Documentation
¶
Overview ¶
Package oprf provides Verifiable, Oblivious Pseudo-Random Functions.
An Oblivious Pseudorandom Function (OPRFs) is a two-party protocol for computing the output of a PRF. One party (the server) holds the PRF secret key, and the other (the client) holds the PRF input.
This package is compatible with the OPRF specification at RFC-9497 [1].
Protocol Overview ¶
This diagram shows the steps of the protocol that are common for all operation modes.
Client(info*) Server(sk, pk, info*)
=================================================================
finData, evalReq = Blind(input)
evalReq
---------->
evaluation = Evaluate(evalReq, info*)
evaluation
<----------
output = Finalize(finData, evaluation, info*)
Operation Modes ¶
Each operation mode provides different properties to the PRF.
Base Mode: Provides obliviousness to the PRF evaluation, i.e., it ensures that the server does not learn anything about the client's input and output during the Evaluation step.
Verifiable Mode: Extends the Base mode allowing the client to verify that Server used the private key that corresponds to the public key.
Partial Oblivious Mode: Extends the Verifiable mode by including shared public information to the PRF input.
All three modes can perform batches of PRF evaluations, so passing an array of inputs will produce an array of outputs.
References ¶
[1] RFC-9497: https://www.rfc-editor.org/info/rfc9497
Example (Oprf) ¶
suite := SuiteP256
// Server(sk, pk, info*)
private, _ := GenerateKey(suite, rand.Reader)
server := NewServer(suite, private)
// Client(info*)
client := NewClient(suite)
// =================================================================
// finData, evalReq = Blind(input)
inputs := [][]byte{[]byte("first input"), []byte("second input")}
finData, evalReq, _ := client.Blind(inputs)
//
// evalReq
// ---------->
//
// evaluation = Evaluate(evalReq, info*)
evaluation, _ := server.Evaluate(evalReq)
//
// evaluation
// <----------
//
// output = Finalize(finData, evaluation, info*)
outputs, err := client.Finalize(finData, evaluation)
fmt.Print(err == nil && len(inputs) == len(outputs))
Output: true
Index ¶
- Variables
- type Blind
- type Blinded
- type Client
- type Evaluated
- type Evaluation
- type EvaluationRequest
- type FinalizeData
- type Mode
- type PartialObliviousClient
- func (c PartialObliviousClient) Blind(inputs [][]byte) (*FinalizeData, *EvaluationRequest, error)
- func (c PartialObliviousClient) DeterministicBlind(inputs [][]byte, blinds []Blind) (*FinalizeData, *EvaluationRequest, error)
- func (c PartialObliviousClient) Finalize(f *FinalizeData, e *Evaluation, info []byte) (outputs [][]byte, err error)
- type PartialObliviousServer
- func (s PartialObliviousServer) Evaluate(req *EvaluationRequest, info []byte) (*Evaluation, error)
- func (s PartialObliviousServer) FullEvaluate(input, info []byte) (output []byte, err error)
- func (s PartialObliviousServer) PublicKey() *PublicKey
- func (s PartialObliviousServer) VerifyFinalize(input, info, expectedOutput []byte) bool
- type PrivateKey
- type PublicKey
- type Server
- type Suite
- type VerifiableClient
- func (c VerifiableClient) Blind(inputs [][]byte) (*FinalizeData, *EvaluationRequest, error)
- func (c VerifiableClient) DeterministicBlind(inputs [][]byte, blinds []Blind) (*FinalizeData, *EvaluationRequest, error)
- func (c VerifiableClient) Finalize(f *FinalizeData, e *Evaluation) (outputs [][]byte, err error)
- type VerifiableServer
Examples ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrInvalidSuite = errors.New("oprf: invalid suite") ErrInvalidMode = errors.New("oprf: invalid mode") ErrDeriveKeyPairError = errors.New("oprf: key pair derivation failed") ErrInvalidInput = errors.New("oprf: invalid input") ErrInvalidSeed = errors.New("oprf: invalid seed size") ErrInvalidInfo = errors.New("oprf: invalid info") ErrInvalidProof = errors.New("oprf: proof verification failed") ErrInverseZero = errors.New("oprf: inverting a zero value") ErrNoKey = errors.New("oprf: must provide a key") )
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func (Client) Blind ¶ added in v1.2.0
func (c Client) Blind(inputs [][]byte) (*FinalizeData, *EvaluationRequest, error)
func (Client) DeterministicBlind ¶ added in v1.2.0
func (c Client) DeterministicBlind(inputs [][]byte, blinds []Blind) (*FinalizeData, *EvaluationRequest, error)
func (Client) Finalize ¶
func (c Client) Finalize(f *FinalizeData, e *Evaluation) (outputs [][]byte, err error)
type Evaluation ¶
Evaluation contains a list of elements produced during server's evaluation, and for verifiable modes it also includes a proof.
type EvaluationRequest ¶ added in v1.2.0
type EvaluationRequest struct {
Elements []Blinded
}
EvaluationRequest contains the blinded elements to be evaluated by the Server.
type FinalizeData ¶ added in v1.2.0
type FinalizeData struct {
// contains filtered or unexported fields
}
FinalizeData encapsulates data needed for Finalize step.
func (FinalizeData) CopyBlinds ¶ added in v1.2.0
func (f FinalizeData) CopyBlinds() []Blind
CopyBlinds copies the serialized blinds to use when deterministically invoking DeterministicBlind.
