An implementation of Verifiable Delay Functions in Rust

Related tags

Command-line vdf
Overview

Verifiable Delay Function (VDF) Implementation in Rust

What is a VDF?

A Verifiable Delay Function (VDF) is a function that requires substantial time to evaluate (even with a polynomial number of parallel processors) but can be very quickly verified as correct. VDFs can be used to construct randomness beacons with multiple applications in a distributed network environment. By introducing a time delay during evaluation, VDFs prevent malicious actors from influencing output. The output cannot be differentiated from a random number until the final result is computed. See https://eprint.iacr.org/2018/712.pdf for more details.

Description

This VDF implementation is written in Rust. The GMP library is used for arithmetic and greatest common divisor (GCD) calculations. We use class groups to implement the approaches described in the following papers:

  1. Simple Verifiable Delay Functions. Pietrzak, 2018
  2. Efficient Verifiable Delay Functions. Wesolowski, 2018

The chosen generator is (2, 1, c), where c is calculated from the provided discriminant. A form is represented internally (a, b, c), with the discriminant not being used in most omputations. This implementation performs reduction is performed after every multiplication and squaring, as not doing so did not give any gains in our benchmarks.

This repo includes three crates:

  • classgroup: a class group implementation, as well as a trait for class groups.
  • vdf: a Verifyable Delay Function (VDF) trait, as well as an implementation of that trait.
  • vdf-cli: a command-line interface to the vdf crate. It also includes additional commands, which are deprecated and will be replaced by a CLI to the classgroup crate.

Usage

  • Install Rust. We (POA Networks) have tested the code with the latest stable, beta, and nightly versions of Rust. It may work with older versions, but this is not guaranteed.

  • Install the GNU Multiple Precision Library

    • On Debian and derivatives (including Ubuntu):
      $ sudo apt-get install -y libgmp-dev
    • On Red Hat and derivatives (Fedora, CentOS)
      $ sudo dnf -y install gmp-devel
  • Download and prepare the repository

    $ git clone https://github.com/poanetwork/vdf.git
    $ cargo install --path=vdf-cli
    $ # or for the competition binary
    $ cargo install --path=vdf-competition

Command Line Interface

To initiate, use the vdf-cli command followed by 2 arguments:

  • challenge: byte string of arbitrary length
  • difficulty: number of iterations, each iteration requires more time to evaluate

This generates the Weslowski proof of time. To generate the Pietrzak proof of time, pass -tpietrzak. For detailed usage information, run vdf-cli --help.

Once complete you will see the output, returned as a Vec<u8>. The CLI tool hex-encodes its output.

Example

$ vdf-cli aa 100
005271e8f9ab2eb8a2906e851dfcb5542e4173f016b85e29d481a108dc82ed3b3f97937b7aa824801138d1771dea8dae2f6397e76a80613afda30f2c30a34b040baaafe76d5707d68689193e5d211833b372a6a4591abb88e2e7f2f5a5ec818b5707b86b8b2c495ca1581c179168509e3593f9a16879620a4dc4e907df452e8dd0ffc4f199825f54ec70472cc061f22eb54c48d6aa5af3ea375a392ac77294e2d955dde1d102ae2ace494293492d31cff21944a8bcb4608993065c9a00292e8d3f4604e7465b4eeefb494f5bea102db343bb61c5a15c7bdf288206885c130fa1f2d86bf5e4634fdc4216bc16ef7dac970b0ee46d69416f9a9acee651d158ac64915b

To verify, use the vdi-cli command with the same arguments and include the output.

Example

$ vdf-cli aa 100 005271e8f9ab2eb8a2906e851dfcb5542e4173f016b85e29d481a108dc82ed3b3f97937b7aa824801138d1771dea8dae2f6397e76a80613afda30f2c30a34b040baaafe76d5707d68689193e5d211833b372a6a4591abb88e2e7f2f5a5ec818b5707b86b8b2c495ca1581c179168509e3593f9a16879620a4dc4e907df452e8dd0ffc4f199825f54ec70472cc061f22eb54c48d6aa5af3ea375a392ac77294e2d955dde1d102ae2ace494293492d31cff21944a8bcb4608993065c9a00292e8d3f4604e7465b4eeefb494f5bea102db343bb61c5a15c7bdf288206885c130fa1f2d86bf5e4634fdc4216bc16ef7dac970b0ee46d69416f9a9acee651d158ac64915b
Proof is valid

VDF Library

extern crate vdf;
use vdf::{InvalidProof, PietrzakVDFParams, VDFParams, WesolowskiVDFParams, VDF};

