What are Verifiable Random Functions?

Today we review what Verifiable Random Functions are and what their main features are. Follow us to know all the information related to the VRF that you may be interested in knowing. A Verifiable Random Function or Verifiable Random Function, better known by its acronym VRF, is nothing more than a special cryptographic function that allows us to generate pseudo-random numbers that can be formally verified, through the use of cryptographic techniques, by any person, at all times. The design of these functions has been possible thanks to the work of Silvio Micali, Michael Rabin and Salil Vadhan, who in 1999 presented their work «Verifiable Random Functions«. Silvio Micali's name will surely be familiar to you, since he is the one who created the Algorand blockchain, which uses a VRF system in its Proof of Stake (PoS) consensus mechanism.

With this, we can basically define a VRF as a pseudo-random generator whose output can be verified at all times, thus resulting in the ability to audit and trust that the data is really reliable and has not been tampered with in any way. This is of extreme importance in the world of computing and blockchain, because it guarantees that the numbers provided are safe, and that therefore, the correct use of them will result in a safe result.

The usefulness of pseudorandom numbers in computing is especially relevant, and even more so when we talk about cryptography, where the entire security of the system is based on the premise that pseudorandom generators, whether hardware or software, are safe at all times. In fact, a PRNG (Pseudorandom Random Number Generator) or also as they are usually called (RNG or Random Number Generator) that has been manipulated in any way can be easily broken, resulting in serious security flaws in devices that depend on the same. For example, Sony's PlayStation 3 could have been hacked due to a flaw in its pseudo-random number generation system, since these numbers were predictable.

In blockchain, where cryptography is the basis of network security, the generation and use of secure algorithms for PRNGs is vital, and at this point, VRFs come to complement a need that is not only in the blockchain, but also in smart contracts and other non-blockchain functions that can take advantage of this technology.

Characteristics of a VRF

As its name suggests, a verifiable random function is defined by two main characteristics:

1. It is verifiable. This means that anyone can verify that the random number generated by a VRF is valid. All they have to do is inspect the generated cryptographic proof next to the given number and with that they will be able to verify the correctness of the hash output. On the other hand, only the holder of the secret key of the VRF can calculate the hash, anyone who has the public key can verify the correctness of the hash.
2. Random. The output of a VRF is an unpredictable number (statistically evenly distributed in the universe of possibilities of the system). Said randomness is generated by combining the seed and the private key in a unique way, although other sources that feed the system's entropy can also be used and will be added to the test for later verification.

Thus, the VRFs try to make the PRNG algorithms produce cryptographic proofs that can formally generate proof of their veracity, and that these proofs allow their subsequent verification by those who consume said numbers.

VRF Use Cases

VRFs have a wide number of uses, among which we can highlight:

1. Improvements in Internet security systems. For example, a generator of TLS certificates, PKI infrastructures or certificates for DNS encryption can use VRF to generate secure means of communication between the parties, since said certificates can be verified throughout the process by all the parties involved.
2. The generation of connected devices (eg IoT) capable of maintaining secure connections through encrypted communications whose entropy is based on VRF functions.
3. Secure generation of new cryptographic schemes. This is the case for Zero Knowledge Proofs (ZKP) which can use VRFs to generate the data sets they need and which can then be verified by the parties. This use case is fully explained in the 1999 paper by Silvio Micali, Michael Rabin, and Salil Vadhan.
4. Generation of blockchain security schemes. For example, VRFs can be used to generate secure verifiable transaction chains of custody. Likewise, they can also be used in blockchain oracles to verify operations (as in Chainlink) or even in consensus protocols (as in Algorand).