We give the first simple and efficient construction of verifiable random functions (VRFs). VRFs, introduced by Micali et al. , combine the properties of regular pseudorandom functions (PRFs) (i.e., indistinguishability from a random function) and digital signatures (i.e., one can provide an unforgeable proof that the VRF value is correctly computed). The efficiency of our VRF construction is only slightly worse than that of a regular PRF construction of Naor and Reingold . In contrast to our direct construction, all previous VRF constructions [13, 12] involved an expensive generic transformation from verifiable unpredictable functions (VUFs). We also provide the first construction of distributed VRFs. Our construction is more efficient than the only known construction of distributed (non-verifiable) PRFs , but has more applications than the latter. For example, it can be used to distributively implement the random oracle model in a publicly verifiable manner, which by itself has many applications. Our construction is based on a new variant of decisional Diffie-Hellman (DDH) assumption on certain groups where the regular DDH assumption does not hold [10, 9]. Nevertheless, this variant of DDH seems to be plausible based on our current understanding of these groups. We hope that the demonstrated power of our assumption will serve as a motivation for its closer study.