type PartialObliviousClient ¶ added in v1.2.0
type PartialObliviousClient struct {
// contains filtered or unexported fields
}
func NewPartialObliviousClient ¶ added in v1.2.0
func NewPartialObliviousClient(s Suite, server *PublicKey) PartialObliviousClient
func (PartialObliviousClient) Blind ¶ added in v1.2.0
func (c PartialObliviousClient) Blind(inputs [][]byte) (*FinalizeData, *EvaluationRequest, error)
func (PartialObliviousClient) DeterministicBlind ¶ added in v1.2.0
func (c PartialObliviousClient) DeterministicBlind(inputs [][]byte, blinds []Blind) (*FinalizeData, *EvaluationRequest, error)
func (PartialObliviousClient) Finalize ¶ added in v1.2.0
func (c PartialObliviousClient) Finalize(f *FinalizeData, e *Evaluation, info []byte) (outputs [][]byte, err error)
type PartialObliviousServer ¶ added in v1.2.0
type PartialObliviousServer struct {
// contains filtered or unexported fields
}
func NewPartialObliviousServer ¶ added in v1.2.0
func NewPartialObliviousServer(s Suite, key *PrivateKey) PartialObliviousServer
func (PartialObliviousServer) Evaluate ¶ added in v1.2.0
func (s PartialObliviousServer) Evaluate(req *EvaluationRequest, info []byte) (*Evaluation, error)
func (PartialObliviousServer) FullEvaluate ¶ added in v1.2.0
func (s PartialObliviousServer) FullEvaluate(input, info []byte) (output []byte, err error)
func (PartialObliviousServer) PublicKey ¶ added in v1.2.0
func (s PartialObliviousServer) PublicKey() *PublicKey
func (PartialObliviousServer) VerifyFinalize ¶ added in v1.2.0
func (s PartialObliviousServer) VerifyFinalize(input, info, expectedOutput []byte) bool
type PrivateKey ¶
type PrivateKey struct {
// contains filtered or unexported fields
}
func DeriveKey ¶
func DeriveKey(s Suite, mode Mode, seed, info []byte) (*PrivateKey, error)
DeriveKey generates a private key from a 32-byte seed and an optional info string.
func GenerateKey ¶
func GenerateKey(s Suite, rnd io.Reader) (*PrivateKey, error)
GenerateKey generates a private key compatible with the suite.
func (*PrivateKey) MarshalBinary ¶ added in v1.2.0
func (k *PrivateKey) MarshalBinary() ([]byte, error)
func (*PrivateKey) Public ¶
func (k *PrivateKey) Public() *PublicKey
func (*PrivateKey) UnmarshalBinary ¶ added in v1.2.0
func (k *PrivateKey) UnmarshalBinary(s Suite, data []byte) error
type PublicKey ¶
type PublicKey struct {
// contains filtered or unexported fields
}
func (*PublicKey) MarshalBinary ¶ added in v1.2.0
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
func NewServer ¶
func NewServer(s Suite, key *PrivateKey) Server
func (Server) Evaluate ¶
func (s Server) Evaluate(req *EvaluationRequest) (*Evaluation, error)
func (Server) VerifyFinalize ¶
type Suite ¶ added in v1.2.0
type Suite interface {
Identifier() string
Group() group.Group
Hash() crypto.Hash
// contains filtered or unexported methods
}
var ( // SuiteRistretto255 represents the OPRF with Ristretto255 and SHA-512 SuiteRistretto255 Suite = params{/* contains filtered or unexported fields */} // SuiteP256 represents the OPRF with P-256 and SHA-256. SuiteP256 Suite = params{/* contains filtered or unexported fields */} // SuiteP384 represents the OPRF with P-384 and SHA-384. SuiteP384 Suite = params{/* contains filtered or unexported fields */} // SuiteP521 represents the OPRF with P-521 and SHA-512. SuiteP521 Suite = params{/* contains filtered or unexported fields */} )
type VerifiableClient ¶ added in v1.2.0
type VerifiableClient struct {
// contains filtered or unexported fields
}
func NewVerifiableClient ¶
func NewVerifiableClient(s Suite, server *PublicKey) VerifiableClient
func (VerifiableClient) Blind ¶ added in v1.2.0
func (c VerifiableClient) Blind(inputs [][]byte) (*FinalizeData, *EvaluationRequest, error)
func (VerifiableClient) DeterministicBlind ¶ added in v1.2.0
func (c VerifiableClient) DeterministicBlind(inputs [][]byte, blinds []Blind) (*FinalizeData, *EvaluationRequest, error)
func (VerifiableClient) Finalize ¶ added in v1.2.0
func (c VerifiableClient) Finalize(f *FinalizeData, e *Evaluation) (outputs [][]byte, err error)
type VerifiableServer ¶ added in v1.2.0
type VerifiableServer struct {
// contains filtered or unexported fields
}
func NewVerifiableServer ¶
func NewVerifiableServer(s Suite, key *PrivateKey) VerifiableServer
func (VerifiableServer) Evaluate ¶ added in v1.2.0
func (s VerifiableServer) Evaluate(req *EvaluationRequest) (*Evaluation, error)
func (VerifiableServer) FullEvaluate ¶ added in v1.2.0
func (s VerifiableServer) FullEvaluate(input []byte) (output []byte, err error)
func (VerifiableServer) PublicKey ¶ added in v1.2.0
func (s VerifiableServer) PublicKey() *PublicKey
func (VerifiableServer) VerifyFinalize ¶ added in v1.2.0
func (s VerifiableServer) VerifyFinalize(input, expectedOutput []byte) bool
Source Files
Click to show internal directories.
Click to hide internal directories.