News

Research on Verifiable Delay Functions helps avoid vulnerability in Ethereum security

  • Interdisciplinary Centre for Security, Reliability and Trust (SnT)
    18 December 2024
  • Category
    Research
  • Topic
    Computer Science & ICT, Cybersecurity

Cryptographers expose weakness in Ethereum’s Verifiable Delay Function (VDF), proving that its supposedly fixed time delay can be shortened – a finding with significant implications for the blockchain industry.

The need for digital trust

In a world of growing cyber threats, it’s hard to agree on things among untrusted, remote parties. The core challenge researchers are trying to solve is creating a trustworthy way to generate random numbers that everyone can verify.

This is important for many real-world protocols where public verifiable randomness shouldn’t be manipulated. Application areas can be online games, lotteries, sports seeding, and distributed ledgers like cryptocurrencies.

In cryptocurrency systems, if some powerful players could generate random numbers much faster than others, they could gain unfair advantages in the network. But having a computational “waiting period” that applies equally to everyone, whether they have a supercomputer or a laptop, creates a level playing field for all participants.

Researchers find flaw in Ethereum’s approach

Recently, Verifiable Delay Functions (VDF) were proposed as a way to solve the public randomness problem. They would provide a primitive (a basic cryptographic building block) that is slow, and probably so, to compute. But, once computed, it would require just an instant to verify its correctness.

One such function was proposed for the consensus protocol of Ethereum, a popular smart-contract platform and cryptocurrency, but researchers discovered its supposedly unbeatable time delay could be bypassed.

The researchers found a way around this by studying the mathematical properties of the function. They showed that someone with access to powerful parallel computing could defeat the security measure.

In fact, Alex Biryukov and six other experts recently showed that a VDF function, considered but not deployed by Ethereum, allowed a speedup. So, a new function must be designed.

“Our research demonstrates the hardness of claims on time limits of certain computations. It shows that Verifiable Delay Functions are harder to design than thought”, comments Biryukov. This is a vital and timely discovery for Ethereum and its users’ security. This result also demonstrates that research can help prevent significant vulnerabilities.

A top venue paper

The paper “Cryptanalysis of Algebraic Verifiable Delay Functions” was published at the IACR Annual CRYPTO 2024 conference in the US. It is an important step in cryptographic research.

“This research is a major achievement for our team. We will continue this work in the FNR-funded project CryptoFin, which has two years left”, concludes Biryukov.

CryptoLUX analyses cryptographic algorithms and works on new designs, to establish secure standards for the future. The group also investigates security, privacy, and scalability aspects of blockchain-based technologies for FinTech.