--- res: bibo_abstract: - We construct a verifiable delay function (VDF) by showing how the Rivest-Shamir-Wagner time-lock puzzle can be made publicly verifiable. Concretely, we give a statistically sound public-coin protocol to prove that a tuple (N,x,T,y) satisfies y=x2T (mod N) where the prover doesn’t know the factorization of N and its running time is dominated by solving the puzzle, that is, compute x2T, which is conjectured to require T sequential squarings. To get a VDF we make this protocol non-interactive using the Fiat-Shamir heuristic.The motivation for this work comes from the Chia blockchain design, which uses a VDF as akey ingredient. For typical parameters (T≤2 40, N= 2048), our proofs are of size around 10K B, verification cost around three RSA exponentiations and computing the proof is 8000 times faster than solving the puzzle even without any parallelism.@eng bibo_authorlist: - foaf_Person: foaf_givenName: Krzysztof Z foaf_name: Pietrzak, Krzysztof Z foaf_surname: Pietrzak foaf_workInfoHomepage: http://www.librecat.org/personId=3E04A7AA-F248-11E8-B48F-1D18A9856A87 orcid: 0000-0002-9139-1654 bibo_doi: 10.4230/LIPICS.ITCS.2019.60 bibo_volume: 124 dct_date: 2019^xs_gYear dct_isPartOf: - http://id.crossref.org/issn/1868-8969 - http://id.crossref.org/issn/978-3-95977-095-8 dct_language: eng dct_publisher: Schloss Dagstuhl - Leibniz-Zentrum für Informatik@ dct_title: Simple verifiable delay functions@ ...