Practical Post-Quantum Few-Time Verifiable Random Function with Applications to Algorand

In this work, we introduce the first practical post-quantum verifiable random function (VRF) that relies on well-known (module) lattice problems, namely Module-SIS and Module-LWE. Our construction, named LB-VRF, results in a VRF value of only 84 bytes and a proof of around only 5 KB (in comparison to several MBs in earlier works), and runs in about 3 ms for evaluation and about 1 ms for verification. In order to design a practical scheme, we need to restrict the number of VRF outputs per key pair, which makes our construction few-time. Despite this restriction, we show how our few-time LB-VRF can be used in practice and, in particular, we estimate the performance of Algorand using LB-VRF. We find that, due to the significant increase in the communication size in comparison to classical constructions, which is inherent in all existing lattice-based schemes, the throughput in LB-VRF-based consensus protocol is reduced, but remains practical. In particular, in a medium-sized network with 100 nodes, our platform records a 1.16× to 4× reduction in throughput, depending on the accompanying signature used. In the case of a large network with 500 nodes, we can still maintain at least 66 transactions per second. This is still much better than Bitcoin, which processes only about 5 transactions per second.

[1]  Dario Fiore,et al.  Verifiable Random Functions from Identity-Based Key Encapsulation , 2009, EUROCRYPT.

[2]  Damien Stehlé,et al.  Classical hardness of learning with errors , 2013, STOC '13.

[3]  Tsz Hon Yuen,et al.  RingCT 2.0: A Compact Accumulator-Based (Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero , 2017, ESORICS.

[4]  Silvio Micali,et al.  Verifiable random functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[5]  Dongxi Liu,et al.  MatRiCT: Efficient, Scalable and Post-Quantum Blockchain Confidential Transactions Protocol , 2019, CCS.

[6]  Huaxiong Wang,et al.  Zero-Knowledge Arguments for Lattice-Based PRFs and Applications to E-Cash , 2017, ASIACRYPT.

[7]  Vadim Lyubashevsky,et al.  Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures , 2009, ASIACRYPT.

[8]  Silvio Micali,et al.  How to Construct Random Functions (Extended Abstract) , 1984, FOCS.

[9]  Shen Noether,et al.  Ring Confidential Transactions , 2016, Ledger.

[10]  Guy N. Rothblum,et al.  Weak Verifiable Random Functions , 2009, TCC.

[11]  Melissa Chase,et al.  Simulatable VRFs with Applications to Multi-theorem NIZK , 2007, CRYPTO.

[12]  Muhammed Fethullah Esgin Practice-Oriented Techniques in Lattice-Based Cryptography , 2020 .

[13]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[14]  Tsz Hon Yuen,et al.  RingCT 3.0 for Blockchain Confidential Transaction: Shorter Size and Stronger Security , 2020, IACR Cryptol. ePrint Arch..

[15]  Vadim Lyubashevsky,et al.  Lattice-Based Group Signatures and Zero-Knowledge Proofs of Automorphism Stability , 2018, IACR Cryptol. ePrint Arch..

[16]  Matthew Green,et al.  Zerocoin: Anonymous Distributed E-Cash from Bitcoin , 2013, 2013 IEEE Symposium on Security and Privacy.

[17]  Moni Naor,et al.  NSEC5: Provably Preventing DNSSEC Zone Enumeration , 2014, NDSS.

[18]  Damien Stehlé,et al.  Worst-case to average-case reductions for module lattices , 2014, Designs, Codes and Cryptography.

[19]  Vadim Lyubashevsky,et al.  Short, Invertible Elements in Partially Splitting Cyclotomic Rings and Applications to Lattice-Based Zero-Knowledge Proofs , 2018, EUROCRYPT.

[20]  Dominic Williams,et al.  DFINITY Technology Overview Series, Consensus System , 2018, ArXiv.

[21]  Nir Bitansky,et al.  Verifiable Random Functions from Non-interactive Witness-Indistinguishable Proofs , 2017, Journal of Cryptology.

[22]  Anna Lysyanskaya,et al.  Unique Signatures and Verifiable Random Functions from the DH-DDH Separation , 2002, CRYPTO.

[23]  Silvio Micali,et al.  ALGORAND AGREEMENT: Super Fast and Partition Resilient Byzantine Agreement , 2018, IACR Cryptol. ePrint Arch..

[24]  Man Ho Au,et al.  Efficient Lattice-Based Zero-Knowledge Arguments with Standard Soundness: Construction and Applications , 2019, IACR Cryptol. ePrint Arch..

[25]  Brent Waters,et al.  A Generic Approach to Constructing and Proving Verifiable Random Functions , 2017, TCC.

[26]  Yevgeniy Dodis,et al.  Efficient Construction of (Distributed) Verifiable Random Functions , 2003, Public Key Cryptography.

[27]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[28]  Georg Fuchsbauer Constrained Verifiable Random Functions , 2014, SCN.

[29]  Dimitrios Papadopoulos,et al.  Verifiable Random Functions (VRFs) , 2020 .

[30]  Brent Waters,et al.  Constructing Verifiable Random Functions with Large Input Spaces , 2010, EUROCRYPT.

[31]  Daniel Tschudi,et al.  Proof-of-Stake Protocols for Privacy-Aware Blockchains , 2019, IACR Cryptol. ePrint Arch..

[32]  Dongxi Liu,et al.  Lattice-based Zero-Knowledge Proofs: New Techniques for Shorter and Faster Constructions and Applications , 2019, IACR Cryptol. ePrint Arch..

[33]  Tibor Jager,et al.  Verifiable Random Functions from Weaker Assumptions , 2015, TCC.

[34]  Ngoc Khanh Nguyen,et al.  Practical Exact Proofs from Lattices: New Techniques to Exploit Fully-Splitting Rings , 2020, IACR Cryptol. ePrint Arch..

[35]  Abhishek Banerjee,et al.  Pseudorandom Functions and Lattices , 2012, EUROCRYPT.

[36]  Yevgeniy Dodis,et al.  A Verifiable Random Function with Short Proofs and Keys , 2005, Public Key Cryptography.

[37]  Silvio Micali,et al.  Algorand: Scaling Byzantine Agreements for Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[38]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[39]  Aggelos Kiayias,et al.  Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain , 2018, EUROCRYPT.