a collision-resistant hash function to handle arbitrarily-large inputs.

show abstract

“…The main advantage of our construction is that it allows the client to insert and delete values, as well as update the value at any cell by sending a single group element to the server after retrieving the current value stored in the cell. Prior solutions either rely on non-constant size assumptions (such as variants of the Strong Diffie-Hellman assumption [23,15]), require expensive generation of primes for each operation (in the worst case), or require expensive "re-shuffling" procedures to be performed once in a while on the data. On the other hand, our construction works in the private key setting, whereas some prior solutions allow public verification (e.g., [16,49]).…”

Section: Introductionmentioning

confidence: 99%

Verifiable Delegation of Computation over Large Datasets

Benabbas

Gennaro²,

Vahlis

2011

Lecture Notes in Computer Science

269

282

View full text Add to dashboard Cite

We study the problem of computing on large datasets that are stored on an untrusted server. We follow the approach of amortized verifiable computation introduced by Gennaro, Gentry, and Parno in CRYPTO 2010. We present the first practical verifiable computation scheme for high degree polynomial functions. Such functions can be used, for example, to make predictions based on polynomials fitted to a large number of sample points in an experiment. In addition to the many non-cryptographic applications of delegating high degree polynomials, we use our verifiable computation scheme to obtain new solutions for verifiable keyword search, and proofs of retrievability. Our constructions are based on the DDH assumption and its variants, and achieve adaptive security, which was left as an open problem by Gennaro et al (albeit for general functionalities).Our second result is a primitive which we call a verifiable database (VDB). Here, a weak client outsources a large table to an untrusted server, and makes retrieval and update queries. For each query, the server provides a response and a proof that the response was computed correctly. The goal is to minimize the resources required by the client. This is made particularly challenging if the number of update queries is unbounded. We present a VDB scheme based on the hardness of the subgroup membership problem in composite order bilinear groups. This is the first such construction that relies on a "constant-size" assumption, and does not require expensive generation of primes per operation.

show abstract

A Verifiable Random Function with Short Proofs and Keys

Cited by 313 publications

References 21 publications

Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys

Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys

Constructing Verifiable Random Functions with Large Input Spaces

Verifiable Delegation of Computation over Large Datasets

Contact Info

Product

Resources

About