Verifiable random function

In cryptography, a verifiable random function (VRF) is a public-key pseudorandom function that provides proofs that its outputs were calculated correctly. The owner of the secret key can compute the function value as well as an associated proof for any input value. Everyone else, using the proof and the associated public key (or verification key), can check that this value was indeed calculated correctly, yet this information cannot be used to find the secret key. A verifiable random function can be viewed as a public-key analogue of a keyed cryptographic hash and as a cryptographic commitment to an exponentially large number of seemingly random bits. The concept of a verifiable random function is closely related to that of a verifiable unpredictable function (VUF), whose outputs are hard to predict but do not necessarily seem random. The concept of a VRF was introduced by Micali, Rabin, and Vadhan in 1999. Since then, verifiable random functions have found widespread use in cryptocurrencies, as well as in proposals for protocol design and cybersecurity. In 1999, Micali, Rabin, and Vadhan introduced the concept of a VRF and proposed the first such one. The original construction was rather inefficient: it first produces a verifiable unpredictable function, then uses a hard-core bit to transform it into a VRF; moreover, the inputs have to be mapped to primes in a complicated manner: namely, by using a prime sequence generator that generates primes with overwhelming probability using a probabilistic primality test. The verifiable unpredictable function thus proposed, which is provably secure if a variant of the RSA problem is hard, is defined as follows: The public key PK is , where m is the product of two random primes, r is a number randomly selected from , coins is a randomly selected set of bits, and Q a function selected randomly from all polynomials of degree over the field . The secret key is .