Verifiable Delay Function

Filecoin's Proof-of-Replication (PoRep) originally incorporated a VDF-based Seal operation. The VDF enforced a mandatory, verifiable time delay during the process of encoding storage data, proving that a miner was dedicating real storage space and computation over time, rather than cheating by generating proofs on-demand. This made the cost of generating a proof align with the cost of storing the data.

VDFs enable non-interactive timelock puzzles, where a secret can be encrypted so that it can only be decrypted after a specific, verifiable amount of sequential computation has been performed. This has applications in:

• Sealed-bid auctions: Revealing bids after a fixed delay.
• Key escrow: Recovering keys after a set time period.
• Vesting schedules: Programmatically releasing funds without a trusted third party.

On-chain gaming and NFT projects require provably fair randomness for loot boxes, matchmaking, or trait generation. A VDF-based randomness beacon provides a solution that is:

• Unpredictable: The output cannot be known before the delay elapses.
• Bias-resistant: Miners/validators cannot influence the result.
• Verifiable: Anyone can cheaply verify the correctness of the random output after the fact, ensuring transparency and fairness.

VDFs can be used to implement proofs of sequential work for rate-limiting and anti-spam mechanisms. By requiring a message sender to compute a VDF, the protocol imposes a mandatory, non-parallelizable time cost for actions like creating new identities or submitting transactions. This creates a sybil-resistant gate that is fair (cost is time, not hardware) and verifiable, preventing spam without relying on transaction fees alone.

VDFs are a core component of publicly verifiable randomness beacons, which generate unpredictable random numbers for smart contracts and protocols. A common design, like Randao, uses a commit-reveal scheme where the final random output is the hash of all participants' reveals. A VDF is applied to this hash before publication, preventing the last revealer from manipulating the result by withholding their submission, as they cannot compute the final output faster than anyone else. This creates manipulation-resistant randomness for lotteries, gaming, and protocol upgrades.

VDFs can function as a non-interactive and energy-efficient alternative to traditional Proof of Work (PoW). Instead of burning electricity on parallelizable hash puzzles, a VDF-based proof requires a specific, unavoidable elapsed time of computation. This can be used for anti-spam mechanisms, rate limiting, or client puzzles where the goal is to prove that a real-world time interval has passed, not that immense computational power was expended. This is sometimes called Proof-of-Ellapsed-Time (PoET).

VDFs enhance the security of various cryptographic protocols by adding a timed-release or delay-enforced component. Key applications include:

• Preventing Front-Running: In blockchain transaction markets, a VDF can delay the processing of transactions to reduce the advantage of automated bots.
• Secure Multi-Party Computation (MPC): Enforcing a delay before output can be computed, preventing rushing attacks.
• Time-Lock Puzzles & Encryption: Creating messages or values that can only be decrypted or accessed after a specific, verifiable amount of time has passed.

A cryptographic function that produces a pseudorandom output and a proof of its correctness from a given input and secret key. VDFs and VRFs are often combined:

• VRF provides unpredictable, bias-resistant randomness.
• VDF adds a mandatory time delay to that randomness, preventing last-revealer attacks in protocols like leader election or lotteries. This combination is used in Chia's consensus.

A concept where a secret is encrypted so that it can only be decrypted after a specific amount of sequential computation has been performed. A VDF is a cryptographic instantiation of a time-lock puzzle.

• It provides a way to "send a message into the future" with a verifiable release time.
• This is foundational for applications like sealed-bid auctions, where bids must be revealed simultaneously after a deadline.

A function where the computation cannot be parallelized; each step depends on the output of the previous step. This is the core property that defines a VDF.

• Contrast with Hash Functions: Computing SHA-256 is massively parallelizable (e.g., in ASIC miners).
• A VDF's sequentiality enforces a real-world time delay, which is crucial for creating cryptographic timestamps and securing proof-of-stake protocols against grinding attacks.

The two main practical constructions for Verifiable Delay Functions, forming the basis for most implementations.

• Wesolowski VDF: Produces a short, efficient proof. Used in Chia Network.
• Pietrzak VDF: Uses a different interactive proof system that is also highly practical.
• Both rely on repeated sequential squaring in a group of unknown order (like an RSA group or a class group) to create the delay, with a fast verification step.