Documentation ¶
Overview ¶
Package oprf provides Verifiable, Oblivious Pseudo-Random Functions.
An Oblivious Pseudorandom Function (OPRFs) is a two-party protocol for computing the output of a PRF. One party (the server) holds the PRF secret key, and the other (the client) holds the PRF input.
This package is compatible with the OPRF specification at draft-irtf-cfrg-voprf [1].
Protocol Overview ¶
This diagram shows the steps of the protocol that are common for all operation modes.
Client(info*) Server(sk, pk, info*) ================================================================= finData, evalReq = Blind(input) evalReq ----------> evaluation = Evaluate(evalReq, info*) evaluation <---------- output = Finalize(finData, evaluation, info*)
Operation Modes ¶
Each operation mode provides different properties to the PRF.
Base Mode: Provides obliviousness to the PRF evaluation, i.e., it ensures that the server does not learn anything about the client's input and output during the Evaluation step.
Verifiable Mode: Extends the Base mode allowing the client to verify that Server used the private key that corresponds to the public key.
Partial Oblivious Mode: Extends the Verifiable mode by including shared public information to the PRF input.
All three modes can perform batches of PRF evaluations, so passing an array of inputs will produce an array of outputs.
References ¶
[1] draft-irtf-cfrg-voprf: https://datatracker.ietf.org/doc/draft-irtf-cfrg-voprf
Example (Oprf) ¶
suite := SuiteP256 // Server(sk, pk, info*) private, _ := GenerateKey(suite, rand.Reader) server := NewServer(suite, private) // Client(info*) client := NewClient(suite) // ================================================================= // finData, evalReq = Blind(input) inputs := [][]byte{[]byte("first input"), []byte("second input")} finData, evalReq, _ := client.Blind(inputs) // // evalReq // ----------> // // evaluation = Evaluate(evalReq, info*) evaluation, _ := server.Evaluate(evalReq) // // evaluation // <---------- // // output = Finalize(finData, evaluation, info*) outputs, err := client.Finalize(finData, evaluation) fmt.Print(err == nil && len(inputs) == len(outputs))
Output: true
Index ¶
- Variables
- type Blind
- type Blinded
- type Client
- type Evaluated
- type Evaluation
- type EvaluationRequest
- type FinalizeData
- type Mode
- type PartialObliviousClient
- func (c PartialObliviousClient) Blind(inputs [][]byte) (*FinalizeData, *EvaluationRequest, error)
- func (c PartialObliviousClient) DeterministicBlind(inputs [][]byte, blinds []Blind) (*FinalizeData, *EvaluationRequest, error)
- func (c PartialObliviousClient) Finalize(f *FinalizeData, e *Evaluation, info []byte) (outputs [][]byte, err error)
- type PartialObliviousServer
- func (s PartialObliviousServer) Evaluate(req *EvaluationRequest, info []byte) (*Evaluation, error)
- func (s PartialObliviousServer) FullEvaluate(input, info []byte) (output []byte, err error)
- func (s PartialObliviousServer) PublicKey() *PublicKey
- func (s PartialObliviousServer) VerifyFinalize(input, info, expectedOutput []byte) bool
- type PrivateKey
- type PublicKey
- type Server
- type Suite
- type VerifiableClient
- func (c VerifiableClient) Blind(inputs [][]byte) (*FinalizeData, *EvaluationRequest, error)
- func (c VerifiableClient) DeterministicBlind(inputs [][]byte, blinds []Blind) (*FinalizeData, *EvaluationRequest, error)
- func (c VerifiableClient) Finalize(f *FinalizeData, e *Evaluation) (outputs [][]byte, err error)
- type VerifiableServer
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidSuite = errors.New("invalid suite") ErrInvalidMode = errors.New("invalid mode") ErrDeriveKeyPairError = errors.New("key pair derivation failed") ErrInvalidInput = errors.New("invalid input") ErrInvalidInfo = errors.New("invalid info") ErrInvalidProof = errors.New("proof verification failed") ErrInverseZero = errors.New("inverting a zero value") ErrNoKey = errors.New("must provide a key") )
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func (Client) Blind ¶
func (c Client) Blind(inputs [][]byte) (*FinalizeData, *EvaluationRequest, error)
func (Client) DeterministicBlind ¶
func (c Client) DeterministicBlind(inputs [][]byte, blinds []Blind) (*FinalizeData, *EvaluationRequest, error)
func (Client) Finalize ¶
func (c Client) Finalize(f *FinalizeData, e *Evaluation) (outputs [][]byte, err error)
type Evaluation ¶
Evaluation contains a list of elements produced during server's evaluation, and for verifiable modes it also includes a proof.
type EvaluationRequest ¶
type EvaluationRequest struct {
Elements []Blinded
}
EvaluationRequest contains the blinded elements to be evaluated by the Server.
type FinalizeData ¶
type FinalizeData struct {
// contains filtered or unexported fields
}
FinalizeData encapsulates data needed for Finalize step.
