{"id":26886939,"url":"https://github.com/davxy/ark-vrf","last_synced_at":"2026-04-03T00:07:38.643Z","repository":{"id":230944462,"uuid":"780528830","full_name":"davxy/ark-vrf","owner":"davxy","description":"Elliptic Curve VRFs","archived":false,"fork":false,"pushed_at":"2026-02-13T14:07:30.000Z","size":1142,"stargazers_count":28,"open_issues_count":2,"forks_count":7,"subscribers_count":4,"default_branch":"main","last_synced_at":"2026-02-13T14:48:01.655Z","etag":null,"topics":["arkworks","cryptography","ecvrf","rfc-9381","ring-vrf","vrf","zk-snarks"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/davxy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-04-01T17:08:10.000Z","updated_at":"2026-02-13T07:16:42.000Z","dependencies_parsed_at":"2025-02-26T08:24:51.947Z","dependency_job_id":"625eb819-4922-4738-86fa-f79ff3d3c63e","html_url":"https://github.com/davxy/ark-vrf","commit_stats":null,"previous_names":["davxy/ark-ecvrf","davxy/ark-ec-vrfs","davxy/ark-vrf"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/davxy/ark-vrf","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davxy%2Fark-vrf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davxy%2Fark-vrf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davxy%2Fark-vrf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davxy%2Fark-vrf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/davxy","download_url":"https://codeload.github.com/davxy/ark-vrf/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davxy%2Fark-vrf/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29587066,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-18T16:55:40.614Z","status":"ssl_error","status_checked_at":"2026-02-18T16:55:37.558Z","response_time":162,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arkworks","cryptography","ecvrf","rfc-9381","ring-vrf","vrf","zk-snarks"],"created_at":"2025-03-31T19:27:43.913Z","updated_at":"2026-04-03T00:07:38.626Z","avatar_url":"https://github.com/davxy.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Elliptic Curve VRF\n\nImplementations of Verifiable Random Function with Additional Data (VRF-AD)\nschemes built on a transcript-based Fiat-Shamir transform with support for\nmultiple input/output pairs via delinearization.\n\nBuilt on the [Arkworks](https://github.com/arkworks-rs) framework with\nconfigurable cryptographic parameters and `no_std` support.\n\n## Supported Schemes\n\n- **Tiny VRF**: Compact proof. Loosely inspired by [RFC-9381](https://datatracker.ietf.org/doc/rfc9381),\n  adapted with a transcript-based Fiat-Shamir transform, support for additional\n  data, and multiple I/O pairs via delinearization.\n\n- **Thin VRF**: Same structure as Tiny VRF but stores the nonce commitment instead\n  of the challenge, enabling batch verification at the cost of a slightly larger proof.\n\n- **Pedersen VRF**: Key-hiding VRF based on the construction introduced by\n  [BCHSV23](https://eprint.iacr.org/2023/002). Replaces the public key with a\n  Pedersen commitment to the secret key, serving as a building block for anonymized\n  ring signatures.\n\n- **Ring VRF**: Anonymized ring VRF combining Pedersen VRF with the ring proof scheme\n  derived from [CSSV22](https://eprint.iacr.org/2022/1362). Proves that a single\n  blinded key is a member of a committed ring without revealing which one.\n\n### Specifications\n\n- [VRF Schemes](https://github.com/davxy/bandersnatch-vrf-spec)\n- [Ring Proof](https://github.com/davxy/ring-proof-spec)\n\n## Built-In Suites\n\nThe library conditionally includes the following pre-configured suites (see features section):\n\n- **Ed25519**: Supports Tiny, Thin, and Pedersen VRF.\n- **Secp256r1**: Supports Tiny, Thin, and Pedersen VRF.\n- **Bandersnatch** (_Edwards curve on BLS12-381_): Supports Tiny, Thin, Pedersen, and Ring VRF.\n- **JubJub** (_Edwards curve on BLS12-381_): Supports Tiny, Thin, Pedersen, and Ring VRF.\n- **Baby-JubJub** (_Edwards curve on BN254_): Supports Tiny, Thin, Pedersen, and Ring VRF.\n\n## Basic Usage\n\n```rust,ignore\nuse ark_vrf::suites::bandersnatch::*;\n\n// Create a secret key from a seed\nlet secret = Secret::from_seed([0; 32]);\n\n// Derive the corresponding public key\nlet public = secret.public();\n\n// Create an input by hashing data to a curve point\nlet input = Input::new(b\"example input\").unwrap();\n\n// Compute the VRF output (gamma point)\nlet output = secret.output(input);\n\n// Get a deterministic hash from the VRF output point\nlet hash_bytes = output.hash();\n```\n\n### Tiny VRF\n\nCompact VRF-AD producing a short `(c, s)` proof.\n\n_Prove_\n```rust,ignore\nuse ark_vrf::tiny::Prover;\n\nlet io = secret.vrf_io(input);\n\n// Generate a proof that binds the input-output pair and auxiliary data\nlet proof = secret.prove(io, b\"aux data\");\n```\n\n_Verify_\n```rust,ignore\nuse ark_vrf::tiny::Verifier;\n\n// Verify the proof against the public key\nlet result = public.verify(io, b\"aux data\", \u0026proof);\nassert!(result.is_ok());\n```\n\n### Thin-VRF\n\nThe Thin VRF merges the public-key Schnorr pair and the VRF I/O pair into a\nsingle DLEQ relation via delinearization, then proves it with a Schnorr-like\nproof (R, s).