/// The correct solution.
const CORRECT_SOLUTION: &[u8] =
  b"\x00\x52\x71\xe8\xf9\xab\x2e\xb8\xa2\x90\x6e\x85\x1d\xfc\xb5\x54\x2e\x41\x73\xf0\x16\
  \xb8\x5e\x29\xd4\x81\xa1\x08\xdc\x82\xed\x3b\x3f\x97\x93\x7b\x7a\xa8\x24\x80\x11\x38\
  \xd1\x77\x1d\xea\x8d\xae\x2f\x63\x97\xe7\x6a\x80\x61\x3a\xfd\xa3\x0f\x2c\x30\xa3\x4b\
  \x04\x0b\xaa\xaf\xe7\x6d\x57\x07\xd6\x86\x89\x19\x3e\x5d\x21\x18\x33\xb3\x72\xa6\xa4\
  \x59\x1a\xbb\x88\xe2\xe7\xf2\xf5\xa5\xec\x81\x8b\x57\x07\xb8\x6b\x8b\x2c\x49\x5c\xa1\
  \x58\x1c\x17\x91\x68\x50\x9e\x35\x93\xf9\xa1\x68\x79\x62\x0a\x4d\xc4\xe9\x07\xdf\x45\
  \x2e\x8d\xd0\xff\xc4\xf1\x99\x82\x5f\x54\xec\x70\x47\x2c\xc0\x61\xf2\x2e\xb5\x4c\x48\
  \xd6\xaa\x5a\xf3\xea\x37\x5a\x39\x2a\xc7\x72\x94\xe2\xd9\x55\xdd\xe1\xd1\x02\xae\x2a\
  \xce\x49\x42\x93\x49\x2d\x31\xcf\xf2\x19\x44\xa8\xbc\xb4\x60\x89\x93\x06\x5c\x9a\x00\
  \x29\x2e\x8d\x3f\x46\x04\xe7\x46\x5b\x4e\xee\xfb\x49\x4f\x5b\xea\x10\x2d\xb3\x43\xbb\
  \x61\xc5\xa1\x5c\x7b\xdf\x28\x82\x06\x88\x5c\x13\x0f\xa1\xf2\xd8\x6b\xf5\xe4\x63\x4f\
  \xdc\x42\x16\xbc\x16\xef\x7d\xac\x97\x0b\x0e\xe4\x6d\x69\x41\x6f\x9a\x9a\xce\xe6\x51\
  \xd1\x58\xac\x64\x91\x5b";
fn main() {
    // The length of the prime numbers generated, in bits.
    let num_bits: u16 = 2048;

    // An instance of the VDF.  Instances can be used arbitrarily many times.
    let pietrzak_vdf = PietrzakVDFParams(num_bits).new();

    // Solve for the correct answer.  This will take a minute or two.
    assert_eq!(
        &pietrzak_vdf.solve(b"\xaa", 10000).unwrap()[..],
        CORRECT_SOLUTION
    );

    // Verify the answer.  This should be far faster (less than a second).
    assert!(pietrzak_vdf.verify(b"\xaa", 10000, CORRECT_SOLUTION).is_ok());
}

Benchmarks

Benchmarks are provided for the classgroup operations. To run benchmarks:

$ ./bench.sh <your challenge here>

Additional benchmarks are under development.

Current Benchmarks

These were generated by ./bench.sh aadf. Outliers could be due to preemption by the OS and/or hypervisor. Changes are relative to the previous test run done on the same machine. Since the previous run was done with different settings and/or code than reported here, these changes are not meaningful.

Benchmarking square with seed aadf: 512: Collecting 100 samples in estimated 5.0439 s (374k iteratio                                                                                                    square with seed aadf: 512
                        time:   [13.301 us 13.333 us 13.372 us]
                        change: [-22.286% -21.745% -21.225%] (p = 0.00 < 0.05)
                        Performance has improved.
Found 22 outliers among 100 measurements (22.00%)
  5 (5.00%) high mild
  17 (17.00%) high severe

Benchmarking multiply with seed aadf: 512: Collecting 100 samples in estimated 5.0452 s (293k iterat                                                                                                    multiply with seed aadf: 512
                        time:   [17.219 us 17.251 us 17.287 us]
                        change: [-24.323% -23.739% -23.149%] (p = 0.00 < 0.05)
                        Performance has improved.
Found 10 outliers among 100 measurements (10.00%)
  4 (4.00%) high mild
  6 (6.00%) high severe

Benchmarking square with seed aadf: 1024: Collecting 100 samples in estimated 5.0822 s (177k iterati                                                                                                    square with seed aadf: 1024
                        time:   [28.672 us 28.716 us 28.767 us]
                        change: [-29.947% -29.339% -28.708%] (p = 0.00 < 0.05)
                        Performance has improved.
Found 8 outliers among 100 measurements (8.00%)
  1 (1.00%) low mild
  1 (1.00%) high mild
  6 (6.00%) high severe

Benchmarking multiply with seed aadf: 1024: Collecting 100 samples in estimated 5.0886 s (136k itera                                                                                                    multiply with seed aadf: 1024
                        time:   [37.163 us 37.207 us 37.254 us]
                        change: [-21.403% -20.750% -20.170%] (p = 0.00 < 0.05)
                        Performance has improved.
Found 8 outliers among 100 measurements (8.00%)
  1 (1.00%) low mild
  1 (1.00%) high mild
  6 (6.00%) high severe

Benchmarking square with seed aadf: 2048: Collecting 100 samples in estimated 5.2519 s (76k iteratio                                                                                                    square with seed aadf: 2048
                        time:   [69.115 us 69.254 us 69.430 us]
                        change: [-28.091% -27.738% -27.341%] (p = 0.00 < 0.05)
                        Performance has improved.
Found 8 outliers among 100 measurements (8.00%)
  1 (1.00%) low mild
  1 (1.00%) high mild
  6 (6.00%) high severe

Benchmarking multiply with seed aadf: 2048: Collecting 100 samples in estimated 5.0554 s (56k iterat                                                                                                    multiply with seed aadf: 2048
                        time:   [90.922 us 91.057 us 91.201 us]
                        change: [-25.236% -24.794% -24.336%] (p = 0.00 < 0.05)
                        Performance has improved.
Found 13 outliers among 100 measurements (13.00%)
  2 (2.00%) low mild
  5 (5.00%) high mild
  6 (6.00%) high severe

License

Copyright 2018 Chia Network Inc and POA Networks Ltd.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Comments
  • sieve with bit-vec

    sieve with bit-vec

    I believe this improves sieve cache performance with the bit-vec crate, although I've some hiccup with cargo bench for testing this. This also fixes the confusing reference in #11

    opened by burdges 7
  • `cargo install` returns `error: `/Users/user/r/vdf` is not a crate root

