Communications in Cryptology IACR CiC

A Survey of Two Verifiable Delay Functions Using Proof of Exponentiation


Dan Boneh, Benedikt Bünz, Ben Fisch
Dan Boneh ORCID
Stanford University, Stanford, U.S.A
dabo at cs dot stanford dot edu
Benedikt Bünz ORCID
New York University, New York, U.S.A
bbuenz at gmail dot com
Ben Fisch ORCID
Yale University, New Haven, U.S.A
benafisch at gmail dot com


A verifiable delay function (VDF) is an important tool used for adding delay in decentralized applications. This paper surveys and compares two beautiful verifiable delay functions, one due to Pietrzak, and the other due to Wesolowski, In addition, we provide a new computational proof of security for one of them, present an attack on an incorrect implementation of the other, and compare the complexity assumptions needed for both schemes.


Thomas Attema, Serge Fehr, and Michael Klooß. Fiat-shamir transformation of multi-round interactive proofs (extended version). Journal of Cryptology, 36(4):36, October 2023.
Arasu Arun, Chaya Ganesh, Satya V. Lokam, Tushar Mopuri, and Sriram Sridhar. Dew: A transparent constant-sized polynomial commitment scheme. In Alexandra Boldyreva and Vladimir Kolesnikov, editors, PKC 2023: 26th International Conference on Theory and Practice of Public Key Cryptography, Part II, volume 13941 of Lecture Notes in Computer Science, 542–571. May 2023. Springer, Heidelberg.
Vidal Attias, Luigi Vigneri, and Vassil Dimitrov. Efficient verification of the wesolowski verifiable delay function for distributed environments. 2022.
Knud Ahrens and Jens Zumbrägel. DEFEND: towards verifiable delay functions from endomorphism rings. IACR Cryptol. ePrint Arch., pages 1537, 2023.
Dan Boneh, Joseph Bonneau, Benedikt Bünz, and Ben Fisch. Verifiable delay functions. In Hovav Shacham and Alexandra Boldyreva, editors, Advances in Cryptology – CRYPTO 2018, Part I, volume 10991 of Lecture Notes in Computer Science, 757–788. August 2018. Springer, Heidelberg.
Dan Boneh, Benedikt Bünz, and Ben Fisch. Batching techniques for accumulators with applications to IOPs and stateless blockchains. In Alexandra Boldyreva and Daniele Micciancio, editors, Advances in Cryptology – CRYPTO 2019, Part I, volume 11692 of Lecture Notes in Computer Science, 561–586. August 2019. Springer, Heidelberg.
Benedikt Bünz, Ben Fisch, and Alan Szepieniec. Transparent SNARKs from DARK compilers. In Anne Canteaut and Yuval Ishai, editors, Advances in Cryptology – EUROCRYPT 2020, Part I, volume 12105 of Lecture Notes in Computer Science, 677–706. May 2020. Springer, Heidelberg.
Nir Bitansky, Shafi Goldwasser, Abhishek Jain, Omer Paneth, Vinod Vaikuntanathan, and Brent Waters. Time-lock puzzles from randomized encodings. In Madhu Sudan, editor, ITCS 2016: 7th Conference on Innovations in Theoretical Computer Science, 345–356. January 2016. Association for Computing Machinery.
Johannes Buchmann and Safuat Hamdy. A survey on IQ cryptography. In Public-Key Cryptography and Computational Number Theory, 1–15. 2001.
Alexander R. Block, Justin Holmgren, Alon Rosen, Ron D. Rothblum, and Pratik Soni. Time- and space-efficient arguments from groups of unknown order. In Tal Malkin and Chris Peikert, editors, Advances in Cryptology – CRYPTO 2021, Part IV, volume 12828 of Lecture Notes in Computer Science, 123–152. Virtual Event, August 2021. Springer, Heidelberg.
Karim Belabas, Thorsten Kleinjung, Antonio Sanso, and Benjamin Wesolowski. A note on the low order assumption in class group of an imaginary quadratic number fields. 2020.
Mihir Bellare and Gregory Neven. Multi-signatures in the plain public-key model and a general forking lemma. In Ari Juels, Rebecca N. Wright, and Sabrina De Capitani di Vimercati, editors, ACM CCS 2006: 13th Conference on Computer and Communications Security, 390–399. October / November 2006. ACM Press.
Joseph Bonneau and Valeria Nikolaenko. Public randomness and randomness beacons. 2022.
Dan Boneh and Victor Shoup. A graduate course in applied cryptography, version 0.6. Cambridge, 2022.
Vitalik Buterin. STARKs, part 3: into the weeds. 2018.
Henri Cohen and Hendrik W Lenstra. Heuristics on class groups of number fields. In Number Theory Noordwijkerhout 1983, pages 33–62. Springer, 1984.
Kostas Kryptos Chalkias, Jonas Lindstrøm, and Arnab Roy. An efficient hash function for imaginary class groups. 2024.
Don Coppersmith. Small solutions to polynomial equations, and low exponent RSA vulnerabilities. Journal of Cryptology, 10(4):233–260, September 1997.
Bram Cohen and Krzysztof Pietrzak. Simple proofs of sequential work. In Jesper Buus Nielsen and Vincent Rijmen, editors, Advances in Cryptology – EUROCRYPT 2018, Part II, volume 10821 of Lecture Notes in Computer Science, 451–467. April / May 2018. Springer, Heidelberg.
Nico Döttling, Sanjam Garg, Giulio Malavolta, and Prashant Nalini Vasudevan. Tight verifiable delay functions. In Clemente Galdi and Vladimir Kolesnikov, editors, SCN 20: 12th International Conference on Security in Communication Networks, volume 12238 of Lecture Notes in Computer Science, 65–84. September 2020. Springer, Heidelberg.
