Skip to content

feat: Add vrf_fun crate#223

Merged
nickfarrow merged 2 commits intomasterfrom
vrf_fun
Jul 28, 2025
Merged

feat: Add vrf_fun crate#223
nickfarrow merged 2 commits intomasterfrom
vrf_fun

Conversation

@LLFourn
Copy link
Owner

@LLFourn LLFourn commented Jun 23, 2025
edited
Loading

Summary

This PR adds the vrf_fun crate which implements VRF (Verifiable Random Function) for secp256k1.

Includes:

  • Full RFC 9381 compliant implementation with both TAI (Try-And-Increment) and RFC 9380 SSWU hash-to-curve methods
  • A "simple" VRF implementation that's more idiomatic sigma_fun style - appropriate when you don't need spec compliance
Conversation History

The main implementation involved:

  1. Implementing RFC 9381 VRF with proper inclusion of public key Y in challenge generation
  2. Supporting both TAI and RFC 9380 hash-to-curve methods
  3. DST construction for RFC 9381: "ECVRF_" || h2c_suite_ID_string || suite_string
  4. Using suite string 0xFE for TAI (compatibility) and 0xFF for RFC 9380 (our choice)
  5. Making it no_std compatible with zero-allocation DST construction
  6. Refactoring CompactProof to enable serde support
  7. Moving VerifiedRandomOutput methods to respective modules as functions
  8. Adding comprehensive test coverage with proptests and test vectors

🤖 Generated with Claude Code

@LLFourn LLFourn force-pushed the vrf_fun branch 4 times, most recently from e2444d1 to e4c50ab Compare June 24, 2025 01:24
LLFourn
LLFourn commented Jun 24, 2025
View reviewed changes
vrf_fun/src/vrf.rs
let fs = FiatShamir::new(self.dleq.clone(), self.transcript.clone(), None);
let witness = secret_key;
let statement = (public_key, (h, gamma));
let proof = fs.prove::<R>(&witness, &statement, None);
Copy link
Owner Author

@LLFourn LLFourn Jun 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should allow the user to pass through an rng here.

@LLFourn LLFourn mentioned this pull request Jun 24, 2025
Merged
nickfarrow
nickfarrow reviewed Jul 23, 2025
View reviewed changes
vrf_fun/src/rfc9381.rs
) -> Option<VerifiedRandomOutput> {
let vrf = Rfc9381TaiVrf::<H>::default();
let h = Point::hash_to_curve_rfc9381_tai::<H>(alpha, b"");
vrf.verify(public_key, h.normalize(), proof)
Copy link
Collaborator

@nickfarrow nickfarrow Jul 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding .normalize() was the only change I had to make after git cherry-picking this commit

nickfarrow
nickfarrow reviewed Jul 25, 2025
View reviewed changes
LLFourn and others added 2 commits July 28, 2025 21:55
@LLFourn @claude @nickfarrow
feat: Add vrf_fun crate
4dac27d 
Add VRF (Verifiable Random Function) implementation for secp256k1:
- Full RFC 9381 compliant implementation with both TAI and RFC 9380 SSWU methods
- Simple VRF implementation for non-spec-compliant use cases
- no_std support with optional std feature
- Serde/bincode serialization support
- Comprehensive test coverage with proptests and test vectors
- MSRV: 1.85.0

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@nickfarrow
[clippy] use variables directly in format strings
8b95e94
@nickfarrow nickfarrow merged commit bc3ca5b into master Jul 28, 2025
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nickfarrow nickfarrow nickfarrow approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@LLFourn @nickfarrow