    `cargo install` returns `error: `/Users/user/r/vdf` is not a crate root

    ➜  vdf git:(master) cargo install
    error: `/Users/user/r/vdf` is not a crate root; specify a crate to install from crates.io, or use --path or --git to specify an alternate source
    
    Caused by:
      found a virtual manifest at `/Users/user/r/vdf/Cargo.toml` instead of a package manifest
    
    opened by igorbarinov 3
  • proof_pietrzak Iterations

    proof_pietrzak Iterations

    May I ask why in https://github.com/poanetwork/vdf/blob/master/vdf/src/proof_pietrzak.rs#L45-L58

    the iteration number has to be even and >=66? I couldn't find evidence for it in:

    • https://eprint.iacr.org/2018/627.pdf
    • https://eprint.iacr.org/2018/712.pdf
    opened by HAOYUatHZ 2
  • hashing to primes

    hashing to primes

    In https://github.com/poanetwork/vdf/blob/master/vdf/src/create_discriminant.rs#L60 you choose a prime of the form n + m x where m has many small prime factors https://github.com/poanetwork/vdf/blob/master/vdf/build.rs#L82

    How does m having many prime factors improve uniformity for the prime? You site https://eprint.iacr.org/2011/401.pdf but I do not really know that literature so no explination jumped out at me.

    I suppose the second hashing-to-a-prime function hash_prime in https://github.com/poanetwork/vdf/blob/master/vdf/src/proof_wesolowski.rs#L112 can use a simpler algorithm because it generates only 128 bit primes.

    opened by burdges 2
  • The PietrzakVDF sample assert failed

    The PietrzakVDF sample assert failed

    I just want to develop a wrapper for golang , so trying to run with "cargo test", and the first and second asserts all failed

    extern crate vdf;
    
    #[cfg(test)]
    mod tests {
        #[test]
        fn it_works() {
            use vdf::{InvalidProof, PietrzakVDFParams, VDFParams, WesolowskiVDFParams, VDF};
            // The length of the prime numbers generated, in bits.
            const CORRECT_SOLUTION: &[u8] =
                b"\x00\x52\x71\xe8\xf9\xab\x2e\xb8\xa2\x90\x6e\x85\x1d\xfc\xb5\x54\x2e\x41\x73\xf0\x16\
             \xb8\x5e\x29\xd4\x81\xa1\x08\xdc\x82\xed\x3b\x3f\x97\x93\x7b\x7a\xa8\x24\x80\x11\x38\
             \xd1\x77\x1d\xea\x8d\xae\x2f\x63\x97\xe7\x6a\x80\x61\x3a\xfd\xa3\x0f\x2c\x30\xa3\x4b\
             \x04\x0b\xaa\xaf\xe7\x6d\x57\x07\xd6\x86\x89\x19\x3e\x5d\x21\x18\x33\xb3\x72\xa6\xa4\
             \x59\x1a\xbb\x88\xe2\xe7\xf2\xf5\xa5\xec\x81\x8b\x57\x07\xb8\x6b\x8b\x2c\x49\x5c\xa1\
             \x58\x1c\x17\x91\x68\x50\x9e\x35\x93\xf9\xa1\x68\x79\x62\x0a\x4d\xc4\xe9\x07\xdf\x45\
             \x2e\x8d\xd0\xff\xc4\xf1\x99\x82\x5f\x54\xec\x70\x47\x2c\xc0\x61\xf2\x2e\xb5\x4c\x48\
             \xd6\xaa\x5a\xf3\xea\x37\x5a\x39\x2a\xc7\x72\x94\xe2\xd9\x55\xdd\xe1\xd1\x02\xae\x2a\
             \xce\x49\x42\x93\x49\x2d\x31\xcf\xf2\x19\x44\xa8\xbc\xb4\x60\x89\x93\x06\x5c\x9a\x00\
             \x29\x2e\x8d\x3f\x46\x04\xe7\x46\x5b\x4e\xee\xfb\x49\x4f\x5b\xea\x10\x2d\xb3\x43\xbb\
             \x61\xc5\xa1\x5c\x7b\xdf\x28\x82\x06\x88\x5c\x13\x0f\xa1\xf2\xd8\x6b\xf5\xe4\x63\x4f\
             \xdc\x42\x16\xbc\x16\xef\x7d\xac\x97\x0b\x0e\xe4\x6d\x69\x41\x6f\x9a\x9a\xce\xe6\x51\
             \xd1\x58\xac\x64\x91\x5b";
    
            let num_bits: u16 = 2048;
    
            // An instance of the VDF.  Instances can be used arbitrarily many times.
            let pietrzak_vdf = PietrzakVDFParams(num_bits).new();
    
            // Solve for the correct answer.  This will take a minute or two.
            assert_eq!(
                &pietrzak_vdf.solve(b"\xaa", 10000).unwrap()[..],
                CORRECT_SOLUTION
            );
    
            // Verify the answer.  This should be far faster (less than a second).
            assert!(pietrzak_vdf
                .verify(b"\xaa", 10000, CORRECT_SOLUTION)
                .is_ok());
        }
    }
    
    

    the test mod pops up message as follows:

    assert 1:

    running 1 test
    test tests::it_works ... FAILED
    
    failures:
    
