vrf

package module
v0.0.0-...-d1caf50 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 14, 2021 License: Apache-2.0 Imports: 7 Imported by: 4

README

VRF

This repository contains basic code for verifiable random function (vrf.go), and a simple selection mechanism (sortition.go).

Note that this vrf implementation is originally from Yahoo's work (2017, Apache 2.0), which can be retrieved here.

In this repository, I modified it because 1) it was far away from the go convention (though I'm not good at the convention), 2) it was not good for utilizing vrf output for cryptographic sortition or selection mechanisms in blockchain technologies.

This is the change log: 1) All the function names were changed to be carmelCase instead of snake_case. 2) All the functions became private except Prove(), Hash(), Verify(). 3) Prove() function now returns not only proof(pi) but also vrf output so that users can easily use them without calling Hash() function.

In addition, I made a simple selection mechanism (this can be called a kind of cryptographic sortition). This may help you to understand how to use vrf output. For more details, click here.

Any kind of contribution will be welcome. Thanks!

Appendix

1. Available VRF Implementations

  1. ed25519
  2. P-256

2. Concept of VRF(Verifiable Random Function)

the concept of vrf

  • A pseudorandom number can be verified by anyone who has a sender's public key
  • A sender can generate a pseudorandom number with their private key and message
  • the result (a random number) and the proof is returned and both are sent to a receiver
  • The receiver can verify the number the sender generated with the sender's public key, proof, pseudorandom number, and message
2.1. Functions in VRF

Generally, VRF implementation has the 3 functions below

  1. Keygen (VRF_GEN): generates a key pair (secret key, public key)
  2. Evaluate (VRF_EVAL): generates a pseudorandom number and its proof
  3. Verify (VRF_VER): verifies the random number with proof
2.2. The Three Properties of VRF

Gorka Irazoqui Apecechea's article posted to Medium - see how it works would be great for you

  1. Collision resistance: it is hard to find two inputs that map to the same output
  2. Pseudorandomness: the output is unidentifiable as a random number for anyone not knowing the secret key
  3. Trusted Uniqueness: This requires that, given a public key, for a VRF input m corresponding to a unique output for the same input value, the result should be unique

3. A simple selection mechanism

This is also called cryptographic sortition

3.1. Calculate Random number from hash(vrf output)

Probability mass

  • Can calculate a random ratio range [0, 1] from the vrf output which is unique to a message and verifiable for everyone who has the issuer's public key and its proof
  • The Ratio can be calculated as follows:
    • ratio = hash / (2^hashlen)
  • And its probability is uniformly distributed

To calculate the result by yourself, just run the main function. It's ready for you! e.g. $go run .

3.2. Implement the selection mechanism

an overview of simple cryptographic sortition

  • Now we can implement a cryptographic sortition using VRF by setting a threshold or range which can represent a selection by itself.
  • Example
    • Let's say we have set a range [0, 0.1] and any ratio whose value falls in that range is a selected value
    • Peer 'A' calculated a ratio and its value is 0.03
    • Then 'A' can claim that they have selected a value and can verify it by providing the proof
    • Peer 'B' calculated a ratio and its value is 0.5
    • Then 'B' cannot claim that they have selected a value as its value is outside of the range [0, 0.1]
3.3. Result
  • In the code written in the sortition, the threshold was set to 0.3, which means that only participants who got a value under 0.3 will be selected
  • To see if it falls in the expected selection ratio, I ran the test code, which runs sortition 1000 times and counts the ratio of success
# at the root directory of the project
cd sortition/
go test
  • As the random variable from vrf output is from a uniform distribution, the expected ratio of success will be almost the same as the threshold
  • As this is probability-based test, there is a small chance that you get lucky and see it fail.

Documentation

Index

Constants

View Source 
const (
	N2 = 32 // ceil(log2(q) / 8)
	N  = N2 / 2

	NOSIGN = 3
)
View Source 
const (
	// PublicKeySize is the size, in bytes, of public keys as used in this package.
	PublicKeySize = 32
	// PrivateKeySize is the size, in bytes, of private keys as used in this package.
	PrivateKeySize = 64
	// SignatureSize is the size, in bytes, of signatures generated and verified by this package.
	SignatureSize = 64
)

Variables

View Source 
var (
	ErrMalformedInput = errors.New("ECVRF: malformed input")
	ErrDecodeError    = errors.New("ECVRF: decode error")
	ErrInternalError  = errors.New("ECVRF: internal error")
)

Functions

func Hash 

func Hash(pi []byte) []byte

Hash converts proof(pi) into vrf output(hash) without verifying it

func Prove 

func Prove(pk []byte, sk []byte, m []byte) (pi, hash []byte, err error)

assume <pk, sk> were generated by ed25519.GenerateKey() Prove generates vrf output and corresponding proof(pi) with secret key

func Verify 

func Verify(pk []byte, pi []byte, m []byte) (bool, error)

Verify checks if the proof is correct or not

Types

type CachedGroupElement 

type CachedGroupElement struct {
	Z, T2d edwards25519.FieldElement
	// contains filtered or unexported fields
}

copied from edwards25519.go and const.go in golang.org/x/crypto/ed25519/internal/edwards25519

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.