Paper 2023/1537

DEFEND: Towards Verifiable Delay Functions from Endomorphism Rings

Knud Ahrens, University of Passau
Jens Zumbrägel, University of Passau

We present a verifiable delay function based on isogenies of supersingular elliptic curves, using Deuring correspondence and computation of endomorphism rings for the delay. For each input x a verifiable delay function has a unique output y and takes a predefined time to evaluate, even with parallel computing. Additionally, it generates a proof by which the output can efficiently be verified. In our approach the input is a path in the 2-isogeny graph and the output is the maximal order isomorphic to the endomorphism ring of the curve at the end of that path. This approach is presumably quantum-secure, does not require a trusted setup or special primes and the verification is independent from the delay. It works completely within the isogeny setting and the computation of the proof causes no overhead. The efficient sampling of challenges however remains an open problem.

Available format(s)
Cryptographic protocols
Publication info
Verifiable delay functionIsogeny walksModular polynomialsDeuring correspondence
Contact author(s)
knud ahrens @ uni-passau de
jens zumbraegel @ uni-passau de
2023-10-20: revised
2023-10-07: received
See all versions
Short URL
Creative Commons Attribution


      author = {Knud Ahrens and Jens Zumbrägel},
      title = {{DEFEND}: Towards Verifiable Delay Functions from Endomorphism Rings},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1537},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.