    ---- tests::it_works stdout ----
    thread 'tests::it_works' panicked at 'assertion failed: `(left == right)`
      left: `[0, 24, 200, 140, 34, 152, 38, 114, 221, 25, 185, 125, 182, 169, 248, 182, 212, 14, 7, 2, 35, 97, 15, 19, 47, 152, 30, 30, 213, 129, 213, 94, 59, 193, 11, 249, 24, 2, 153, 3, 175, 64, 54, 155, 177, 191, 50, 81, 158, 1, 191, 219, 236, 104, 95, 110, 95, 114, 22, 212, 192, 208, 50, 25, 126, 12, 188, 176, 51, 76, 16, 242, 112, 168, 59, 76, 38, 68, 223, 65, 235, 58, 112, 212, 169, 224, 168, 205, 12, 173, 6, 235, 126, 140, 152, 95, 169, 147, 182, 128, 13, 243, 74, 254, 133, 137, 150, 188, 44, 230, 188, 216, 167, 39, 229, 131, 23, 133, 142, 11, 90, 215, 166, 20, 126, 232, 166, 67, 242, 0, 11, 4, 34, 31, 99, 140, 21, 175, 225, 167, 176, 93, 180, 173, 132, 12, 86, 188, 193, 66, 139, 64, 109, 86, 96, 104, 180, 127, 234, 112, 210, 131, 38, 200, 14, 86, 185, 200, 33, 219, 129, 101, 30, 169, 46, 8, 122, 41, 5, 55, 206, 152, 131, 148, 0, 62, 38, 211, 87, 222, 232, 155, 58, 193, 234, 5, 205, 160, 8, 236, 163, 59, 127, 144, 135, 88, 19, 215, 208, 22, 27, 186, 2, 69, 49, 63, 182, 55, 196, 68, 112, 244, 173, 136, 137, 98, 86, 252, 41, 189, 246, 151, 178, 246, 151, 112, 38, 93, 235, 21, 253, 175, 169, 7, 85, 246, 155, 7, 92, 193, 177, 108, 100, 46, 57, 149, 195, 133, 0, 71, 186, 196, 250, 85, 89, 156, 192, 170, 58, 152, 209, 198, 8, 141, 84, 26, 190, 200, 124, 218, 225, 39, 187, 147, 90, 123, 210, 242, 18, 5, 159, 34, 142, 87, 200, 153, 220, 149, 203, 232, 223, 172, 219, 22, 211, 232, 29, 143, 193, 142, 182, 79, 254, 205, 7, 83, 45, 127, 163, 229, 155, 125, 168, 134, 71, 71, 137, 248, 66, 243, 133, 26, 67, 84, 196, 35, 237, 3, 224, 4, 88, 236, 113, 120, 222, 56, 88, 167, 99, 108, 163, 47, 217, 19, 16, 197, 183, 119, 180, 115, 160, 218, 6, 126, 56, 135, 201, 153, 249, 8, 44, 55, 26, 174, 194, 153, 90, 138, 171, 10, 0, 28, 97, 147, 87, 238, 221, 255, 223, 9, 210, 221, 243, 171, 127, 47, 58, 158, 38, 38, 87, 182, 117, 80, 192, 13, 214, 42, 39, 71, 64, 126, 141, 149, 52, 118, 163, 7, 76, 210, 223, 175, 77, 131, 57, 84, 81, 64, 159, 255, 140, 34, 20, 18, 143, 203, 19, 31, 55, 154, 200, 51, 172, 182, 3, 202, 111, 66, 44, 240, 223, 70, 102, 213, 127, 127, 170, 164, 160, 92, 42, 164, 191, 221, 130, 3, 126, 184, 20, 117, 121, 85, 86, 91, 177, 146, 70, 199, 219, 111, 38, 205, 200, 181, 104, 158, 14, 84, 213, 24, 192, 17, 155, 21, 34, 240, 189, 153, 120, 130, 128, 192, 78, 27, 107, 34, 160, 65, 22, 58, 252, 103, 220, 178, 241, 9, 0, 49, 150, 95, 25, 244, 61, 35, 221, 154, 192, 187, 128, 209, 182, 235, 154, 86, 199, 127, 182, 77, 54, 101, 203, 182, 184, 62, 41, 157, 246, 197, 161, 229, 54, 162, 50, 223, 104, 37, 21, 229, 80, 49, 178, 222, 27, 66, 31, 78, 79, 166, 165, 161, 181, 84, 179, 217, 214, 80, 116, 57, 71, 242, 1, 32, 113, 187, 111, 66, 41, 1, 167, 48, 93, 55, 108, 129, 208, 81, 126, 38, 239, 174, 24, 85, 44, 81, 67, 178, 113, 110, 110, 206, 72, 200, 231, 32, 66, 142, 86, 201, 76, 211, 18, 177, 223, 11, 236, 6, 57, 188, 249, 23, 120, 164, 138, 146, 14, 172, 225, 124, 177, 190, 115, 157, 2, 180, 22, 0, 14, 226, 106, 252, 34, 93, 35, 242, 235, 233, 156, 34, 158, 111, 64, 100, 117, 60, 161, 87, 37, 125, 33, 194, 173, 226, 157, 128, 125, 19, 206, 112, 206, 20, 148, 6, 32, 40, 88, 85, 209, 4, 140, 225, 5, 32, 219, 101, 78, 124, 178, 212, 93, 12, 25, 62, 63, 41, 221, 165, 37, 244, 252, 249, 26, 118, 38, 152, 154, 52, 42, 248, 198, 115, 45, 65, 83, 130, 118, 180, 217, 227, 135, 36, 96, 112, 52, 83, 99, 164, 183, 180, 42, 137, 194, 218, 32, 49, 215, 141, 162, 187, 203, 91, 175, 10, 55, 251, 122, 5, 13, 45, 101, 254, 179, 199, 10, 115, 