%% You should probably cite rfc9497 instead of this I-D.
@techreport{irtf-cfrg-voprf-12,
    number =    {draft-irtf-cfrg-voprf-12},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-irtf-cfrg-voprf/12/},
    author =    {Alex Davidson and Armando Faz-Hernandez and Nick Sullivan and Christopher A. Wood},
    title =     {{Oblivious Pseudorandom Functions (OPRFs) using Prime-Order Groups}},
    pagetotal = 66,
    year =      2022,
    month =     aug,
    day =       1,
    abstract =  {An Oblivious Pseudorandom Function (OPRF) is a two-party protocol between client and server for computing the output of a Pseudorandom Function (PRF). The server provides the PRF secret key, and the client provides the PRF input. At the end of the protocol, the client learns the PRF output without learning anything about the PRF secret key, and the server learns neither the PRF input nor output. An OPRF can also satisfy a notion of 'verifiability', called a VOPRF. A VOPRF ensures clients can verify that the server used a specific private key during the execution of the protocol. A VOPRF can also be partially-oblivious, called a POPRF. A POPRF allows clients and servers to provide public input to the PRF computation. This document specifies an OPRF, VOPRF, and POPRF instantiated within standard prime-order groups, including elliptic curves.},
}