Talk:Verifiable random function

This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computing Low‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing Low This article has been rated as Low-importance on the project's importance scale. Cryptography: Computer science Low‑importance This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography Low This article has been rated as Low-importance on the importance scale. This article is supported by WikiProject Computer science (assessed as Low-importance).

BLS signatures are about the worst choice for a VRF for almost any realistic situation. Schnorr DLEQ proof based VRFs work well. RSA-FHD is not as fast as Rabin-Williams, but many Rabin variants are not VRFs. RSA-PSS is not a VRF and infinitely more common than RSA-FDH in the wild. — Preceding unsigned comment added by 188.62.22.15 (talk) 17:44, 7 February 2020 (UTC)[reply]

This should probably mention the "BADA55" criticisms of the VRF concept. i.e. [[1]] Wonderstruck (talk) 04:38, 4 January 2021 (UTC)[reply]

Absolutely nothing on the BADA55 site discusses VRFs. It's talking about curves parameter choice, a totally unrelated idea. — Preceding unsigned comment added by 37.164.12.238 (talk) 06:50, 13 January 2022 (UTC)[reply]