Skip to main content
SpringerLink
Log in

(Verifiable) Delay Functions from Lucas Sequences

  • Conference paper
  • First Online:
Theory of Cryptography (TCC 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14372))

Included in the following conference series:

  • 232 Accesses

Abstract

Lucas sequences are constant-recursive integer sequences with a long history of applications in cryptography, both in the design of cryptographic schemes and cryptanalysis. In this work, we study the sequential hardness of computing Lucas sequences over an RSA modulus.

First, we show that modular Lucas sequences are at least as sequentially hard as the classical delay function given by iterated modular squaring proposed by Rivest, Shamir, and Wagner (MIT Tech. Rep. 1996) in the context of time-lock puzzles. Moreover, there is no obvious reduction in the other direction, which suggests that the assumption of sequential hardness of modular Lucas sequences is strictly weaker than that of iterated modular squaring. In other words, the sequential hardness of modular Lucas sequences might hold even in the case of an algorithmic improvement violating the sequential hardness of iterated modular squaring.

Second, we demonstrate the feasibility of constructing practically-efficient verifiable delay functions based on the sequential hardness of modular Lucas sequences. Our construction builds on the work of Pietrzak (ITCS 2019) by leveraging the intrinsic connection between the problem of computing modular Lucas sequences and exponentiation in an appropriate extension field.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Note that integer sequences like Fibonacci numbers and Mersenne numbers are special cases of Lucas sequences.

  2. 2.

    The choice of modulus N is said to be safe if \(N=pq\) for safe primes \(p=2p'+1\) and \(q=2q'+1\), where \(p'\) and \(q'\) are also prime.

  3. 3.

    Further, using the ideas from [14, 20], it is possible to construct so-called continuous VDFs from Lucas sequences.

  4. 4.

    Since we set a to be at most polynomial in \(\lambda \), its is possible to go over all possible candidate values for a in time polynomial in \(\lambda \). Thus, any algorithm that could factor N using the knowledge of a can be efficiently simulated even without the knowledge of a.

References

  1. Abusalah, H., Kamath, C., Klein, K., Pietrzak, K., Walter, M.: Reversible proofs of sequential work. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 277–291. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_10

    Chapter  Google Scholar 

  2. Aggarwal, D., Maurer, U.: Breaking RSA generically is equivalent to factoring. IEEE Trans. Inf. Theory 62(11), 6251–6259 (2016). https://doi.org/10.1109/TIT.2016.2594197

    Article  MathSciNet  MATH  Google Scholar 

  3. Arun, A., Bonneau, J., Clark, J.: Short-lived zero-knowledge proofs and signatures. In: Agrawal, S., Lin, D. (eds.) Advances in Cryptology – ASIACRYPT 2022. Lecture Notes in Computer Science, vol. 13793, pp. 487–516. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22969-5_17

    Chapter  Google Scholar 

  4. Bernstein, D., Sorenson, J.: Modular exponentiation via the explicit Chinese remainder theorem. Math. Comput. 76, 443–454 (2007). https://doi.org/10.1090/S0025-5718-06-01849-7

    Article  MathSciNet  MATH  Google Scholar 

  5. Bitansky, N., et al.: PPAD is as hard as LWE and iterated squaring. IACR Cryptol. ePrint Arch., p. 1072 (2022)

    Google Scholar 

  6. Bitansky, N., Goldwasser, S., Jain, A., Paneth, O., Vaikuntanathan, V., Waters, B.: Time-lock puzzles from randomized encodings. In: ITCS, pp. 345–356. ACM (2016)

    Google Scholar 

  7. Bleichenbacher, D., Bosma, W., Lenstra, A.K.: Some remarks on Lucas-based cryptosystems. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 386–396. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-44750-4_31

    Chapter  Google Scholar 

  8. Block, A.R., Holmgren, J., Rosen, A., Rothblum, R.D., Soni, P.: Time- and space-efficient arguments from groups of unknown order. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12828, pp. 123–152. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84259-8_5

    Chapter  Google Scholar 

  9. Boneh, D., Bonneau, J., Bünz, B., Fisch, B.: Verifiable delay functions. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 757–788. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_25

