[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GNUnet PoWs hashfunction

From: Jeff Burdges
Subject: Re: GNUnet PoWs hashfunction
Date: Sat, 18 Apr 2020 14:51:24 +0200

> Do you have anything public you can refer to? Would love to read more
> about that. Thanks.     >Y<

There are several VDFs that do many squarings in a group of unknown order, for 
which they provide the output along with a proof that they computed it by doing 
the required squarings.  There are two proposed proof strategies by Pietrzak and Wesolowski that differ primarily in the assumptions 
they require from the underlying group of unknown order  There are two groups of unknown order 
being proposed:

Integers modulo an RSA composite p q for which nobody knows p and q - These 
require a really shitty trusted setup, but we’ll know ASIC speeds far sooner 
since E.F. works towards this one.

Class group of an imaginary quadratic order - We’re far from any real 
confidence in crypto with class groups, and do not expect ASIC speeds anytime 
soon, but these avoid the trusted setup, and some software and GPU competition 

There are also VDFs built on evaluating isogenies instead of doing squarings, 
for which give cool properties like encryption to the eventual VDF evaluation, 
so imagine one time-lock puzzles that opens an unlimited number of cypertxts.  
ASIC speed estimates sound far off.  Also, these require a trusted setup that’s 
much less shitty than the RSA composite trusted setup, but they also require a 
preliminary VDF setup run, so you cannot decide dynamically for how long you 
run the VDF.

If you want to use the RSA VDF that E.F. funds, then you’ve two choices:  You 
can outsource confidence in the trusted setup by using E.F.’s trusted setup, 
but then you’re vulnerable to ASICs that E.F. sponsors.  If you want ASIC 
resistance, then you can increase key size beyond their ASIC, and do your own 
trusted setup, but doing this requires effort even assuming runnable code 


Attachment: signature.asc
Description: Message signed with OpenPGP

reply via email to

[Prev in Thread] Current Thread [Next in Thread]