Continuous VDFs for random beacons

Cornell researchers have proposed Continuous VDFs.

In a nutshell (if I understood everything right :slight_smile:), continuous VDF enable efficient verification of “sequences of VDFs”, which was not possible before.

The authors demonstrate three potential applications, the most interesting one probably being the construction of public randomness beacons that only require an initial random seed (and no further unpredictable sources of randomness).

Was wondering if someone looked into this in the context of blockains/beacon chains…

https://eprint.iacr.org/2019/619

cc @JustinDrake

If true this would be huge. Unfortunately, IMO their statement is at best very misleading. The authors have burried a critical caveat in footnote 2:

we can only guarantee that the (\epsilon \cdot t)-th value into the future is unpredictable

So basically an attacker with non-zero speed advantage relative to honest players has linearly growing lookahead over time. This makes their construction non-practical for any application I can think of. Moreover, such an “eventually unpredictable” randomness beacon can trivially be built using a non-continuous VDF, especially in the context of blockchains where we have light clients.