    Chapter  Google Scholar 

  10. Boneh, D., Bünz, B., Fisch, B.: A survey of two verifiable delay functions. IACR Cryptol. ePrint Arch. 2018, 712 (2018)

    MATH  Google Scholar 

  11. Boneh, D., Venkatesan, R.: Breaking RSA may not be equivalent to factoring. In: Nyberg, K. (ed.) Advances in Cryptology - EUROCRYPT ’98. Lecture Notes in Computer Science, vol. 1403, pp. 59–71. Springer, Cham (1998). https://doi.org/10.1007/BFb0054117

    Chapter  Google Scholar 

  12. Buchmann, J., Williams, H.C.: A key-exchange system based on imaginary quadratic fields. J. Cryptol. 1(2), 107–118 (1988). https://doi.org/10.1007/BF02351719

    Article  MathSciNet  MATH  Google Scholar 

  13. Chavez-Saab, J., Rodríguez-Henríquez, F., Tibouchi, M.: Verifiable Isogeny walks: towards an isogeny-based postquantum VDF. In: AlTawy, R., Hülsing, A. (eds.) SAC 2021. LNCS, vol. 13203, pp. 441–460. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-99277-4_21

    Chapter  Google Scholar 

  14. Choudhuri, A.R., Hubáček, P., Kamath, C., Pietrzak, K., Rosen, A., Rothblum, G.N.: PPAD-hardness via iterated squaring modulo a composite. IACR Cryptol. ePrint Arch. 2019, 667 (2019)

    Google Scholar 

  15. Cini, V., Lai, R.W.F., Malavolta, G.: Lattice-based succinct arguments from vanishing polynomials. In: Handschuh, H., Lysyanskaya, A. (eds.) Advances in Cryptology - CRYPTO 2023. Lecture Notes in Computer Science, pp. 72–105. Springer Nature Switzerland, Cham (2023). https://doi.org/10.1007/978-3-031-38545-2_3

    Chapter  Google Scholar 

  16. Cohen, B., Pietrzak, K.: Simple proofs of sequential work. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 451–467. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_15

    Chapter  Google Scholar 

  17. Cohen, B., Pietrzak, K.: The Chia network blockchain. Technical report, Chia Network (2019). https://www.chia.net/assets/ChiaGreenPaper.pdf. Accessed 29 July 2022

  18. Döttling, N., Garg, S., Malavolta, G., Vasudevan, P.N.: Tight verifiable delay functions. In: Galdi, C., Kolesnikov, V. (eds.) SCN 2020. LNCS, vol. 12238, pp. 65–84. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-57990-6_4

    Chapter  Google Scholar 

  19. Döttling, N., Lai, R.W.F., Malavolta, G.: Incremental proofs of sequential work. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 292–323. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_11

    Chapter  Google Scholar 

  20. Ephraim, N., Freitag, C., Komargodski, I., Pass, R.: Continuous verifiable delay functions. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 125–154. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_5

    Chapter  Google Scholar 

  21. De Feo, L., Masson, S., Petit, C., Sanso, A.: Verifiable delay functions from supersingular isogenies and pairings. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11921, pp. 248–277. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34578-5_10

    Chapter  Google Scholar 

  22. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12

    Chapter  Google Scholar 

  23. Freitag, C., Pass, R., Sirkin, N.: Parallelizable delegation from LWE. IACR Cryptol. ePrint Arch., p. 1025 (2022)

    Google Scholar 

  24. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)

    Article  MathSciNet  MATH  Google Scholar 

  25. Hoffmann, C., Hubáček, P., Kamath, C., Klein, K., Pietrzak, K.: Practical statistically sound proofs of exponentiation in any group. In: Dodis, Y., Shrimpton, T. (eds.) Advances in Cryptology – CRYPTO 2022. Lecture Notes in Computer Science, vol. 13508, pp. 1–30. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15979-4_13

    Chapter  MATH  Google Scholar 

  26. Hofheinz, D., Kiltz, E.: The group of signed quadratic residues and applications. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 637–653. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_37

