Paper 2014/537

Constrained Verifiable Random Functions

Georg Fuchsbauer


We extend the notion of verifiable random functions (VRF) to constrained VRFs, which generalize the concept of constrained pseudorandom functions, put forward by Boneh and Waters (Asiacrypt'13), and independently by Kiayias et al. (CCS'13) and Boyle et al. (PKC'14), who call them delegatable PRFs and functional PRFs, respectively. In a standard VRF the secret key $\sk$ allows one to evaluate a pseudorandom function at any point of its domain; in addition, it enables computation of a non-interactive proof that the function value was computed correctly. In a constrained VRF from the key $\sk$ one can derive constrained keys $\sk_S$ for subsets $S$ of the domain, which allow computation of function values and proofs only at points in $S$. After formally defining constrained VRFs, we derive instantiations from the multilinear-maps-based constrained PRFs by Boneh and Waters, yielding a VRF with constrained keys for any set that can be decided by a polynomial-size circuit. Our VRFs have the same function values as the Boneh-Waters PRFs and are proved secure under the same hardness assumption, showing that verifiability comes at no cost. Constrained (functional) VRFs were stated as an open problem by Boyle et al.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Major revision. SCN 2014, Springer LNCS 8642
Verifiable random functionsconstrained pseudorandom functions
Contact author(s)
georg fuchsbauer @ ist ac at
2014-07-09: received
Short URL
Creative Commons Attribution


      author = {Georg Fuchsbauer},
      title = {Constrained Verifiable Random Functions},
      howpublished = {Cryptology ePrint Archive, Paper 2014/537},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.