oprf

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 30, 2021 License: BSD-3-Clause Imports: 7 Imported by: 0

Documentation

Overview

Package oprf provides an Oblivious Pseudo-Random Function protocol.

An Oblivious Pseudorandom Function (OPRFs) is a two-party protocol for computing the output of a PRF. One party (the server) holds the PRF secret key, and the other (the client) holds the PRF input.

Obliviousness: Ensures that the server does not learn anything about the client's input during the Evaluation step.

Verifiability: Allows the client to verify that the server used a committed secret key during Evaluation step.

OPRF is defined on draft-irtf-cfrg-voprf: https://datatracker.ietf.org/doc/draft-irtf-cfrg-voprf

Index

Constants

This section is empty.

Variables

View Source 
var ErrUnsupportedSuite = errors.New("non-supported suite")

ErrUnsupportedSuite is thrown when requesting a non-supported suite.

Functions

This section is empty.

Types

type Blind 

type Blind group.Scalar

type Blinded 

type Blinded = []byte

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client is a representation of a OPRF client during protocol execution.

func NewClient 

func NewClient(id SuiteID) (*Client, error)

NewClient creates a client in base mode.

func NewVerifiableClient 

func NewVerifiableClient(id SuiteID, pkS *PublicKey) (*Client, error)

NewVerifiableClient creates a client in verifiable mode. A server's public key must be provided.

func (*Client) Finalize 

func (c *Client) Finalize(r *ClientRequest, e *Evaluation) ([][]byte, error)

Finalize computes the signed token from the server Evaluation and returns the output of the OPRF protocol. The function uses server's public key to verify the proof in verifiable mode.

func (*Client) GetMode 

func (s *Client) GetMode() Mode

func (*Client) Request 

func (c *Client) Request(inputs [][]byte) (*ClientRequest, error)

Request generates a request for server passing an array of inputs to be evaluated by server.

type ClientRequest 

type ClientRequest struct {
	// contains filtered or unexported fields
}

ClientRequest is a structure to encapsulate the output of a Request call.

func (ClientRequest) BlindedElements 

func (r ClientRequest) BlindedElements() [][]byte

BlindedElements returns the serialized blinded elements produced for the client request.

type Evaluation 

type Evaluation struct {
	Elements []SerializedElement
	Proof    *Proof
}

type Mode 

type Mode = uint8

Mode specifies properties of the OPRF protocol. 

const (
	// BaseMode provides obliviousness.
	BaseMode Mode = 0x00
	// VerifiableMode provides obliviousness and verifiability.
	VerifiableMode Mode = 0x01
)

type PrivateKey 

type PrivateKey struct {
	// contains filtered or unexported fields
}

func DeriveKey 

func DeriveKey(id SuiteID, seed []byte) (*PrivateKey, error)

DeriveKey derives a pair of keys given a seed and in accordance with the suite.

func GenerateKey 

func GenerateKey(id SuiteID) (*PrivateKey, error)

GenerateKey generates a pair of keys in accordance with the suite.

func (*PrivateKey) Deserialize 

func (k *PrivateKey) Deserialize(id SuiteID, data []byte) error

func (*PrivateKey) Public 

func (k *PrivateKey) Public() *PublicKey

func (*PrivateKey) Serialize 

func (k *PrivateKey) Serialize() ([]byte, error)

type Proof 

type Proof struct {
	C, S []byte
}

type PublicKey 

type PublicKey struct {
	// contains filtered or unexported fields
}

func (*PublicKey) Deserialize 

func (k *PublicKey) Deserialize(id SuiteID, data []byte) error

func (*PublicKey) Serialize 

func (k *PublicKey) Serialize() ([]byte, error)

type SerializedElement 

type SerializedElement = []byte

type Server 

type Server struct {
	// contains filtered or unexported fields
}

Server is a representation of a OPRF server during protocol execution.

func NewServer 

func NewServer(id SuiteID, skS *PrivateKey) (*Server, error)

NewServer creates a Server in base mode, and generates a key if no skS is provided.

func NewVerifiableServer 

func NewVerifiableServer(id SuiteID, skS *PrivateKey) (*Server, error)

NewVerifiableServer creates a Server in verifiable mode, and generates a key if no skS is provided.

func (*Server) Evaluate 

func (s *Server) Evaluate(blindedElements []Blinded) (*Evaluation, error)

Evaluate evaluates a set of blinded inputs from the client.

func (*Server) FullEvaluate 

func (s *Server) FullEvaluate(input []byte) ([]byte, error)

FullEvaluate performs a full OPRF protocol at server-side.

func (*Server) GetMode 

func (s *Server) GetMode() Mode

func (*Server) GetPublicKey 

func (s *Server) GetPublicKey() *PublicKey

GetPublicKey returns the public key corresponding to the server.

func (*Server) VerifyFinalize 

func (s *Server) VerifyFinalize(input, expectedOutput []byte) bool

VerifyFinalize performs a full OPRF protocol and returns true if the output matches the expected output.

type SuiteID 

type SuiteID = uint16

SuiteID identifies supported suites. 

const (
	// OPRFP256 represents the OPRF with P-256 and SHA-256.
	OPRFP256 SuiteID = 0x0003
	// OPRFP384 represents the OPRF with P-384 and SHA-512.
	OPRFP384 SuiteID = 0x0004
	// OPRFP521 represents the OPRF with P-521 and SHA-512.
	OPRFP521 SuiteID = 0x0005
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.