    Chapter  Google Scholar 

  27. Katz, J., Loss, J., Xu, J.: On the security of time-lock puzzles and timed commitments. In: Pass, R., Pietrzak, K. (eds.) TCC 2020, Part III. LNCS, vol. 12552, pp. 390–413. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64381-2_14

    Chapter  MATH  Google Scholar 

  28. Lai, R.W.F., Malavolta, G.: Lattice-based timed cryptography. In: Handschuh, H., Lysyanskaya, A. (eds.) Advances in Cryptology - CRYPTO 2023. Lecture Notes in Computer Science, pp. 782–804. Springer Nature Switzerland, Cham (2023). https://doi.org/10.1007/978-3-031-38554-4_25

    Chapter  Google Scholar 

  29. Lehmer, D.H.: An extended theory of Lucas’ functions. Ann. Math. 31(3), 419–448 (1930). https://www.jstor.org/stable/1968235

  30. Lennon, M.J.J., Smith, P.J.: LUC: A new public key system. In: Douglas, E.G. (ed.) Ninth IFIP Symposium on Computer Security, pp. 103–117. Elsevier Science Publishers (1993)

    Google Scholar 

  31. Lenstra, A.K., Wesolowski, B.: Trustworthy public randomness with sloth, unicorn, and trx. IJACT 3(4), 330–343 (2017)

    Article  MathSciNet  MATH  Google Scholar 

  32. Lipmaa, H.: On Diophantine complexity and statistical zero-knowledge arguments. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 398–415. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-40061-5_26

    Chapter  Google Scholar 

  33. Lombardi, A., Vaikuntanathan, V.: Fiat-Shamir for repeated squaring with applications to PPAD-hardness and VDFs. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 632–651. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_22

    Chapter  Google Scholar 

  34. Lucas, E.: Théorie des fonctions numériques simplement périodiques. Am. J. Math. 1(4), 289–321 (1878). https://www.jstor.org/stable/2369373

  35. Lund, C., Fortnow, L., Karloff, H.J., Nisan, N.: Algebraic methods for interactive proof systems. J. ACM 39(4), 859–868 (1992)

    Article  MathSciNet  MATH  Google Scholar 

  36. Mahmoody, M., Moran, T., Vadhan, S.P.: Publicly verifiable proofs of sequential work. In: ITCS, pp. 373–388. ACM (2013)

    Google Scholar 

  37. Mahmoody, M., Smith, C., Wu, D.J.: A note on the (Im)possibility of verifiable delay functions in the random oracle model. IACR Cryptol. ePrint Arch. 2019, 663 (2019)

    Google Scholar 

  38. Malavolta, G., Thyagarajan, S.A.K.: Homomorphic time-lock puzzles and applications. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11692, pp. 620–649. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26948-7_22

    Chapter  Google Scholar 

  39. Müller, W.B., Nöbauer, W.: Some remarks on public-key cryptosystems. Studia Sci. Math. Hungar. 16, 71–76 (1981)

    MathSciNet  MATH  Google Scholar 

  40. Bressoud, D.M.: Factorization and primality testing. Math. Comput. 56(193), 400 (1991)

    Article  Google Scholar 

  41. Pietrzak, K.: Simple verifiable delay functions. IACR Cryptol. ePrint Arch. 2018, 627 (2018). https://eprint.iacr.org/2018/627/20180720:081000

  42. Pietrzak, K.: Simple verifiable delay functions. In: ITCS. LIPIcs, vol. 124, pp. 1–15. Schloss Dagstuhl - Leibniz-Zentrum für Informatik (2019)

    Google Scholar 

  43. Rabin, M.O.: Transaction protection by beacons. J. Comput. Syst. Sci. 27(2), 256–267 (1983)

    Article  MathSciNet  MATH  Google Scholar 

  44. Ribenboim, P.: My Numbers, My Friends: Popular Lectures on Number Theory. Springer-Verlag, New York (2000)

    Book  MATH  Google Scholar 

  45. Riesel, H.: Prime Numbers and Computer Methods for Factorization, Progress in Mathematics, vol. 57. Birkhäuser, Basel (1985)

