Would it be valuable to try to construct a VDF that is not dependent on choosing a secret modulus or more generally not dependent on some secret? Would it be possible to construct a VDF based on groups of known order?
With the current direction, it would require a carefully designed ceremony (a la Zcash) in order to make sure that no one knows the modulus and its factorization.