\n\n_Prove_\n```rust,ignore\nuse ark_vrf::thin::Prover;\n\nlet io = secret.vrf_io(input);\nlet proof = secret.prove(io, b\"aux data\");\n```\n\n_Verify_\n```rust,ignore\nuse ark_vrf::thin::Verifier;\n\nlet result = public.verify(io, b\"aux data\", \u0026proof);\nassert!(result.is_ok());\n```\n\n_Batch verify_\n```rust,ignore\nuse ark_vrf::thin::{Prover, BatchVerifier};\n\nlet proof1 = secret.prove(io, b\"data1\");\nlet proof2 = secret.prove(io, b\"data2\");\n\nlet mut batch = BatchVerifier::new();\nbatch.push(\u0026public, io, b\"data1\", \u0026proof1);\nbatch.push(\u0026public, io, b\"data2\", \u0026proof2);\nassert!(batch.verify().is_ok());\n```\n\n### Pedersen-VRF\n\nKey-hiding VRF that replaces the public key with a Pedersen commitment to the secret key.\n\n_Prove_\n```rust,ignore\nuse ark_vrf::pedersen::Prover;\n\nlet io = secret.vrf_io(input);\n\n// Generate a proof with a blinding factor\nlet (proof, blinding) = secret.prove(io, b\"aux data\");\n\n// The proof includes a commitment to the public key\nlet key_commitment = proof.key_commitment();\n```\n\n_Verify_\n```rust,ignore\nuse ark_vrf::pedersen::Verifier;\n\n// Verify without knowing which specific public key was used.\n// Verifies that the secret key used to generate `output` is the same as\n// the secret key used to generate `proof.key_commitment()`.\nlet result = Public::verify(io, b\"aux data\", \u0026proof);\nassert!(result.is_ok());\n\n// Verify the proof was created using a specific public key.\n// This requires knowledge of the blinding factor.\nlet expected = (public.0 + BandersnatchSha512Ell2::BLINDING_BASE * blinding).into_affine();\nassert_eq!(proof.key_commitment(), expected);\n```\n\n### Ring-VRF\n\nThe Ring VRF provides anonymity within a set of public keys using zero-knowledge proofs.\n\n_Ring construction_\n```rust,ignore\nconst RING_SIZE: usize = 100;\nlet prover_key_index = 3;\n\n// Construct an example ring with dummy keys\nlet mut ring = (0..RING_SIZE)\n    .map(|i| {\n        let mut seed = [0u8; 32];\n        seed[..8].copy_from_slice(\u0026i.to_le_bytes());\n        Secret::from_seed(seed).public().0\n    })\n    .collect::\u003cVec\u003c_\u003e\u003e();\n\n// Patch the ring with the public key of the prover\nring[prover_key_index] = public.0;\n\n// Any key can be replaced with the padding point\nring[0] = RingProofParams::padding_point();\n\n// Create parameters for the ring proof system.\n// These parameters are reusable across multiple proofs.\nlet params = RingProofParams::from_seed(RING_SIZE, [0x42; 32]);\n```\n\n_Prove_\n```rust,ignore\nuse ark_vrf::ring::Prover;\n\n// Create a prover key specific to this ring\nlet prover_key = params.prover_key(\u0026ring).unwrap();\n\n// Create a prover instance for the specific position in the ring\nlet prover = params.prover(prover_key, prover_key_index);\n\nlet io = secret.vrf_io(input);\n\n// Generate a zero-knowledge proof that:\n// 1. The prover knows a secret key for one of the public keys in the ring\n// 2. That secret key was used to generate the VRF output\nlet proof = secret.prove(io, b\"aux data\", \u0026prover);\n```\n\n_Verify_\n```rust,ignore\nuse ark_vrf::ring::Verifier;\n\n// Create a verifier key for this ring\nlet verifier_key = params.verifier_key(\u0026ring).unwrap();\n\n// Create a verifier instance\nlet verifier = params.verifier(verifier_key);\n\n// Verify the proof - this confirms that:\n// 1. The proof was created by someone who knows a secret key in the ring\n// 2. The VRF output is correct for the given input\n// But it does NOT reveal which ring member created the proof\nlet result = Public::verify(io, b\"aux data\", \u0026proof, \u0026verifier);\n```\n\n_Verifier key from commitment_\n```rust,ignore\n// For efficiency, a commitment to the ring can be shared\nlet ring_commitment = params.verifier_key(\u0026ring).unwrap().commitment();\n\n// A verifier can reconstruct the verifier key from just the commitment\n// without needing the full ring of public keys\nlet verifier_key = params.verifier_key_from_commitment(ring_commitment);\n```\n\n## Features\n\n- `default`: `std`\n- `full`: Enables all features listed below except `secret-split`, `parallel`, `asm`, `test-vectors`.\n- `secret-split`: Point scalar multiplication with secret split. Secret scalar is split into the sum\n   of two scalars, which randomly mutate but retain the same sum. Incurs 2x penalty in some internal\n   sensible scalar multiplications, but provides side channel defenses.\n- `ring`: Ring-VRF for the curves supporting it.\n- `test-vectors`: Deterministic ring-vrf proof. Useful for reproducible test vectors generation.\n\n### Curves\n\n- `ed25519`\n- `jubjub`\n- `bandersnatch`\n- `baby-jubjub`\n- `secp256r1`\n\n### Arkworks optimizations\n\n- `parallel`: Parallel execution where worth using `rayon`.\n- `asm`: Assembly implementation of some low level operations.\n\n## License\n\nDistributed under the [MIT License](./LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavxy%2Fark-vrf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdavxy%2Fark-vrf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavxy%2Fark-vrf/lists"}