Oblivious Pseudorandom Functions (OPRFs) using Prime-Order Groups
draft-sullivan-cfrg-voprf-03

Document Type Replaced Internet-Draft (cfrg RG)
Last updated 2019-07-03 (latest revision 2019-03-11)
Replaced by draft-irtf-cfrg-voprf
Stream IRTF
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized bibtex
Stream IRTF state Replaced
Consensus Boilerplate Unknown
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-irtf-cfrg-voprf
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-sullivan-cfrg-voprf-03.txt

Abstract

An Oblivious Pseudorandom Function (OPRF) is a two-party protocol for computing the output of a PRF. One party (the server) holds the PRF secret key, and the other (the client) holds the PRF input. The 'obliviousness' property ensures that the server does not learn anything about the client's input during the evaluation. The client should also not learn anything about the server's secret PRF key. Optionally, OPRFs can also satisfy a notion 'verifiability' (VOPRF). In this setting, the client can verify that the server's output is indeed the result of evaluating the underlying PRF with just a public key. This document specifies OPRF and VOPRF constructions instantiated within prime-order groups, including elliptic curves.

Authors

Alex Davidson (adavidson@cloudflare.com)
Nick Sullivan (nick@cloudflare.com)
Christopher Wood (cawood@apple.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)