    Book  MATH  Google Scholar 

  46. Rivest, R., Silverman, R.: Are ’strong’ primes needed for RSA. Cryptology ePrint Archive, Report 2001/007 (2001). https://eprint.iacr.org/2001/007

  47. Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems (reprint). Commun. ACM 26(1), 96–99 (1983)

    Article  MATH  Google Scholar 

  48. Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock puzzles and timed-release crypto. Technical report, Massachusetts Institute of Technology (1996)

    Google Scholar 

  49. Rotem, L., Segev, G.: Generically speeding-up repeated squaring is equivalent to factoring: sharp thresholds for all generic-ring delay functions. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 481–509. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_17

    Chapter  Google Scholar 

  50. Rotem, L., Segev, G., Shahaf, I.: Generic-group delay functions require hidden-order groups. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 155–180. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_6

    Chapter  Google Scholar 

  51. Schindler, P., Judmayer, A., Hittmeir, M., Stifter, N., Weippl, E.R.: RandRunner: distributed randomness from trapdoor VDFs with strong uniqueness. In: 28th Annual Network and Distributed System Security Symposium, NDSS 2021, virtually, 21–25 February 2021. The Internet Society (2021)

    Google Scholar 

  52. Shani, B.: A note on isogeny-based hybrid verifiable delay functions. IACR Cryptol. ePrint Arch. 2019, 205 (2019)

    Google Scholar 

  53. Valiant, P.: Incrementally verifiable computation or proofs of knowledge imply time/space efficiency. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 1–18. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78524-8_1

    Chapter  MATH  Google Scholar 

  54. Wesolowski, B.: Efficient verifiable delay functions. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 379–407. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_13

    Chapter  Google Scholar 

  55. Wesolowski, B.: Efficient verifiable delay functions. J. Cryptol. 33(4), 2113–2147 (2020). https://doi.org/10.1007/s00145-020-09364-x

    Article  MathSciNet  MATH  Google Scholar 

  56. Williams, H.C.: A \(p+1\) method of factoring. Math. Comput. 39(159), 225–234 (1982)

    MathSciNet  MATH  Google Scholar 

  57. Williams, H.C.: Édouard lucas and primality testing. Math. Gaz. 83, 173 (1999)

    Article  Google Scholar 

Download references

Acknowledgements

We thank Krzysztof Pietrzak and Alon Rosen for several fruitful discussions about this work and the anonymous reviewers of SCN 2022 and TCC 2023 for valuable suggestions.

Pavel Hubáček is supported by the Czech Academy of Sciences (RVO 67985840), by the Grant Agency of the Czech Republic under the grant agreement no. 19-27871X, and by the Charles University project UNCE/SCI/004. Chethan Kamath is supported by Azrieli International Postdoctoral Fellowship, by the European Research Council (ERC) under the European Union’s Horizon Europe research and innovation programme (grant agreement No. 101042417, acronym SPP), and by ISF grant 1789/19.

Author information

Authors and Affiliations

  1. Institute of Science and Technology Austria, Klosterneuburg, Austria

    Charlotte Hoffmann

  2. Institute of Mathematics, Czech Academy of Sciences, Prague, Czech Republic

    Pavel Hubáček

  3. Faculty of Mathematics and Physics, Charles University, Prague, Czech Republic

    Pavel Hubáček & Tomáš Krňák

  4. Tel Aviv University, Tel Aviv, Israel

    Chethan Kamath

Authors
  1. Charlotte Hoffmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pavel Hubáček
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chethan Kamath
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tomáš Krňák
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Charlotte Hoffmann .

Editor information

Editors and Affiliations

  1. Apple, Cupertino, CA, USA

    Guy Rothblum

  2. NTT Research, Sunnyvale, CA, USA

    Hoeteck Wee

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hoffmann, C., Hubáček, P., Kamath, C., Krňák, T. (2023). (Verifiable) Delay Functions from Lucas Sequences. In: Rothblum, G., Wee, H. (eds) Theory of Cryptography. TCC 2023. Lecture Notes in Computer Science, vol 14372. Springer, Cham. https://doi.org/10.1007/978-3-031-48624-1_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-48624-1_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-48623-4

  • Online ISBN: 978-3-031-48624-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation