Exponent-VRFs and Their Applications

Dan Boneh; Iftach Haitner; Yehuda Lindell; Gil Segev

doi:10.1007/978-3-031-91098-2_8

Exponent-VRFs and Their Applications

Dan Boneh^*
, Iftach Haitner
, Yehuda Lindell
, Gil Segev^*

^*Corresponding author for this work

The Rachel and Selim Benin School of Engineering and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Verifiable random functions (VRFs) are pseudorandom functions where the function owner can prove that a generated output is correct relative to a committed key. In this paper we introduce the notion of an exponent-VRF (eVRF): a VRF that does not provide its output y explicitly, but instead provides Y=y·G, where G is a generator of some finite cyclic group (or Y=g^y in multiplicative notation). We construct eVRFs from the Paillier encryption scheme and from DDH, both in the random-oracle model. We then show that an eVRF is a powerful tool that has many important applications in threshold cryptography. In particular, we construct (1) a one-round fully simulatable distributed key-generation protocol (after a single two-round initialization phase), (2) a two-round fully simulatable signing protocol for multiparty Schnorr with a deterministic variant, (3) a two-party ECDSA protocol that has a deterministic variant, (4) a threshold Schnorr signing protocol where the parties can later prove that they signed without being able to frame another group, and (5) an MPC-friendly and verifiable HD-derivation. All these applications are derived from this single new eVRF abstraction, and the resulting protocols are concretely efficient.

Original language	English
Title of host publication	Advances in Cryptology – EUROCRYPT 2025 - 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
Editors	Serge Fehr, Pierre-Alain Fouque
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	195-224
Number of pages	30
ISBN (Print)	9783031910975
DOIs	https://doi.org/10.1007/978-3-031-91098-2_8
State	Published - 2025
Event	44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2025 - Madrid, Spain Duration: 4 May 2025 → 8 May 2025

Publication series

Name	Lecture Notes in Computer Science
Volume	15607 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2025
Country/Territory	Spain
City	Madrid
Period	4/05/25 → 8/05/25

Bibliographical note

Publisher Copyright:
© International Association for Cryptologic Research 2025.

Access to Document

10.1007/978-3-031-91098-2_8

Cite this

Boneh, D., Haitner, I., Lindell, Y., & Segev, G. (2025). Exponent-VRFs and Their Applications. In S. Fehr, & P.-A. Fouque (Eds.), Advances in Cryptology – EUROCRYPT 2025 - 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings (pp. 195-224). (Lecture Notes in Computer Science; Vol. 15607 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-91098-2_8

Boneh, Dan ; Haitner, Iftach ; Lindell, Yehuda et al. / Exponent-VRFs and Their Applications. Advances in Cryptology – EUROCRYPT 2025 - 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. editor / Serge Fehr ; Pierre-Alain Fouque. Springer Science and Business Media Deutschland GmbH, 2025. pp. 195-224 (Lecture Notes in Computer Science).

@inproceedings{a7b709162bb0476fb4bce3aede592ba4,

title = "Exponent-VRFs and Their Applications",

abstract = "Verifiable random functions (VRFs) are pseudorandom functions where the function owner can prove that a generated output is correct relative to a committed key. In this paper we introduce the notion of an exponent-VRF (eVRF): a VRF that does not provide its output y explicitly, but instead provides Y=y·G, where G is a generator of some finite cyclic group (or Y=gy in multiplicative notation). We construct eVRFs from the Paillier encryption scheme and from DDH, both in the random-oracle model. We then show that an eVRF is a powerful tool that has many important applications in threshold cryptography. In particular, we construct (1) a one-round fully simulatable distributed key-generation protocol (after a single two-round initialization phase), (2) a two-round fully simulatable signing protocol for multiparty Schnorr with a deterministic variant, (3) a two-party ECDSA protocol that has a deterministic variant, (4) a threshold Schnorr signing protocol where the parties can later prove that they signed without being able to frame another group, and (5) an MPC-friendly and verifiable HD-derivation. All these applications are derived from this single new eVRF abstraction, and the resulting protocols are concretely efficient.",

author = "Dan Boneh and Iftach Haitner and Yehuda Lindell and Gil Segev",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2025.; 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2025 ; Conference date: 04-05-2025 Through 08-05-2025",

