1

Random numbers are useful in many use cases such as blockchain. I know many blockchains or smart contracts employ VRF to generate "provably fair random numbers". But what exactly is a VRF?

I've read some sections of RFC 9381 which describes VRF, but it seems that a VRF is NOT a function that generates a random number out of nothing. In another word, an alpha value is required as the input to generate both the hash and the proof. Then the hash is used as the random number.

So, a random and unpredictable value alpha is required, right? But if I already have alpha, why can't I just use this alpha directly as the random number? What is a VRF used for?

I understand digital signature algorithms. I understand I can verify a message is signed by a party (who has a secret key) with the signature provided by that party. I understand I can verify the VRF output. So what? That doesn't mean anything. A VRF provider just uses an already-existed random number to generate another pseudorandom number, and charges users money... I'm confused.

Yan
  • 111
  • 3

1 Answers1

1

A random function $f$ is like a random book in the Library of Babel. If you have the book in front of you, you can open it up to find what's on page 316, giving the value $f(316)$. If you don't have the book in front of you, you have no hope of guessing what's on that page—all possible page contents, that is, page-length strings of printable characters, are equally probable. (It's a very long book, so you can, e.g., encode a string like "example.com" into a page number like 122669988979119183248977773 and look up that page in the book.)

Certain applications, such as DNSSEC NSEC5, make very particular use of a random function for their security properties. With a VRF:

  • There is exactly one book (per VRF key pair).
  • Only one party, call him Bob, can read the book directly (with the VRF private key).
  • Nobody besides Bob has any hope of guessing what's on any given page of the book (verifiable random function).
  • Nevertheless, when Bob shares a page of the book (the VRF output) with Alice, Mallory, or anyone else (anyone who knows the VRF public key), he can convince them (by showing them the VRF proof) that it is a page from the same book every time and from the page number he claims (the VRF input), even if he's never revealed that page before—he's not just randomly making up pages as he goes.

This dialogue in six parts on DNSSEC NSEC5 dramatizes how the security properties of a VRF are combined with traditional public-key signature to manage operational costs and risks in a DNSSEC.

Community
  • 1
Verifiable Random Klutz
  • 11
  • 1