Paper 2023/1339

FlexiRand: Output Private (Distributed) VRFs and Application to Blockchains

Aniket Kate, Purdue University West Lafayette/ Supra Research, USA
Easwar Vivek Mangipudi, Supra Research, USA
Siva Mardana, Indian Statistical Institute, India
Pratyay Mukherjee, Supra Research, India

Web3 applications based on blockchains regularly need access to randomness that is unbiased, unpredictable, and publicly verifiable. For Web3 gaming applications, this becomes a crucial selling point to attract more users by providing credibility to the "random reward" distribution feature. A verifiable random function (VRF) protocol satisfies these requirements naturally, and there is a tremendous rise in the use of VRF services. As most blockchains cannot maintain the secret keys required for VRFs, Web3 applications interact with external VRF services via a smart contract where a VRF output is exchanged for a fee. While this smart contract-based plain-text exchange offers the much-needed public verifiability immediately, it severely limits the way the requester can employ the VRF service: the requests cannot be made in advance, and the output cannot be reused. This introduces significant latency and monetary overhead. This work overcomes this crucial limitation of the VRF service by introducing a novel privacy primitive Output Private VRF ( Pri-VRF) and thereby adds significantly more flexibility to the Web3-based VRF services. We call our framework FlexiRand. While maintaining the pseudo-randomness and public verifiability properties of VRFs, FlexiRand ensures that the requester alone can observe the VRF output. The smart contract and anybody else can only observe a blinded-yet-verifiable version of the output. We formally define Pri-VRF, put forward a practically efficient design, and provide provable security analysis in the universal composability (UC) framework (in the random oracle model) using a variant of one-more Diffie-Hellman assumption over bilinear groups. As the VRF service, with its ownership of the secret key, be- comes a single point of failure, it is realized as a distributed VRF with the key secret-shared across distinct nodes in our framework. We develop our distributed Pri-VRF construction by combining approaches from Distributed VRF and Distributed Oblivious PRF literature. We provide provable security analysis (in UC), implement it and compare its performance with existing distributed VRF schemes. Our distributed Pri-VRF only introduces a minimal computation and communication overhead for the VRF service, the requester, and the contract.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Major revision. ACM CCS 2023
Verifiable Random FunctionDVRFPrivacy
Contact author(s)
aniket @ purdue edu
e mangipudi @ supraoracles com
msivakumar 1431 @ gmail com
p mukherjee @ supraoracles com
2023-12-30: revised
2023-09-08: received
See all versions
Short URL
Creative Commons Attribution


      author = {Aniket Kate and Easwar Vivek Mangipudi and Siva Mardana and Pratyay Mukherjee},
      title = {{FlexiRand}: Output Private (Distributed) {VRFs} and Application to Blockchains},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1339},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.