{"publication_identifier":{"isbn":["9783032122896"],"eissn":["1611-3349"],"issn":["0302-9743"]},"alternative_title":["LNCS"],"oa_version":"Preprint","type":"conference","page":"478-511","status":"public","article_processing_charge":"No","publication":"23rd International Conference on Theory of Cryptography","OA_type":"green","main_file_link":[{"url":"https://eprint.iacr.org/2025/1045","open_access":"1"}],"project":[{"grant_number":"F8509","name":"Security and Privacy by Design for Complex Systems","_id":"34a34d57-11ca-11ed-8bc3-a2688a8724e1"}],"title":"Constrained verifiable random functions without obfuscation and friends","date_created":"2025-12-21T23:01:34Z","publisher":"Springer Nature","day":"05","author":[{"first_name":"Nicholas","last_name":"Brandt","full_name":"Brandt, Nicholas"},{"first_name":"Miguel","last_name":"Cueto Noval","id":"ffc563a3-f6e0-11ea-865d-e3cce03d17cc","orcid":"0000-0002-2505-4246","full_name":"Cueto Noval, Miguel"},{"first_name":"Christoph Ullrich","last_name":"Günther","id":"ec98511c-eb8e-11eb-b029-edd25d7271a1","full_name":"Günther, Christoph Ullrich"},{"full_name":"Ünal, Akin","id":"f6b56fb6-dc63-11ee-9dbf-f6780863a85a","orcid":"0000-0002-8929-0221","last_name":"Ünal","first_name":"Akin"},{"first_name":"Stella","last_name":"Wohnig","full_name":"Wohnig, Stella"}],"_id":"20846","corr_author":"1","doi":"10.1007/978-3-032-12290-2_16","date_updated":"2025-12-29T11:11:29Z","abstract":[{"lang":"eng","text":"CVRFs are PRFs that unify the properties of verifiable and constrained PRFs. Since they were introduced concurrently by Fuchsbauer and Chandran-Raghuraman-Vinayagamurthy in 2014, it has been an open problem to construct CVRFs without using heavy machinery such as multilinear maps, obfuscation or functional encryption.\r\nWe solve this problem by constructing a prefix-constrained verifiable PRF that does not rely on the aforementioned assumptions. Essentially, our construction is a verifiable version of the Goldreich-Goldwasser-Micali PRF. To achieve verifiability we leverage degree-2 algebraic PRGs and bilinear groups. In short, proofs consist of intermediate values of the Goldreich-Goldwasser-Micali PRF raised to the exponents of group elements. These outputs can be verified using pairings since the underlying PRG is of degree 2.\r\nWe prove the selective security of our construction under the Decisional Square Diffie-Hellman (DSDH) assumption and a new assumption, which we dub recursive Decisional Diffie-Hellman (recursive DDH).\r\nWe prove the soundness of recursive DDH in the generic group model assuming the hardness of the Multivariate Quadratic (MQ) problem and a new variant thereof, which we call MQ+.\r\nLast, in terms of applications, we observe that our CVRF is also an exponent (C)VRF in the plain model. Exponent VRFs were recently introduced by Boneh et al. (Eurocrypt’25) with various applications to threshold cryptography in mind. In addition to that, we give further applications for prefix-CVRFs in the blockchain setting, namely, stake-pooling and compressible randomness beacons."}],"scopus_import":"1","year":"2025","intvolume":" 16271","quality_controlled":"1","conference":{"end_date":"2025-12-05","name":"TCC: Theory of Cryptography","start_date":"2025-12-01","location":"Aarhus, Denmark"},"publication_status":"published","acknowledgement":"We thank Jonas Steinbach and Gertjan De Mulder for helpful discussions on BIP 32, Dennis Hofheinz and Julia Kastner for helpful discussions on early prototypes of our CVRF, and Klaus Kraßnitzer for running pairing benchmarks on his MacBook Pro.\r\nChristoph U. Günther: This research was funded in whole or in part by the Austrian Science Fund (FWF) 10.55776/F85. For open access purposes, the author has applied a CC BY public copyright license to any author-accepted manuscript version arising from this submission.","month":"12","oa":1,"citation":{"chicago":"Brandt, Nicholas, Miguel Cueto Noval, Christoph Ullrich Günther, Akin Ünal, and Stella Wohnig. “Constrained Verifiable Random Functions without Obfuscation and Friends.” In 23rd International Conference on Theory of Cryptography, 16271:478–511. Springer Nature, 2025. https://doi.org/10.1007/978-3-032-12290-2_16.","ieee":"N. Brandt, M. Cueto Noval, C. U. Günther, A. Ünal, and S. Wohnig, “Constrained verifiable random functions without obfuscation and friends,” in 23rd International Conference on Theory of Cryptography, Aarhus, Denmark, 2025, vol. 16271, pp. 478–511.","ama":"Brandt N, Cueto Noval M, Günther CU, Ünal A, Wohnig S. Constrained verifiable random functions without obfuscation and friends. In: 23rd International Conference on Theory of Cryptography. Vol 16271. Springer Nature; 2025:478-511. doi:10.1007/978-3-032-12290-2_16","short":"N. Brandt, M. Cueto Noval, C.U. Günther, A. Ünal, S. Wohnig, in:, 23rd International Conference on Theory of Cryptography, Springer Nature, 2025, pp. 478–511.","mla":"Brandt, Nicholas, et al. “Constrained Verifiable Random Functions without Obfuscation and Friends.” 23rd International Conference on Theory of Cryptography, vol. 16271, Springer Nature, 2025, pp. 478–511, doi:10.1007/978-3-032-12290-2_16.","apa":"Brandt, N., Cueto Noval, M., Günther, C. U., Ünal, A., & Wohnig, S. (2025). Constrained verifiable random functions without obfuscation and friends. In 23rd International Conference on Theory of Cryptography (Vol. 16271, pp. 478–511). Aarhus, Denmark: Springer Nature. https://doi.org/10.1007/978-3-032-12290-2_16","ista":"Brandt N, Cueto Noval M, Günther CU, Ünal A, Wohnig S. 2025. Constrained verifiable random functions without obfuscation and friends. 23rd International Conference on Theory of Cryptography. TCC: Theory of Cryptography, LNCS, vol. 16271, 478–511."},"date_published":"2025-12-05T00:00:00Z","volume":16271,"language":[{"iso":"eng"}],"OA_place":"repository","department":[{"_id":"KrPi"}],"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87"}