142, 183, 145, 107, 253, 248, 69, 45, 90, 5, 0, 52, 94, 181, 240, 239, 85, 41, 174, 33, 132, 139, 25, 167, 90, 48, 195, 250, 87, 180, 147, 205, 216, 96, 119, 234, 134, 127, 129, 210, 82, 21, 175, 159, 89, 92, 206, 16, 210, 195, 111, 178, 255, 84, 202, 208, 242, 249, 111, 71, 241, 174, 130, 116, 245, 114, 240, 215, 17, 190, 89, 0, 57, 67, 33, 205, 36, 130, 76, 63, 152, 172, 154, 2, 16, 128, 244, 185, 52, 159, 16, 7, 81, 115, 5, 138, 216, 242, 82, 145, 227, 46, 69, 176, 89, 56, 209, 175, 208, 20, 189, 16, 182, 118, 33, 229, 201, 73, 7, 177, 32, 1, 152, 243, 153, 225, 216, 146, 113, 198, 30, 229, 215, 219, 111, 9, 243, 151, 102, 0, 38, 75, 142, 56, 231, 43, 141, 80, 42, 11, 13, 223, 123, 115, 62, 42, 163, 212, 78, 37, 227, 154, 13, 112, 207, 225, 249, 211, 213, 29, 81, 230, 52, 152, 123, 139, 234, 45, 131, 255, 116, 23, 127, 168, 62, 95, 166, 95, 17, 88, 110, 86, 227, 248, 87, 73, 155, 92, 190, 129, 170, 34, 177, 55, 180, 192, 39, 165, 165, 71, 219, 111, 34, 228, 210, 235, 247, 84, 61, 106, 118, 146, 93, 65, 97, 85, 39, 160, 120, 79, 241, 143, 129, 206, 107, 4, 83, 123, 240, 29, 219, 170, 74, 107, 29, 0, 86, 139, 107, 218, 97, 241, 156, 161, 59, 105, 141, 106, 47, 165, 234, 156, 1, 236, 196, 147, 62, 231, 0, 82, 19, 166, 1, 109, 69, 107, 172, 246, 25, 146, 229, 221, 68, 248, 50, 188, 145, 130, 245, 189, 255, 225, 132, 7, 189, 84, 147, 214, 116, 154, 161, 221, 26, 96, 112, 172, 47, 233, 50, 17, 98, 211, 225, 183, 92, 119, 161, 137, 44, 88, 43, 213, 11, 61, 140, 85, 211, 50, 20, 141, 66, 203, 108, 11, 164, 5, 173, 84, 17, 167, 70, 67, 82, 246, 185, 97, 244, 25, 26, 203, 189, 198, 248, 249, 177, 221, 180, 116, 245, 193, 173, 227, 93, 113, 2, 195, 223, 154, 77, 199, 76, 238, 87, 121, 207, 97, 134, 33, 146, 231, 241, 37, 14, 165, 30, 57, 177, 189, 130, 193, 159, 160, 145, 180, 178, 0, 163, 255, 223, 27, 184, 65, 3, 73, 75, 2, 236, 182, 229, 89, 106, 230, 108, 7, 56, 14, 58, 55, 52, 42, 26, 140, 167, 126, 3, 133, 19, 218, 59, 55, 216, 149, 168, 165, 168, 133, 106, 13, 190, 210, 228, 92, 124, 71, 188, 33, 189, 115, 187, 53, 183, 179, 159, 205, 193, 101, 21, 212, 189, 249, 231, 56, 8, 171, 136, 25, 63, 156, 255, 0, 187, 230, 125, 92, 74, 55, 220, 234, 212, 190, 193, 83, 39, 34, 113, 54, 226, 121, 210, 40, 201, 215, 250, 176, 227, 76, 67, 132, 148, 9, 106, 138, 4, 133, 221, 88, 110, 211, 243, 53, 192, 62, 220, 217, 59, 95, 54, 150, 55, 99, 248, 245, 182, 185, 25, 233, 0, 0, 235, 230, 79, 16, 1, 9, 223, 200, 58, 132, 248, 67, 29, 137, 25, 133, 164, 5, 81, 76, 95, 100, 87, 57, 40, 42, 252, 92, 249, 100, 200, 151, 128, 51, 58, 112, 117, 145, 141, 237, 79, 233, 255, 16, 183, 249, 151, 191, 77, 105, 215, 40, 147, 184, 250, 86, 210, 9, 169, 117, 49, 107, 210, 242, 24, 245, 35, 64, 245, 198, 7, 144, 199, 87, 124, 245, 198, 191, 198, 169, 101, 173, 237, 141, 219, 72, 40, 112, 119, 232, 251, 127, 92, 18, 89, 96, 147, 99, 223, 248, 13, 97, 171, 197, 132, 179, 218, 66, 96, 247, 232, 149, 154, 182, 181, 238, 121, 86, 236, 211, 80, 51, 42, 176, 50, 252, 199, 0, 0, 138, 153, 192, 52, 210, 223, 194, 137, 115, 236, 168, 40, 30, 205, 71, 10, 53, 97, 127, 59, 142, 250, 211, 111, 43, 237, 54, 110, 63, 150, 107, 214, 120, 96, 253, 23, 20, 124, 249, 101, 240, 250, 141, 85, 213, 171, 255, 174, 145, 61, 9, 235, 221, 184, 4, 57, 31, 242, 59, 35, 251, 74, 253, 251, 63, 85, 188, 145, 239, 157, 200, 93, 179, 202, 201, 208, 211, 188, 63, 83, 109, 92, 29, 42, 6, 133, 67, 123, 106, 108, 136, 30, 197, 205, 201, 175, 152, 181, 8, 26, 182, 52, 167, 59, 65, 154, 105, 39, 175, 191, 114, 34, 60, 36, 95, 135, 253, 80, 22, 73, 171, 184, 216, 240, 36, 23, 105, 0, 19, 8, 67, 207, 