> Do you have anything public you can refer to? Would love to read more > about that. Thanks. >Y<
https://vdfresearch.org There are several VDFs that do many squarings in a group of unknown order, for which they provide the output along with a proof that they computed it by doing the required squarings. There are two proposed proof strategies by Pietrzak https://eprint.iacr.org/2018/627.pdf and Wesolowski https://eprint.iacr.org/2018/623.pdf that differ primarily in the assumptions they require from the underlying group of unknown order https://eprint.iacr.org/2018/712.pdf There are two groups of unknown order being proposed: Integers modulo an RSA composite p q for which nobody knows p and q - These require a really shitty trusted setup, but we’ll know ASIC speeds far sooner since E.F. works towards this one. Class group of an imaginary quadratic order - We’re far from any real confidence in crypto with class groups, and do not expect ASIC speeds anytime soon, but these avoid the trusted setup, and some software and GPU competition exists: https://github.com/Chia-Network/vdf-competition https://medium.com/@chia.net/chia-vdf-competition-round-1-results-and-announcements-5d0479663816 https://medium.com/@chia.net/chia-network-announces-2nd-vdf-competition-with-100-000-in-total-prize-money-899872fdc97c There are also VDFs built on evaluating isogenies instead of doing squarings, for which give cool properties like encryption to the eventual VDF evaluation, so imagine one time-lock puzzles that opens an unlimited number of cypertxts. ASIC speed estimates sound far off. Also, these require a trusted setup that’s much less shitty than the RSA composite trusted setup, but they also require a preliminary VDF setup run, so you cannot decide dynamically for how long you run the VDF. If you want to use the RSA VDF that E.F. funds, then you’ve two choices: You can outsource confidence in the trusted setup by using E.F.’s trusted setup, but then you’re vulnerable to ASICs that E.F. sponsors. If you want ASIC resistance, then you can increase key size beyond their ASIC, and do your own trusted setup, but doing this requires effort even assuming runnable code exists. Jeff
signature.asc
Description: Message signed with OpenPGP
