On 12/22/14, Michael Rogers <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 22/12/14 05:48, David Gil wrote: >> 1. Is there a good alternative to BLS or RSA-{OAEP/PKCSv15/FDH} >> signatures for a verifiable unpredictable function?
Anna Lysyanskaya developed either a VUF or a VRF which should rely only on a group in which discrete logarithms are hard, not on a pairing. I think there's a reference to that in Yevgeniy Dodis's ‘short-vrf’ paper (on a pairing-based VRF), which should be available from <http://cs.nyu.edu/~dodis/ps/short-vrf.pdf>. > Excuse (or feel free to ignore) the noobish question, but what > distinguishes a verifiable unpredictable function from a generic > digital signature function? The Schnorr signature (and its relatives, e.g. Ed25519) can be implemented in a deterministic way, but only someone who knows the secret key can *verify* that a signature was generated deterministically. I don't remember the difference between a VUF and a VRF. Robert Ransom _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