18, 3, 138, 144, 68, 171, 239, 236, 212, 227, 188, 199, 50, 9, 145, 251, 146, 203, 111, 29, 220, 126, 48, 172, 206, 198, 227, 76, 179, 54, 92, 48, 136, 162, 142, 76, 158, 73, 140, 80, 92, 163, 196, 75, 158, 156, 227, 58, 31, 187, 248, 217, 77, 74, 50, 101, 137, 91, 123, 223, 81, 189, 45, 17, 240, 216, 182, 195, 108, 69, 128, 58, 33, 217, 24, 201, 121, 139, 141, 128, 144, 99, 236, 66, 210, 27, 138, 123, 75, 10, 240, 31, 8, 69, 248, 222, 40, 13, 223, 109, 129, 38, 145, 189, 216, 118, 111, 223, 117, 136, 172, 49, 136, 94, 192, 224, 125, 220, 14, 51, 217, 75, 25, 60, 0, 17, 90, 136, 133, 198, 10, 32, 180, 200, 129, 149, 213, 126, 158, 71, 156, 234, 154, 217, 114, 2, 214, 231, 46, 200, 42, 52, 213, 48, 141, 56, 194, 117, 96, 147, 174, 232, 255, 124, 60, 30, 46, 197, 103, 48, 19, 227, 234, 166, 0, 138, 63, 204, 97, 238, 238, 79, 178, 234, 215, 67, 62, 125, 29, 73, 242, 85, 14, 3, 134, 22, 218, 138, 184, 248, 201, 155, 33, 86, 90, 208, 24, 202, 156, 210, 67, 251, 8, 106, 14, 57, 126, 205, 27, 42, 209, 74, 72, 212, 175, 199, 124, 5, 92, 93, 98, 76, 236, 46, 191, 147, 28, 209, 201, 24, 20, 3, 200, 65, 103, 138, 73, 61, 212, 32, 145, 148, 67, 0, 49, 80, 94, 59, 86, 203, 219, 145, 84, 64, 111, 253, 149, 234, 34, 187, 24, 222, 78, 176, 52, 35, 253, 179, 110, 236, 189, 189, 164, 112, 57, 205, 216, 172, 30, 166, 55, 251, 128, 81, 192, 180, 49, 40, 174, 116, 171, 18, 48, 113, 187, 59, 15, 174, 202, 119, 23, 89, 192, 225, 115, 37, 8, 207, 38, 124, 113, 100, 102, 222, 233, 247, 53, 122, 233, 128, 136, 40, 67, 26, 93, 226, 165, 58, 11, 71, 1, 48, 27, 152, 206, 54, 245, 50, 203, 79, 234, 249, 35, 192, 62, 79, 51, 31, 218, 241, 48, 68, 192, 130, 245, 9, 69, 128, 150, 191, 71, 34, 153, 92, 181, 82, 127, 72, 170, 183, 35, 183, 255, 233, 14, 52, 229, 62, 47, 105, 173, 206, 205, 151, 31, 55, 77, 252, 205, 2, 82, 128, 203, 118, 48, 193, 213, 133, 155, 123, 108, 181, 19, 138, 176, 139, 139, 165, 62, 138, 212, 198, 149, 103, 13, 115, 70, 183, 220, 44, 90, 91, 173, 65, 22, 202, 190, 12, 193, 27, 0, 151, 249, 170, 3, 23, 191, 98, 144, 184, 179, 241, 154, 186, 5, 194, 121, 189, 195, 20, 225, 41, 63, 190, 189, 3, 3, 236, 179, 5, 223, 243, 217, 58, 254, 175, 253, 113, 179, 122, 95, 99, 73, 3, 148, 48, 15, 112, 38, 141, 59, 164, 156, 163, 176, 150, 37, 92, 235, 109, 25, 72, 188, 115, 227, 133, 85, 76, 243, 13, 103]`,
     right: `[0, 82, 113, 232, 249, 171, 46, 184, 162, 144, 110, 133, 29, 252, 181, 84, 46, 65, 115, 240, 22, 184, 94, 41, 212, 129, 161, 8, 220, 130, 237, 59, 63, 151, 147, 123, 122, 168, 36, 128, 17, 56, 209, 119, 29, 234, 141, 174, 47, 99, 151, 231, 106, 128, 97, 58, 253, 163, 15, 44, 48, 163, 75, 4, 11, 170, 175, 231, 109, 87, 7, 214, 134, 137, 25, 62, 93, 33, 24, 51, 179, 114, 166, 164, 89, 26, 187, 136, 226, 231, 242, 245, 165, 236, 129, 139, 87, 7, 184, 107, 139, 44, 73, 92, 161, 88, 28, 23, 145, 104, 80, 158, 53, 147, 249, 161, 104, 121, 98, 10, 77, 196, 233, 7, 223, 69, 46, 141, 208, 255, 196, 241, 153, 130, 95, 84, 236, 112, 71, 44, 192, 97, 242, 46, 181, 76, 72, 214, 170, 90, 243, 234, 55, 90, 57, 42, 199, 114, 148, 226, 217, 85, 221, 225, 209, 2, 174, 42, 206, 73, 66, 147, 73, 45, 49, 207, 242, 25, 68, 168, 188, 180, 96, 137, 147, 6, 92, 154, 0, 41, 46, 141, 63, 70, 4, 231, 70, 91, 78, 238, 251, 73, 79, 91, 234, 16, 45, 179, 67, 187, 97, 197, 161, 92, 123, 223, 40, 130, 6, 136, 92, 19, 15, 161, 242, 216, 107, 245, 228, 99, 79, 220, 66, 22, 188, 22, 239, 125, 172, 151, 11, 14, 228, 109, 105, 65, 111, 154, 154, 206, 230, 81, 209, 88, 172, 100, 145, 91]`', src/lib.rs:30:9
    note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
    
