diff options
| author | Bryan Bishop <kanzure@gmail.com> | 2019-08-24 09:10:50 -0500 |
|---|---|---|
| committer | Bryan Bishop <kanzure@gmail.com> | 2019-08-24 09:10:50 -0500 |
| commit | 2573e44684fb4251f1e7d9a1398d00d3ec78eb5e (patch) | |
| tree | 5f0b89698fd0a83b14d9beb659e64af359f462d8 | |
| parent | 0d173b05fbeb7a6ee6f0543ab24574725b13063f (diff) | |
| download | diyhpluswiki-2573e44684fb4251f1e7d9a1398d00d3ec78eb5e.tar.gz diyhpluswiki-2573e44684fb4251f1e7d9a1398d00d3ec78eb5e.zip | |
change some text?
| -rw-r--r-- | transcripts/verifiable-delay-functions/vdf-day-2019/dan-boneh.mdwn | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/transcripts/verifiable-delay-functions/vdf-day-2019/dan-boneh.mdwn b/transcripts/verifiable-delay-functions/vdf-day-2019/dan-boneh.mdwn index 06ee8fb..c107a99 100644 --- a/transcripts/verifiable-delay-functions/vdf-day-2019/dan-boneh.mdwn +++ b/transcripts/verifiable-delay-functions/vdf-day-2019/dan-boneh.mdwn @@ -96,7 +96,7 @@ That's the first approach that comes to mind. Seems like there's consensus on th # A construction from hash functions -You could build a verifiable delay function from hash functions. What you can do is you can build the VDF in the most natural way, which is where the public parameters are a parameters for a SNARK and the VDF is defined as a hash chain where evaluating sha256 repeatedly is going to take time T. But how do you verify the output was computed correctly? That's where SNARKs come in. But it turns out this is difficult to get to work correctly. The proof pi is a SNARK that the hashchain was computed correctly. Computing the SNARK takes more time than computing the chain, so you have to do something to counteract that. There was a paper by myself and Benedikt and others to show how to do this well, so that you can generate hte proof fast enough. The verification would be a verification of a SNARK proof. +You could build a verifiable delay function from hash functions. What you can do is you can build the VDF in the most natural way, which is where the public parameters are a parameters for a SNARK and the VDF is defined as a hash chain where evaluating sha256 repeatedly is going to take time T. But how do you verify the output was computed correctly? That's where SNARKs come in. But it turns out this is difficult to get to work correctly. The proof pi is a SNARK that the hashchain was computed correctly. Computing the SNARK takes more time than computing the chain, so you have to do something to counteract that. There was a paper by myself and Benedikt and others to show how to do this well, so that you can generate the proof fast enough. The verification would be a verification of a SNARK proof. # Permutation polynomials |