Oblivious Pseudorandom Functions (OPRFs) using Prime-Order Groups
draft-sullivan-cfrg-voprf-03
Document | Type |
Replaced Internet-Draft
(cfrg RG)
Expired & archived
|
|
---|---|---|---|
Authors | Alex Davidson , Nick Sullivan , Christopher A. Wood | ||
Last updated | 2019-07-03 (Latest revision 2019-03-11) | ||
Replaced by | draft-irtf-cfrg-voprf | ||
RFC stream | Internet Research Task Force (IRTF) | ||
Intended RFC status | (None) | ||
Formats | |||
Additional resources | Mailing list discussion | ||
Stream | IRTF state | Replaced | |
Consensus boilerplate | Unknown | ||
Document shepherd | (None) | ||
IESG | IESG state | Replaced by draft-irtf-cfrg-voprf | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
An Oblivious Pseudorandom Function (OPRF) is a two-party protocol for computing the output of a PRF. One party (the server) holds the PRF secret key, and the other (the client) holds the PRF input. The 'obliviousness' property ensures that the server does not learn anything about the client's input during the evaluation. The client should also not learn anything about the server's secret PRF key. Optionally, OPRFs can also satisfy a notion 'verifiability' (VOPRF). In this setting, the client can verify that the server's output is indeed the result of evaluating the underlying PRF with just a public key. This document specifies OPRF and VOPRF constructions instantiated within prime-order groups, including elliptic curves.
Authors
Alex Davidson
Nick Sullivan
Christopher A. Wood
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)