func (FinalizeData) CopyBlinds ¶
func (f FinalizeData) CopyBlinds() []Blind
CopyBlinds copies the serialized blinds to use when determinstically invoking DeterministicBlind.
type PartialObliviousClient ¶
type PartialObliviousClient struct {
// contains filtered or unexported fields
}
func NewPartialObliviousClient ¶
func NewPartialObliviousClient(s Suite, server *PublicKey) PartialObliviousClient
func (PartialObliviousClient) Blind ¶
func (c PartialObliviousClient) Blind(inputs [][]byte) (*FinalizeData, *EvaluationRequest, error)
func (PartialObliviousClient) DeterministicBlind ¶
func (c PartialObliviousClient) DeterministicBlind(inputs [][]byte, blinds []Blind) (*FinalizeData, *EvaluationRequest, error)
func (PartialObliviousClient) Finalize ¶
func (c PartialObliviousClient) Finalize(f *FinalizeData, e *Evaluation, info []byte) (outputs [][]byte, err error)
type PartialObliviousServer ¶
type PartialObliviousServer struct {
// contains filtered or unexported fields
}
func NewPartialObliviousServer ¶
func NewPartialObliviousServer(s Suite, key *PrivateKey) PartialObliviousServer
func (PartialObliviousServer) Evaluate ¶
func (s PartialObliviousServer) Evaluate(req *EvaluationRequest, info []byte) (*Evaluation, error)
func (PartialObliviousServer) FullEvaluate ¶
func (s PartialObliviousServer) FullEvaluate(input, info []byte) (output []byte, err error)
func (PartialObliviousServer) VerifyFinalize ¶
func (s PartialObliviousServer) VerifyFinalize(input, info, expectedOutput []byte) bool
type PrivateKey ¶
type PrivateKey struct {
// contains filtered or unexported fields
}
func DeriveKey ¶
func DeriveKey(s Suite, mode Mode, seed, info []byte) (*PrivateKey, error)
DeriveKey generates a private key from a given seed and optional info string.
func GenerateKey ¶
func GenerateKey(s Suite, rnd io.Reader) (*PrivateKey, error)
GenerateKey generates a private key compatible with the suite.
func (*PrivateKey) MarshalBinary ¶
func (k *PrivateKey) MarshalBinary() ([]byte, error)
func (*PrivateKey) Public ¶
func (k *PrivateKey) Public() *PublicKey
func (*PrivateKey) UnmarshalBinary ¶
func (k *PrivateKey) UnmarshalBinary(s Suite, data []byte) error
type PublicKey ¶
type PublicKey struct {
// contains filtered or unexported fields
}
func (*PublicKey) MarshalBinary ¶
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
func NewServer ¶
func NewServer(s Suite, key *PrivateKey) Server
func (Server) Evaluate ¶
func (s Server) Evaluate(req *EvaluationRequest) (*Evaluation, error)
func (Server) VerifyFinalize ¶
type Suite ¶
type Suite interface { ID() int Group() group.Group Hash() crypto.Hash Name() string // contains filtered or unexported methods }
var ( // SuiteRistretto255 represents the OPRF with Ristretto255 and SHA-512 SuiteRistretto255 Suite = params{/* contains filtered or unexported fields */} // SuiteP256 represents the OPRF with P-256 and SHA-256. SuiteP256 Suite = params{/* contains filtered or unexported fields */} // SuiteP384 represents the OPRF with P-384 and SHA-384. SuiteP384 Suite = params{/* contains filtered or unexported fields */} // SuiteP521 represents the OPRF with P-521 and SHA-512. SuiteP521 Suite = params{/* contains filtered or unexported fields */} )
type VerifiableClient ¶
type VerifiableClient struct {
// contains filtered or unexported fields
}
func NewVerifiableClient ¶
func NewVerifiableClient(s Suite, server *PublicKey) VerifiableClient
func (VerifiableClient) Blind ¶
func (c VerifiableClient) Blind(inputs [][]byte) (*FinalizeData, *EvaluationRequest, error)
func (VerifiableClient) DeterministicBlind ¶
func (c VerifiableClient) DeterministicBlind(inputs [][]byte, blinds []Blind) (*FinalizeData, *EvaluationRequest, error)
func (VerifiableClient) Finalize ¶
func (c VerifiableClient) Finalize(f *FinalizeData, e *Evaluation) (outputs [][]byte, err error)
type VerifiableServer ¶
type VerifiableServer struct {
// contains filtered or unexported fields
}
func NewVerifiableServer ¶
func NewVerifiableServer(s Suite, key *PrivateKey) VerifiableServer
func (VerifiableServer) Evaluate ¶
func (s VerifiableServer) Evaluate(req *EvaluationRequest) (*Evaluation, error)
func (VerifiableServer) FullEvaluate ¶
func (s VerifiableServer) FullEvaluate(input []byte) (output []byte, err error)
func (VerifiableServer) VerifyFinalize ¶
func (s VerifiableServer) VerifyFinalize(input, expectedOutput []byte) bool