1 unstable release
new 0.1.0 | Mar 28, 2025 |
---|
#3 in #vrf
785KB
2.5K
SLoC
Elliptic Curve VRF
This library provides flexible and efficient implementations of Verifiable Random Functions with Additional Data (VRF-AD), a cryptographic construct that augments a standard VRF scheme by incorporating auxiliary information into its signature.
It leverages the Arkworks framework and supports customization of scheme parameters.
Supported Schemes
- IETF VRF: Complies with ECVRF described in RFC9381.
- Pedersen VRF: Described in BCHSV23.
- Ring VRF: A zero-knowledge-based inspired by BCHSV23.
Schemes Specifications
Built-In suites
The library conditionally includes the following pre-configured suites (see features section):
- Ed25519-SHA-512-TAI: Supports IETF and Pedersen VRF.
- Secp256r1-SHA-256-TAI: Supports IETF and Pedersen VRF.
- Bandersnatch (Edwards curve on BLS12-381): Supports IETF, Pedersen, and Ring VRF.
- JubJub (Edwards curve on BLS12-381): Supports IETF, Pedersen, and Ring VRF.
- Baby-JubJub (Edwards curve on BN254): Supports IETF, Pedersen, and Ring VRF.
Basic Usage
use ark_vrf::suites::bandersnatch::*;
let secret = Secret::from_seed(b"example seed");
let public = secret.public();
let input = Input::new(b"example input");
let output = secret.output(input);
let aux_data = b"optional aux data";
IETF-VRF
Prove
use ark_vrf::ietf::Prover;
let proof = secret.prove(input, output, aux_data);
Verify
use ark_vrf::ietf::Verifier;
let result = public.verify(input, output, aux_data, &proof);
Ring-VRF
Ring construction
const RING_SIZE: usize = 100;
let prover_key_index = 3;
// Construct an example ring with dummy keys
let mut ring = (0..RING_SIZE).map(|i| Secret::from_seed(&i.to_le_bytes()).public().0).collect();
// Patch the ring with the public key of the prover
ring[prover_key_index] = public.0;
// Any key can be replaced with the padding point
ring[0] = RingProofParams::padding_point();
Ring parameters construction
let params = RingProofParams::from_seed(RING_SIZE, b"example seed");
Prove
use ark_vrf::ring::Prover;
let prover_key = params.prover_key(&ring);
let prover = params.prover(prover_key, prover_key_index);
let proof = secret.prove(input, output, aux_data, &prover);
Verify
use ark_vrf::ring::Verifier;
let verifier_key = params.verifier_key(&ring);
let verifier = params.verifier(verifier_key);
let result = Public::verify(input, output, aux_data, &proof, &verifier);
Verifier key from commitment
let ring_commitment = params.verifier_key().commitment();
let verifier_key = params.verifier_key_from_commitment(ring_commitment);
Features
default
:std
full
: Enables all features listed below exceptsecret-split
,parallel
,asm
,rfc-6979
,test-vectors
.secret-split
: Point scalar multiplication with secret split. Secret scalar is split into the sum of two scalars, which randomly mutate but retain the same sum. Incurs 2x penalty in some internal sensible scalar multiplications, but provides side channel defenses.ring
: Ring-VRF for the curves supporting it.rfc-6979
: Support for nonce generation according to RFC-9381 section 5.4.2.1.test-vectors
: Deterministic ring-vrf proof. Useful for reproducible test vectors generation.
Curves
ed25519
jubjub
bandersnatch
baby-jubjub
secp256r1
Arkworks optimizations
parallel
: Parallel execution where worth usingrayon
.asm
: Assembly implementation of some low level operations.
License
Distributed under the MIT License.
Dependencies
~4.5–6MB
~114K SLoC