Verifiable Delay Functions Fail Random Oracle Model Security → Research

Two circular metallic objects, positioned with one slightly behind the other, showcase transparent blue sections revealing intricate internal mechanical movements. Visible components include precision gears, ruby jewel bearings, and a balance wheel, all encased within a polished silver-toned frame, resting on a light grey surface

The image displays a detailed view of a sophisticated, futuristic mechanism, predominantly featuring metallic silver components and translucent blue elements with intricate, bubbly textures. A prominent central lens and a smaller secondary lens are visible, alongside other circular structures and a slotted white panel on the left, suggesting advanced data capture and processing capabilities

Briefing

This research resolves a major open problem by formally proving that Verifiable Delay Functions (VDFs) cannot exist in the Random Oracle Model (ROM), the common idealization for hash functions. The breakthrough is a non-existence proof demonstrating that any black-box construction of a VDF from standard primitives, such as one-way functions, can be trivially broken by a fast adversary in the ROM. This finding fundamentally re-architects the security basis for all decentralized systems relying on VDFs for provably fair randomness generation and transaction ordering, compelling them to move away from generic hash function assumptions toward complex, structured number-theoretic assumptions.

A detailed view presents a sharp diagonal divide, separating a structured, white and light grey modular interface from a vibrant, dark blue liquid field filled with effervescent bubbles. A central, dark metallic conduit acts as a critical link between these two distinct environments, suggesting a sophisticated processing unit

Context

Before this work, Verifiable Delay Functions were a critical theoretical tool, designed to enforce a minimum sequential computation time, which is essential for mitigating frontrunning and generating unbiasable public randomness in Proof-of-Stake consensus. The prevailing challenge was to establish their security under the weakest possible, most generic assumptions, specifically the Random Oracle Model, to ensure the primitive’s robustness regardless of the underlying cryptographic functions. The question of whether a black-box VDF construction could be proven secure in this model remained a foundational, unsolved problem in cryptographic theory.

The image displays a detailed close-up of a metallic, interconnected structural lattice, featuring numerous spherical nodes joined by cylindrical rods. A prominent central node exhibits a distinct knurled texture, set against a blurred, translucent blue background with subtle water droplets

Analysis

The paper’s core mechanism is a proof of impossibility, leveraging advanced oracle-presampling techniques. The logic dictates that a fast-computing adversary, which can query the Random Oracle (idealized hash function) a large number of times, can effectively simulate the VDF’s output much faster than the designated sequential delay time. The adversary’s speed is a function of its query complexity to the oracle, not the sequential computation steps. By showing the adversary can “pre-sample” the oracle’s outputs and use this information to construct a valid proof for a delayed computation in minimal time, the sequentiality property of the VDF is fundamentally violated under the ROM assumption.

A detailed close-up presents an intricate, metallic surface featuring raised silver pathways and deeply recessed, translucent blue channels. The structured design evokes advanced circuit layouts and specialized components, with a visible numerical sequence "24714992" embedded

Parameters

Security Model Invalidated → Random Oracle Model (ROM) – The idealized hash function model where the VDF non-existence is proven.
Primitives Ruled Out → One-Way Functions, One-Way Permutations – Standard cryptographic building blocks from which VDFs cannot be black-box constructed in the ROM.

The image displays a complex, highly polished metallic structure, featuring interconnected, twisting dark chrome elements against a soft, blurred deep blue background illuminated by subtle bokeh lights. The intricate design suggests a sophisticated, futuristic framework

Outlook

This negative result immediately shifts the research focus for VDFs toward constructions based on structured number-theoretic problems, such as the hardness of finding square roots in hidden order groups, which do not rely on the ROM. In the next three to five years, this will lead to a bifurcation → either protocols will adopt these more complex, non-ROM-based VDFs, or they will abandon VDFs entirely for randomness and fair ordering, driving new research into alternative MEV mitigation and decentralized randomness mechanisms that rely on different, provably secure cryptographic primitives.

A transparent, intricately structured pipeline, resembling interconnected data channels, showcases dynamic blue graphical elements within, indicative of on-chain metrics. Small effervescent particles adhere to the structure, suggesting real-time transaction throughput or distributed network activity

Verdict

This non-existence proof is a foundational theoretical correction, forcing a critical re-evaluation of the security assumptions underpinning all Verifiable Delay Function implementations in decentralized systems.

Cryptographic primitive, Verifiable Delay Function, Random Oracle Model, Non-existence proof, Black-box construction, Sequential computation, Fair transaction ordering, Decentralized randomness, Cryptographic assumption, Foundational security, Primitive limitations, Cryptographic model, Proof of impossibility, Delay function security, Consensus mechanism Signal Acquired from → eprint.iacr.org