IETF Logo Mail Archive

Re: [CFRG] Does OPRF/OPAQUE require full implementation of RFC 9380

stef <f3o09vld@ctrlc.hu> Sat, 30 March 2024 14:58 UTC

Return-Path: <f3o09vld@ctrlc.hu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14401C14F60D for <cfrg@ietfa.amsl.com>; Sat, 30 Mar 2024 07:58:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EgtlZx1J_1sP for <cfrg@ietfa.amsl.com>; Sat, 30 Mar 2024 07:58:50 -0700 (PDT)
Received: from ctrlc.hu (ctrlc.hu [185.193.126.105]) by ietfa.amsl.com (Postfix) with ESMTP id 85F4CC14F603 for <cfrg@irtf.org>; Sat, 30 Mar 2024 07:58:49 -0700 (PDT)
Received: from x2.ctrlc.hu (unknown [10.23.5.25]) by ctrlc.hu (Postfix) with ESMTP id 2B2B9866D0B; Sat, 30 Mar 2024 14:58:48 +0000 (UTC)
Received: by x2.ctrlc.hu (Postfix, from userid 1000) id CC2BA3D; Sat, 30 Mar 2024 14:58:35 +0000 (UTC)
Date: Sat, 30 Mar 2024 15:58:35 +0100
From: stef <f3o09vld@ctrlc.hu>
To: Stefan Santesson <stefan@aaa-sec.com>
Cc: IRTF CFRG <cfrg@irtf.org>
Message-ID: <Zggom4y99hpcydwW@localhost>
References: <410a0800-78ff-422f-8ca3-5a0211478cbd@aaa-sec.com> <ZggEdsYNOnNmxcsb@localhost> <69c770f4-ba21-4497-bccf-56f5357988ec@aaa-sec.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <69c770f4-ba21-4497-bccf-56f5357988ec@aaa-sec.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/7EON9QUxUL5aS1UoD5LCr3jGIhY>
Subject: Re: [CFRG] Does OPRF/OPAQUE require full implementation of RFC 9380
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Mar 2024 14:58:52 -0000

On Sat, Mar 30, 2024 at 03:53:04PM +0100, Stefan Santesson wrote:
> Right now I'm more interested in the security analysis than interop. So
> right now I'm mostly interested if there is a distinct and important
> security requirement to implement hashToGroup a´la RFC 9380, of if a simpler
> approach as the one I showed would do the job. And if not, why?
> 
> Regarding library support I haven't found any libraries implementing P-256
> OPRF in the platforms I'm looking for which is mobile development, Java and
> Python.

> Where can I find all current implementations of OPRF/OPAQUE, and in
> particular hathToGroup and hashToScalar ?

https://github.com/cfrg/draft-irtf-cfrg-voprf/?tab=readme-ov-file#existing-implementations
https://github.com/cfrg/draft-irtf-cfrg-opaque/?tab=readme-ov-file#implementations
https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve?tab=readme-ov-file#reference-implementations

v2.23.0 | Report a Bug | By Email