|
|
| Line 1: |
Line 1: |
| {{Refimprove|date=July 2007}}
| | Wilber Berryhill is what his spouse loves to contact him and he completely enjoys this name. To climb is some thing I really appreciate performing. Ohio is where my house is but my spouse desires us to move. I am an invoicing officer and I'll be promoted soon.<br><br>My blog - tarot card readings ([http://165.132.39.93/xe/visitors/372912 just click the following article]) |
| | |
| In [[cryptography]], the concept of a '''verifiable random function''' was introduced by [[Silvio Micali|Micali]], [[Michael O. Rabin|Rabin]], and [[Salil Vadhan|Vadhan]].<ref>{{cite conference | first = Silvio | last = Micali | coauthors = Rabin, Michael O.; Vadhan, Salil P. | title = Verifiable random functions | booktitle = Proceedings of the 40th IEEE Symposium on Foundations of Computer Science | pages = 120–130 | year = 1999 }}</ref> It is a [[pseudo-random function]] that provides publicly verifiable proofs of its outputs' correctness. Given an input value ''x'', the owner of the secret [[key (cryptography)|key]] SK can compute the function value ''y'' = ''F''<sub>SK</sub>(''x'') and the proof ''p''<sub>SK</sub>(''x''). Using the proof and the public key <math> PK = g^{SK}</math>, everyone can check that the value ''y'' = ''F''<sub>SK</sub>(''x'') was indeed computed correctly, yet this information cannot be used to find the secret key.
| |
| | |
| The original construction was rather inefficient. Recently, an efficient and practical verifiable random function was proposed by Yevgeniy Dodis and Aleksandr Yampolskiy.<ref>{{cite conference | first = Yevgeniy | last = Dodis| coauthors = Yampolskiy, Aleksandr. | title = A Verifiable Random Function With Short Proofs and Keys | booktitle = 8th International Workshop on Theory and Practice in Public Key Cryptography | pages = 416–431 | year = 2005}}</ref> In their construction,
| |
| :<math> F_{SK}(x) = e(g, g)^{1/(x+SK)} \quad\mbox{and}\quad p_{SK}(x) = g^{1/(x+SK)}, </math>
| |
| where ''e''(·,·) is a [[bilinear map]].
| |
| To verify whether <math>F_{SK}(x)</math> was computed correctly or not, one can check
| |
| if <math>e(g^x PK, p_{SK}(x))=e(g,g)</math>.
| |
| | |
| The proof of security relies on a new [[decisional bilinear Diffie-Hellman inversion assumption]], which asks given <math>(g, g^{x}, \ldots, g^{(x^q)}, R)</math> as input to distinguish <math>R=e(g,g)^{1/x}</math> from random.
| |
| | |
| ==References==
| |
| <references/>
| |
| | |
| [[Category:Cryptographic algorithms]]
| |
| | |
| | |
| {{Crypto-stub}}
| |
Wilber Berryhill is what his spouse loves to contact him and he completely enjoys this name. To climb is some thing I really appreciate performing. Ohio is where my house is but my spouse desires us to move. I am an invoicing officer and I'll be promoted soon.
My blog - tarot card readings (just click the following article)