year = "2025",

doi = "10.1007/978-3-031-91098-2\_8",

language = "אנגלית",

isbn = "9783031910975",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "195--224",

editor = "Serge Fehr and Pierre-Alain Fouque",

booktitle = "Advances in Cryptology – EUROCRYPT 2025 - 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings",

address = "גרמניה",

}

Boneh, D, Haitner, I, Lindell, Y & Segev, G 2025, Exponent-VRFs and Their Applications. in S Fehr & P-A Fouque (eds), Advances in Cryptology – EUROCRYPT 2025 - 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Lecture Notes in Computer Science, vol. 15607 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 195-224, 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2025, Madrid, Spain, 4/05/25. https://doi.org/10.1007/978-3-031-91098-2_8

Exponent-VRFs and Their Applications. / Boneh, Dan; Haitner, Iftach; Lindell, Yehuda et al.
Advances in Cryptology – EUROCRYPT 2025 - 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. ed. / Serge Fehr; Pierre-Alain Fouque. Springer Science and Business Media Deutschland GmbH, 2025. p. 195-224 (Lecture Notes in Computer Science; Vol. 15607 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Exponent-VRFs and Their Applications

AU - Boneh, Dan

AU - Haitner, Iftach

AU - Lindell, Yehuda

AU - Segev, Gil

PY - 2025

Y1 - 2025

N2 - Verifiable random functions (VRFs) are pseudorandom functions where the function owner can prove that a generated output is correct relative to a committed key. In this paper we introduce the notion of an exponent-VRF (eVRF): a VRF that does not provide its output y explicitly, but instead provides Y=y·G, where G is a generator of some finite cyclic group (or Y=gy in multiplicative notation). We construct eVRFs from the Paillier encryption scheme and from DDH, both in the random-oracle model. We then show that an eVRF is a powerful tool that has many important applications in threshold cryptography. In particular, we construct (1) a one-round fully simulatable distributed key-generation protocol (after a single two-round initialization phase), (2) a two-round fully simulatable signing protocol for multiparty Schnorr with a deterministic variant, (3) a two-party ECDSA protocol that has a deterministic variant, (4) a threshold Schnorr signing protocol where the parties can later prove that they signed without being able to frame another group, and (5) an MPC-friendly and verifiable HD-derivation. All these applications are derived from this single new eVRF abstraction, and the resulting protocols are concretely efficient.

AB - Verifiable random functions (VRFs) are pseudorandom functions where the function owner can prove that a generated output is correct relative to a committed key. In this paper we introduce the notion of an exponent-VRF (eVRF): a VRF that does not provide its output y explicitly, but instead provides Y=y·G, where G is a generator of some finite cyclic group (or Y=gy in multiplicative notation). We construct eVRFs from the Paillier encryption scheme and from DDH, both in the random-oracle model. We then show that an eVRF is a powerful tool that has many important applications in threshold cryptography. In particular, we construct (1) a one-round fully simulatable distributed key-generation protocol (after a single two-round initialization phase), (2) a two-round fully simulatable signing protocol for multiparty Schnorr with a deterministic variant, (3) a two-party ECDSA protocol that has a deterministic variant, (4) a threshold Schnorr signing protocol where the parties can later prove that they signed without being able to frame another group, and (5) an MPC-friendly and verifiable HD-derivation. All these applications are derived from this single new eVRF abstraction, and the resulting protocols are concretely efficient.

UR - https://www.scopus.com/pages/publications/105004796615

U2 - 10.1007/978-3-031-91098-2_8

DO - 10.1007/978-3-031-91098-2_8

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:105004796615

SN - 9783031910975

T3 - Lecture Notes in Computer Science

SP - 195

EP - 224

BT - Advances in Cryptology – EUROCRYPT 2025 - 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings

A2 - Fehr, Serge

A2 - Fouque, Pierre-Alain

PB - Springer Science and Business Media Deutschland GmbH

T2 - 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2025

Y2 - 4 May 2025 through 8 May 2025

ER -

Boneh D, Haitner I, Lindell Y, Segev G. Exponent-VRFs and Their Applications. In Fehr S, Fouque PA, editors, Advances in Cryptology – EUROCRYPT 2025 - 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. p. 195-224. (Lecture Notes in Computer Science). doi: 10.1007/978-3-031-91098-2_8