Lattice-Based Simulatable VRFs: Challenges and Future Directions

Lattice-based cryptography is evolving rapidly and is often employed to design cryptographic primitives that hold a great promise to be post-quantum resistant and can be employed in multiple application settings such as: e-cash, unique digital signatures, non-interactive lottery and others. In such
application scenarios, a user is often required to prove non-interactively the correct computation of
a pseudo-random function Fk(x) without revealing the secret key k used. Commitment schemes are
also useful in application settings requiring to commit to a chosen but secret value that could be revealed later. In this short paper, we provide our insights on constructing a lattice-based simulatable
verifiable random function (sVRF) using non interactive zero knowledge arguments and dual-mode
commitment schemes and we point out the main challenges that need to be addressed in order to
achieve it.