    
    failures:
        tests::it_works
    
    test result: FAILED. 0 passed; 1 failed; 0 ignored; 0 measured; 0 filtered out; finished in 2.10s
    

    assert 2:

    thread 'tests::it_works' panicked at 'assertion failed: pietrzak_vdf.verify(b\"\\xaa\", 10000, CORRECT_SOLUTION).is_ok()', src/lib.rs:36:9
    
    opened by AlexiaChen 1
  • approximate_parameters()

    approximate_parameters()

    https://github.com/poanetwork/vdf/blob/c740ef3b9a4b4663b672ada93bb1c9ba0c80a965/vdf/src/proof_wesolowski.rs#L69-L89

    I search for "approximat" in https://eprint.iacr.org/2018/623.pdf and it leads me to section 3.1 and section 4.3. However, none of them seems implying the logic in the above codes.

    Why calculate l & k this way? Which part of the paper should I refer to?

    opened by HAOYUatHZ 1
  • Low performance on AMD Ryzen

    Low performance on AMD Ryzen

    Both Pietrzak and Wesolowski functions are about 10-20x times slower on AMD CPUs:

    Intel(R) Xeon(R) Platinum 8175M CPU @ 2.50GHz:

    time vdf-cli -t pietrzak aa 100 005271e8f9ab2eb8a2906e851dfcb5542e4173f016b85e29d481a108dc82ed3b3f97937b7aa824801138d1771dea8dae2f6397e76a80613afda30f2c30a34b040baaafe76d5707d68689193e5d211833b372a6a4591abb88e2e7f2f5a5ec818b5707b86b8b2c495ca1581c179168509e3593f9a16879620a4dc4e907df452e8dd0ffc4f199825f54ec70472cc061f22eb54c48d6aa5af3ea375a392ac77294e2d955dde1d102ae2ace494293492d31cff21944a8bcb4608993065c9a00292e8d3f4604e7465b4eeefb494f5bea102db343bb61c5a15c7bdf288206885c130fa1f2d86bf5e4634fdc4216bc16ef7dac970b0ee46d69416f9a9acee651d158ac64915b                                                                                                    
    Proof is valid                                                                                                                       
                                                                                                                                         
    real    0m0.944s
    user    0m0.944s
    sys     0m0.000s
    

    AMD Ryzen 7 2700X Eight-Core Processor:

    time vdf-cli -t pietrzak aa 100 005271e8f9ab2eb8a2906e851dfcb5542e4173f016b85e29d481a108dc82ed3b3f97937b7aa824801138d1771dea8dae2f6397e76a80613afda30f2c30a34b040baaafe76d5707d68689193e5d211833b372a6a4591abb88e2e7f2f5a5ec818b5707b86b8b2c495ca1581c179168509e3593f9a16879620a4dc4e907df452e8dd0ffc4f199825f54ec70472cc061f22eb54c48d6aa5af3ea375a392ac77294e2d955dde1d102ae2ace494293492d31cff21944a8bcb4608993065c9a00292e8d3f4604e7465b4eeefb494f5bea102db343bb61c5a15c7bdf288206885c130fa1f2d86bf5e4634fdc4216bc16ef7dac970b0ee46d69416f9a9acee651d158ac64915b                                                                                                    
    Proof is valid
    
    real	0m12,991s
    user	0m12,988s
    sys	0m0,000s
    

    cpuinfo:

    processor	: 0
    vendor_id	: AuthenticAMD
    cpu family	: 23
    model		: 8
    model name	: AMD Ryzen 7 2700X Eight-Core Processor
    stepping	: 2
    microcode	: 0x800820b
    cpu MHz		: 1822.593
    cache size	: 512 KB
    physical id	: 0
    siblings	: 16
    core id		: 0
    cpu cores	: 8
    apicid		: 0
    initial apicid	: 0
    fpu		: yes
    fpu_exception	: yes
    cpuid level	: 13
    wp		: yes
    flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate sme ssbd sev ibpb vmmcall fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca
    bugs		: sysret_ss_attrs null_seg spectre_v1 spectre_v2 spec_store_bypass
    bogomips	: 7385.43
    TLB size	: 2560 4K pages
    clflush size	: 64
    cache_alignment	: 64
    address sizes	: 43 bits physical, 48 bits virtual
    power management: ts ttp tm hwpstate cpb eff_freq_ro [13] [14]
    
    opened by rtsisyk 1
  • Add a musl build target

    Add a musl build target

    There are issues caused by dynamic linking if we try to build the crate to wasm32, see #16 for details. GMP can supports a musl target. We should support it too and allow static linking. That should hopefully resolve the issues with wasm32 linking.

    opened by vkomenda 0
  • WebAssembly support

    WebAssembly support

    Hi, I'm trying to compile VDF library to WebAssembly so that it can be used in Browser and Node.js enviroments for Subspace project. I'm having a lot of difficulties with this endeavor (some of the major pain points being glibc and gmp libraries), but hoping to get it working eventually.

    Would you be interested in having WebAssembly support in this repo, helping in any way or any other thoughts on the topic? I'd prefer to upstream all the work in this direction so that it can be kept up to date with any changes happening to source code.

    opened by nazar-pc 12
  • Use an XOF like Shake128

    Use an XOF like Shake128

    I'd suggest using either shake128 or blake2x for the two places where you sample considerable data in create_discriminant.rs and proof_wesolowski.rs. It's only a negligible impact on performance, but it just looks ugly to roll you own stream cipher with sha2.

    We could easily use sha2 for hashing and chacha20 for output, but this requires using another crate and algorithm. Shake128 is a keccak based hash function together with an extensible output function (XOF). Blake2x is a chacha based hash with an XOF. So either gives everything requires with only one dependency.

