Paper 2024/397

Exponent-VRFs and Their Applications

Dan Boneh, Stanford University
Iftach Haitner, Coinbase and Tel-Aviv University
Yehuda Lindell, Coinbase

Verifiable random functions (VRFs) are pseudorandom functions with the addition that the function owner can prove that a generated output is correct, with respect to a committed key. In this paper we introduce the notion of an exponent-VRF, or eVRF, which is a VRF that does not provide its output $y$ explicitly, but instead provides $Y = y \cdot G$, where $G$ is a generator of some finite cyclic group (or $Y = g^y$ in multiplicative notation). We construct eVRFs from DDH and from the Paillier encryption scheme (both in the random-oracle model). We then show that an eVRF can be used to solve several long-standing open problems in threshold cryptography. In particular, we construct (1) a one-round fully simulatable distributed key-generation protocols (after a single two-round initialization phase), (2) a two-round fully simulatable signing protocols for multiparty Schnorr with a deterministic variant, (3) a two-party ECDSA protocol that has a deterministic variant, (4) a threshold Schnorr signing where the parties can later prove that they signed without being able to frame another group, (5) an MPC-friendly and verifiable HD-derivation. Efficient simulatable protocols of this round complexity were not known prior to this work. All of our protocols are concretely efficient.

Available format(s)
Public-key cryptography
Publication info
Threshold signaturesSchnorr signaturesdistributed key generation
Contact author(s)
dabo @ cs stanford edu
iftachh @ gmail com
yehuda lindell @ gmail com
2024-03-05: revised
2024-03-04: received
See all versions
Short URL
Creative Commons Attribution


      author = {Dan Boneh and Iftach Haitner and Yehuda Lindell},
      title = {Exponent-VRFs and Their Applications},
      howpublished = {Cryptology ePrint Archive, Paper 2024/397},
      year = {2024},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.