> Essentially, VDFs take a certain amount of steps to compute and cannot be parallelized. However, the correctness of their output can be verified efficiently.
No, a VDF just proves that, given a certain input, you spent a certain amount of time to compute the unique (!) VDF output. As said, this computation must be carried out sequentially. Of course, it can still be sped up by creating an ASIC (the same technology used for Bitcoin miners nowadays). However, there is not point in running multiple ASICs (like a Bitcoin mining farm) because the computation cannot be parallelized and the output is unique. Thus, running one ASIC has exactly the same effect as running thousands ASICs and there is no energy waste.
If you go by the usual, energy-wasting meaning of "proof of work" that is also the one relevant to the discussion (i.e., Bitcoin-style PoW which is described in the article), then no.
Yes, in the strict sense of the meaning. In general, the comparison of VDFs (a cryptographic building block) and Bitcoin-style PoW (a consensus mechanism) is not that useful. However, using a VDF as part of a consensus mechanism (see e.g., Chia) does not introduce an energy overhead.
To demystify what a VDF is, consider the delay function (i.e., the majority of the work done to compute a VDF) used by the most prominent proposals:
Let N = p*q be a product of two large primes (so an RSA modulus) and assume that the primes p and q have been immediately thrown away/forgotten after initialization. Then, computing
f(x) = x^(2^T) mod N
is believed (dating back to a paper by Rivest, Shamir and Wagner in 1996) to take T sequential steps provided that T is large enough. For a large T, the only feasible approach seems to be repeated squaring modulo N. That is, compute y = x^2 mod N, y' = y^2 mod N, ... for T times.
this...sounds exactly like proof of work?