    I selected shake128 over blake2x based on prevalence and the promise that keccak implemented easily in hardware, which matters if this ever gets made into an ASIC. As an aside, shake128/shake256 are always preferred over SHA3 because NIST senselessly conflated security level with output bits in the SHA3 competition.

    In this PR, I've only switched the usage in proof_wesolowski.rs so far because altering create_discriminant.rs would change the test vectors. If you've nothing in production, then we should change create_discriminant.rs too, and maybe remove test vectors until things stabilize. If anyone has this in production, then we should create a feature or something because even this PR breaks the non-existent test vectors for the VDF itself.

    opened by burdges 2
Releases(v0.1.0)
Owner
We focus on the tools and infrastructure that matter most to blockchain users and developers.
null
it aims to augment git with primitives to build integrated, cryptographically verifiable collaboration workflows around source code

it aims to augment git with primitives to build integrated, cryptographically verifiable collaboration workflows around source code. It maintains the distributed property of git, not requiring a central server. it is transport agnostic, and permits data dissemination in client-server, federated, as well as peer-to-peer network topologies.

Kim Altintop 4 Jan 16, 2023
Verifiable and confidential computation based on ZKP and FHE, powered by risc0 zkVM.

zkFHE Verifiable and confidential computation based on ZKP and FHE, powered by risc0 zkVM. A PoC to demonstrate an approach for private computation on

Emiliano Bonassi 29 Apr 25, 2023
Shellcode Runner/Injector in Rust using NTDLL functions directly with the ntapi Library

RustSCRunner Shellcode Runner/Injector in Rust using NTDLL functions directly with the ntapi Library. Surprisingly this is my first ever Rust project

null 86 Dec 18, 2021
Rust library crate providing utility functions for diff and patch of slices

This crate provides the Change enum as an abstraction for diff::Result, lcs_diff::DiffResult, and wu_diff::DiffResult; the diff_changes(), diff_diff()

qtfkwk 5 Oct 19, 2022
Generate HTML source files from rust functions!

Htmlificator This crate provides an element struct which can be displayed as HTML. License This crate is licensed under the MIT license Credit This cr

Isotoxal 2 Nov 7, 2022
Tool for mass import of hosts into Zabbix (and other API functions)

zabbix-tools A CLI tool for interacting with Zabbix API built in Rust. Designed for Zabbix 6.0. Functions added to test API and add hosts manually or

null 1 Apr 21, 2022
A lightweight command line utility with some small functions for CTFs.

Ice Ice is a lightweight command line utility to help with simple problems encountered while playing CTFs. Extracted from graveyard NOTE: Most of the

Aquib 12 Dec 19, 2022
Universal Windows library for discovering common render engines functions. Supports DirectX9 (D3D9), DirectX10 (D3D10), DirectX11 (D3D11), DirectX12 (D3D12).

Shroud Universal library for discovering common render engines functions. Supports DirectX9 (D3D9), DirectX10 (D3D10), DirectX11 (D3D11), DirectX12 (D

Chase 6 Dec 10, 2022
This crate provides a set of functions to generate SQL statements for various PostgreSQL schema objects

This crate provides a set of functions to generate SQL statements for various PostgreSQL schema objects, such as tables, views, materialized views, functions, triggers, and indexes. The generated SQL statements can be useful for schema introspection, documentation, or migration purposes.

Tyr Chen 11 Apr 4, 2023
Striving to create a great Application with full functions of learning languages by ChatGPT, TTS, STT and other awesome AI models

Striving to create a great Application with full functions of learning languages by ChatGPT, TTS, STT and other awesome AI models, supports talking, speaking assessment, memorizing words with contexts, Listening test, so on.

null 155 Apr 20, 2023
Supporting code for the paper "Optimized Homomorphic Evaluation of Boolean Functions" submitted to Eurocrypt 2024

This repository contains the code related to the paper Optimized Homomorphic Evaluation of Boolean Functions. The folder search_algorithm contains the

CryptoExperts 3 Oct 23, 2023
A SIMD implementation of Keccak256 for aarch64, forked from Remco Bloeman's Goldilocks K12 implementation.

keccak256-aarch64 Warning This crate was forked from real cryptographers (Goldilocks by Remco Bloeman), by not a real cryptographer. Do not use this k

null 6 Oct 24, 2023
Readline Implementation in Rust

RustyLine Readline implementation in Rust that is based on Antirez' Linenoise Supported Platforms Unix (tested on FreeBSD, Linux and macOS) Windows cm

Katsu Kawakami 1.1k Dec 29, 2022
Rust implementation of the termbox library

Rustbox Rustbox is a Rust implementation of termbox. Currently, this is just a wrapper of the C library by nsf, though my plan is to convert it to be

Greg Chapple 462 Dec 19, 2022
A very fast implementation of tldr in Rust

A very fast implementation of tldr in Rust: Simplified, example based and community-driven man pages.

Danilo Bargen 2.9k Dec 31, 2022
A compact implementation of connect four written in rust.

connect-four A compact implementation of connect four written in rust. Run the game At the moment there no pre-built binaries - but you can build it l

Maximilian Schulke 12 Jul 31, 2022
Baby's first Rust CLI project. Basic implementation of grep. Written in about 100 SLOC.

minigrep Coding project from Chapter 12 of the The Rust Programming Language book. Usage Compile and run as so minigrep QUERY FILENAME QUERY being the

Anis 2 Oct 2, 2021
A Decimal Implementation written in pure Rust suitable for financial calculations.

Decimal   A Decimal implementation written in pure Rust suitable for financial calculations that require significant integral and fractional digits wi

Paul Mason 702 Jan 5, 2023