Re: [Cfrg] I-D Action: draft-irtf-cfrg-voprf-03.txt
Alex Davidson <alex.davidson92@gmail.com> Mon, 09 March 2020 18:06 UTC
Return-Path: <alex.davidson92@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 01B933A12A2;
Mon, 9 Mar 2020 11:06:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.847
X-Spam-Level:
X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id pWhqjWOBAhpp; Mon, 9 Mar 2020 11:05:59 -0700 (PDT)
Received: from mail-vk1-xa2f.google.com (mail-vk1-xa2f.google.com
[IPv6:2607:f8b0:4864:20::a2f])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 64EC93A12A1;
Mon, 9 Mar 2020 11:05:59 -0700 (PDT)
Received: by mail-vk1-xa2f.google.com with SMTP id w4so2807295vkd.5;
Mon, 09 Mar 2020 11:05:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc;
bh=DGHkk9birGmkltWvJIX9UDcSfuMWmuGVpMJHN/mNJMk=;
b=H8d4r9ZoszZHfW65bfb6i0PFzKzUkiY4GOgSbMF99YfEklIBr7QVo5T0zkOVPi4y9k
Gc7SviYjdzK0nZim6sfQT8HcrFYfoQMDiGdJp1BA+4VIrdztVROds/onZQPkhuGkqpnF
DhglWegdO5zNwxy11HTQCPR/G0ql2S3oQURDCL6mndJDrjaNK/w2vIJ1m1I3LJDgIw/h
e36NANed6vwoF3YBequYb8Yln06K49Rt2+2k7pgjr7RyDElVpka152Vp1FJp61537PT4
yWKNPdSmgcbYIQfhwV1ZVZZ029wn+oAcDpVHQpvL8vHEN02nTSr3oKgsALavaGl++c2t 2BEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=DGHkk9birGmkltWvJIX9UDcSfuMWmuGVpMJHN/mNJMk=;
b=AwMd6CDv/alS9MtsZfhfb66XR01yembuylVVZA0KPnXuaTDMGjHst91NU8fgD5osrT
DryD0pf0Rao+HxbAa/9vZWgzpg3VdEF1B7iwraSUyfK02g92g1lfQaMXD+KkU7uW2FMx
F8mr8A5+6/f8Mx2X3v6Uj5AU8CZNdamVbeauuLliahsdFrqHmBInGvWqumhZS2O0f3lu
eKsqRphUQs+VfFVnTCwvuVxzEGc6vKSgqy4p2cWTG52Mw06BkvR3xmnF0+Hso0qWiyN4
L4/D1auDvM/tbdRKo3xIdouI21RtpPJpgZpWd6xJ5S9oBW+JmmLojAdCEPycyAXt1/Kl
EGFw==
X-Gm-Message-State: ANhLgQ3KPZucQKFE6YugWJzZdz+W+WJvL+e6mawk5Pnt4Kt2i+XJr/Y6
pgfTAT9FNsCh1cAGcjq3EF+MFcU0WIpkRZ+IsrQBFgE=
X-Google-Smtp-Source: =?utf-8?q?ADFU+vvVmiuL82H4Qd5QOwQL/ATdbh1+RgTau34c+7U1?=
=?utf-8?q?3FnIgjjHBsHc4wctCISl8khzAhk1sZ4ssNuu9EGHiBZaaTE=3D?=
X-Received: by 2002:a1f:dbc3:: with SMTP id s186mr6198345vkg.89.1583777157907;
Mon, 09 Mar 2020 11:05:57 -0700 (PDT)
MIME-Version: 1.0
References: <158376392411.13809.14933752518641539655@ietfa.amsl.com>
In-Reply-To: <158376392411.13809.14933752518641539655@ietfa.amsl.com>
From: Alex Davidson <alex.davidson92@gmail.com>
Date: Mon, 9 Mar 2020 18:05:46 +0000
Message-ID:
<CAD5V+fMPHfHTy3gNejLX3cqcTYgWVXDC0KJ-qRFOVwfxTNs0RA@mail.gmail.com>
To: cfrg@ietf.org
Cc: i-d-announce@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e687f005a06fdae2"
Archived-At:
<https://mailarchive.ietf.org/arch/msg/cfrg/NL_cBWPIJENjeA48v8oljMHeEvE>
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-voprf-03.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>,
<mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>,
<mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2020 18:06:02 -0000
Dear CFRG, This change to the OPRF draft includes minor clarifications plus the following changes. - We now certify public key during VerifiableFinalize as per advice from Hugo Krawczyk (https://github.com/cfrg/draft-irtf-cfrg-voprf/issues/29). - Added text discussing how to perform domain separation for the OPRF primitive. - Make prime-order group assumptions explicit. - Changes to algorithms that accept batched inputs as they were not previously clear. - Changes to construction of batched DLEQ proofs. - Updated ciphersuites to be consistent with hash-to-curve and added OPRF specific ciphersuites. In addition, we're currently working on a number of proof-of-concept implementations of the primitive at https://github.com/alxdavids/voprf-poc to demonstrate working examples of the protocol that follow the latest version of the draft. The current implementations that we have are written in Go and Rust. Contributions to these implementations, or of new implementations in different languages, would be very welcome! There is also a new draft detailing the Privacy Pass protocol that explicitly uses the VOPRF protocol in this draft as a dependency: https://tools.ietf.org/html/draft-davidson-pp-protocol-00. There is a BoF event planned at IETF 107 for privacy-pass that will discuss whether to form a working group around the protocol. Looking forward to hearing your comments, Alex, Nick & Chris On Mon, Mar 9, 2020 at 2:25 PM <internet-drafts@ietf.org> wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Crypto Forum RG of the IRTF. > > Title : Oblivious Pseudorandom Functions (OPRFs) using > Prime-Order Groups > Authors : Alex Davidson > Nick Sullivan > Christopher A. Wood > Filename : draft-irtf-cfrg-voprf-03.txt > Pages : 40 > Date : 2020-03-09 > > Abstract: > An Oblivious Pseudorandom Function (OPRF) is a two-party protocol for > computing the output of a PRF. One party (the server) holds the PRF > secret key, and the other (the client) holds the PRF input. The > 'obliviousness' property ensures that the server does not learn > anything about the client's input during the evaluation. The client > should also not learn anything about the server's secret PRF key. > Optionally, OPRFs can also satisfy a notion 'verifiability' (VOPRF). > In this setting, the client can verify that the server's output is > indeed the result of evaluating the underlying PRF with just a public > key. This document specifies OPRF and VOPRF constructions > instantiated within prime-order groups, including elliptic curves. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-irtf-cfrg-voprf/ > > There are also htmlized versions available at: > https://tools.ietf.org/html/draft-irtf-cfrg-voprf-03 > https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-voprf-03 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-irtf-cfrg-voprf-03 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg >
- [Cfrg] I-D Action: draft-irtf-cfrg-voprf-03.txt internet-drafts
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-voprf-03.t… Alex Davidson