README for the CCS reviewers

• Our contract is in contracts/OpenSqaure.sol.
• Our test file is test/opensquare.test.ts. Can be tested by running yarn test. Make sure all necessary dependencies and yarn are installed. A test run will also output the associated gas costs.
• To measure the deployment costs, we used truffle to deploy the contract and used its output.
• A typescript version of the underlying cryptography is in test/opensquare.ts. This must print true in the beginning of a yarn test.

Notes

• This is a prototype library modifying the implementation from https://github.com/kilic/evmvdf.
• Sometimes the hash to prime function cannot find a prime within MAX_NONCE tries and some of the tests may fail.

=== ORIGINAL README from the repo ===

Delay Function Verification Smart Contract

This is a PoC level code. Do not use it.

VDFVerify.sol smart contract verifies Wesolowski VDF in 2048 bit RSA setting.

Hash to Prime

We used the hash to prime variant defined in section 7 of BBF19 where prover picks a nonce from small set and appends it to the transcript until they hit a prime number as hash result. Prover sends the nonce along with the proof to the verifier so that verifier performs single primality test.

Cost in Berlin EVM

operation	cost in gas
verify VDF	173062
verify VDF with base and calldata	207827
modexp (2048,256,2048)	87012
modexp (256,256,256)	1666
mul2048	13519
miller rabin 15	30994

References

• Efficient Verifiable Delay Functions
• A Survey of Two Verifiable Delay Functions
• Batching Techniques for Accumulators with Applications to IOPs and Stateless Blockchains
• EIP-2565
• RSA bounty smart contract
• Metamagic Mul512
• rust-accumulators hash to prime function