The VDF Alliance began in early 2019 to evaluate the feasibility of developing fast, open, hardware for computing Verifiable Delay Functions (VDFs). To begin, the team developed CPU and FPGA implementations of an RSA VDF to better understand their potential for hardware acceleration. These implementations were used to solve a 20-year-old cryptographic puzzle at MIT in two months. Now the VDF Alliance is open-sourcing these designs and inviting the community to make them even faster. For more information visit the VDF FPGA Competition page.
A verifiable delay function (VDF) is a cryptographic primitive yielding cryptographically verifiable time delays through sequential computation. One of the use cases of VDFs is public unbiasable randomness without a trusted third party. VDFs were first defined in a June 2018 paper by Stanford professor of cryptography Dan Boneh and others. Verifiable delay functions are functions which require lots of sequential computation to evaluate, and for which the function output can be quickly verified via a short proof. An older ‘timelock puzzle’ construction similarly uses sequential computation to create a time delay. Timelock puzzles were introduced by Rivest, Shamir and Wagner to encrypt data ‘into the future’.
In the same month VDFs were defined, two independent constructions were published by Pietrzak and Wesolowski. These two constructions have evaluation proofs that are exponentially faster to verify than the direct inherently-sequential evaluation. VDFs can be used by blockchains to create more scalable consensus protocols, introduce unbiasable randomness, and enable proof-of-replication. Their use is being incorporated into blockchain protocols such as Ethereum, the second largest blockchain platform in the world, and Filecoin, an upcoming platform offering decentralized storage. However, to retain the security properties provided by their computational delay, VDF evaluations must run fast enough to avoid attacks that jeopardise their tether to real-world time. Specifically, an attacker should not be able to evaluate VDFs significantly faster than the general public, e.g. no more than 10 times faster.
In order to better reason about the potential performance of a hardware accelerated VDF, the Ethereum Foundation, Protocol Labs, the Interchain Foundation, and Supranational have collaborated to develop novel algorithms and semiconductor designs for VDFs. This VDF alliance has focused on RSA VDFs based on repeated modular squaring. A partnership with Erdinc Ozturk of Sabanci University led to the development a low latency modular squaring algorithm targeted at an ASIC architecture. This algorithm was used to develop an FPGA implementation that solved a twenty-year-outstanding timelock puzzle developed by famed cryptographer Ron Rivest. Despite their recent introduction in mid-2018, VDFs has been an active field of research. Academic resources, video content, and explainers are available at vdfresearch.org. An FPGA competition to accelerate repeated modular squaring launched August 1, 2019.