Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Implementation Study of Cost-Effective Verification for Pietrzak's Verifiable Delay Function in Ethereum Smart Contracts

Suhyeon Lee, Euisin Gee, Junghee Lee

TL;DR

An implementation study of Pietrzak VDF verification on Ethereum Virtual Machine (EVM) finds that the discussion in the Pietrzak's original paper can help a clear optimization in EVM where the costs of computation are predefined as the specific amounts of gas.

Abstract

Verifiable Delay Function (VDF) is a cryptographic concept that ensures a minimum delay before output through sequential processing, which is resistant to parallel computing. One of the significant VDF protocols academically reviewed is the VDF protocol proposed by Pietrzak. However, for the blockchain environment, the Pietrzak VDF has drawbacks including long proof size and recursive protocol computation. In this paper, we present an implementation study of Pietrzak VDF verification on Ethereum Virtual Machine (EVM). We found that the discussion in the Pietrzak's original paper can help a clear optimization in EVM where the costs of computation are predefined as the specific amounts of gas. In our results, the cost of VDF verification can be reduced from 4M to 2M gas, and the proof length can be generated under 8 KB with the 2048-bit RSA key length, which is much smaller than the previous expectation.

Implementation Study of Cost-Effective Verification for Pietrzak's Verifiable Delay Function in Ethereum Smart Contracts

TL;DR

An implementation study of Pietrzak VDF verification on Ethereum Virtual Machine (EVM) finds that the discussion in the Pietrzak's original paper can help a clear optimization in EVM where the costs of computation are predefined as the specific amounts of gas.

Abstract

Verifiable Delay Function (VDF) is a cryptographic concept that ensures a minimum delay before output through sequential processing, which is resistant to parallel computing. One of the significant VDF protocols academically reviewed is the VDF protocol proposed by Pietrzak. However, for the blockchain environment, the Pietrzak VDF has drawbacks including long proof size and recursive protocol computation. In this paper, we present an implementation study of Pietrzak VDF verification on Ethereum Virtual Machine (EVM). We found that the discussion in the Pietrzak's original paper can help a clear optimization in EVM where the costs of computation are predefined as the specific amounts of gas. In our results, the cost of VDF verification can be reduced from 4M to 2M gas, and the proof length can be generated under 8 KB with the 2048-bit RSA key length, which is much smaller than the previous expectation.
Paper Structure (29 sections, 2 theorems, 20 equations, 3 figures, 1 table, 4 algorithms)

This paper contains 29 sections, 2 theorems, 20 equations, 3 figures, 1 table, 4 algorithms.

Table of Contents

  1. Introduction
  2. Related Works
  3. Implementation Target and Environment
  4. Pietrzak VDF algorithms
  5. VDF Evaluation
  6. Pietrzak VDF proof generation
  7. Pietrzak VDF verification
  8. Target Bit Length and Target Delay
  9. Environment for Gas Usage Measurement
  10. Development Environment and Tools
  11. Optimizer Configuration
  12. Gas Measurement in Local Testing Environment
  13. Cost measurement and approximation
  14. Data Structure
  15. Gas Cost for Calldata and Dispatch
  16. ...and 14 more sections

Key Result

Theorem 1

The function $\mathcal{G}_{total}(\tau, \delta)$ has exactly one unique minimum for $\delta$ when $\tau > \delta = \log_2 (\alpha + \beta) - \log_2 (\ln{2} \cdot \gamma)$.

Figures (3)

  • Figure 1: Pietrzak VDF Verification
  • Figure 2: Experiment results: calldata cost, halving cost, and ModExp cost for different configurations ($\lambda=2048$ and $\lambda=3072$).
  • Figure 3: Results for halving proof skipping parameter $\delta$ with $\tau = 20, 21, 22, 23, 24, 25$ for $y=x^{2^{2^{\tau}}}$

Theorems & Definitions (6)

  • Theorem 1
  • proof
  • Corollary 2
  • proof
  • proof
  • proof