Luca De Feo, Simon Masson, Christophe Petit, and Antonio Sanso. Verifiable delay functions from supersingular isogenies and pairings. In Steven D. Galbraith and Shiho Moriai, editors, Advances in Cryptology – ASIACRYPT 2019, Part I, volume 11921 of Lecture Notes in Computer Science, 248–277. December 2019. Springer, Heidelberg.
Jordan Ellenberg and Akshay Venkatesh. Reflection principles and bounds for class group torsion. International Mathematics Research Notices, 2007.
Amos Fiat and Adi Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Andrew M. Odlyzko, editor, Advances in Cryptology – CRYPTO'86, volume 263 of Lecture Notes in Computer Science, 186–194. August 1987. Springer, Heidelberg.
Charlotte Hoffmann, Pavel Hubácek, Chethan Kamath, Karen Klein, and Krzysztof Pietrzak. Practical statistically-sound proofs of exponentiation in any group. In Yevgeniy Dodis and Thomas Shrimpton, editors, Advances in Cryptology – CRYPTO 2022, Part II, volume 13508 of Lecture Notes in Computer Science, 370–399. August 2022. Springer, Heidelberg.
Samuel Jaques, Hart Montgomery, Razvan Rosie, and Arnab Roy. Time-release cryptography from minimal circuit assumptions. In Progress in Cryptology – INDOCRYPT 2021, volume 13143 of Lecture Notes in Computer Science, 584–606. Springer, 2021.
Dmitry Khovratovich, Mary Maller, and Pratyush Ranjan Tiwari. MinRoot: candidate sequential function for ethereum VDF. 2022.
Russell W. F. Lai and Giulio Malavolta. Subvector commitments with application to succinct arguments. In Alexandra Boldyreva and Daniele Micciancio, editors, Advances in Cryptology – CRYPTO 2019, Part I, volume 11692 of Lecture Notes in Computer Science, 530–560. August 2019. Springer, Heidelberg.
Gaëtan Leurent, Bart Mennink, Krzysztof Pietrzak, and Vincent Rijmen. Analysis of MinRoot: public report. 2023.
Arjen K Lenstra and Benjamin Wesolowski. Trustworthy public randomness with sloth, unicorn, and trx. International Journal of Applied Cryptography, 3(4):330–343, 2017.
Wenbo Mao. Timed-release cryptography. In Serge Vaudenay and Amr M. Youssef, editors, SAC 2001: 8th Annual International Workshop on Selected Areas in Cryptography, volume 2259 of Lecture Notes in Computer Science, 342–358. August 2001. Springer, Heidelberg.
Liam Medley, Angelique Faye Loe, and Elizabeth A. Quaglia. SoK: delay-based cryptography. In CSF 2023: IEEE 36th Computer Security Foundations Symposium, 169–183. July 2023. IEEE Computer Society Press.
Mohammad Mahmoody, Caleb Smith, and David J. Wu. Can verifiable delay functions be based on random oracles? In Artur Czumaj, Anuj Dawar, and Emanuela Merelli, editors, ICALP 2020: 47th International Colloquium on Automata, Languages and Programming, volume 168 of LIPIcs, 83:1–83:17. July 2020. Schloss Dagstuhl.
Krzysztof Pietrzak. Simple verifiable delay functions. In Avrim Blum, editor, ITCS 2019: 10th Innovations in Theoretical Computer Science Conference, volume 124, 60:1–60:15. January 2019. LIPIcs.
Lior Rotem and Gil Segev. Generically speeding-up repeated squaring is equivalent to factoring: sharp thresholds for all generic-ring delay functions. In Daniele Micciancio and Thomas Ristenpart, editors, Advances in Cryptology – CRYPTO 2020, Part III, volume 12172 of Lecture Notes in Computer Science, 481–509. August 2020. Springer, Heidelberg.
Ronald Rivest, Adi Shamir, and David Wagner. Time-lock puzzles and timed-release crypto. 1996.
István András Seres and Péter Burcsi. A note on low order assumptions in RSA groups. 2020.
István András Seres, Péter Burcsi, and Péter Kutas. How (not) to hash into class groups of imaginary quadratic fields? 2024.
Daniel Shanks. Class number, a theory of factorization, and genera. In Proc. Sympos. Pure Math., volume 29, 415–440. Amer. Math. Soc., 1969.
Barak Shani. A note on isogeny-based hybrid verifiable delay functions. 2019.
Teik Guan Tan, Vishal Sharma, Zengpeng Li, Pawel Szalachowski, and Jianying Zhou. ZKBdf: a ZKBoo-based quantum-secure verifiable delay function with prover-secret. In Applied Cryptography and Network Security Workshops – ACNS satellite workshops 2023, volume 13907 of Lecture Notes in Computer Science, 530–550. Springer, 2023.
Benjamin Wesolowski. Efficient verifiable delay functions. In Yuval Ishai and Vincent Rijmen, editors, Advances in Cryptology – EUROCRYPT 2019, Part III, volume 11478 of Lecture Notes in Computer Science, 379–407. May 2019. Springer, Heidelberg.
Benjamin Wesolowski. Efficient verifiable delay functions. Journal of Cryptology, 33(4):2113–2147, October 2020.

PDFPDF Open access

Submitted: 2024-01-08
Accepted: 2024-03-05
Published: 2024-04-09
How to cite

Dan Boneh, Benedikt Bünz, and Ben Fisch, "A Survey of Two Verifiable Delay Functions Using Proof of Exponentiation," IACR Communications in Cryptology, vol. 1, no. 1, Apr 09, 2024, doi: 10.62056/av7tudhdj.


Copyright is held by the author(s)

This work is licensed under a Creative Commons Attribution (CC BY) license.