Skip to content

Latest commit

 

History

History
 
 

go

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

voprf-go

A golang implementation of the VOPRF protocol in draft-irtf-cfrg-voprf.

Quickstart

Documentation

Run:

make docs

and navigate to http://localhost:6060/pkg.

Testing & benchmarks

Run tests:

make test

Run benchmarks:

make bench

Server

Starts a server for running the (V)OPRF protocol.

  • Run server (OPRF, P384):

    make server GROUP=P384
    
  • Run server (VOPRF, P384):

    make server GROUP=P384 VERIFIABLE=1
    
    • Expected output:

      go build -o voprf-go
      ./voprf-go --mode=server --max_evals=10 --ciph=VOPRF-P521-HKDF-SHA512-SSWU-RO
      Starting server...
      Server listening on port 3001
      Secret key: <secret-key>
      Public key: <public-key>
      
  • Can also use P521 and curve448 as group inputs

Client

Starts a client that communicates with a running (V)OPRF server (default port 3001).

  • Run client (OPRF):

    make client GROUP=P384
    
    • Expected output (OPRF):

      go build -o voprf-go
      ./voprf-go --mode=client --n=3 --ciph=OPRF-P384-HKDF-SHA512-SSWU-RO
      Starting client...
      ***********
      Inputs
      ===========
      ...
      ***********
      ***********
      Blinds
      ===========
      ...
      ***********
      ***********
      Outputs
      ===========
      ...
      ***********
      ***********
      Evaluations
      ===========
      {
      "elements": [
          ...
      ]
      }
      ***********
      
  • Run client (VOPRF):

    make client VERIFIABLE=1 PUBLIC_KEY=<server_public_key>
    
    • Expected output (VOPRF):

      go build -o voprf-go
      ./voprf-go --mode=client --n=3 --ciph=VOPRF-P384-HKDF-SHA512-SSWU-RO --pk=<server_public_key>
      Starting client...
      Setting public key:  <server_public_key>
      ***********
      Inputs
      ===========
      ...
      ***********
      ***********
      Blinds
      ===========
      ...
      ***********
      ***********
      Outputs
      ===========
      ...
      ***********
      ***********
      Evaluations
      ===========
      {
        "elements": [
            ...
        ],
        "proof": [
            ...
        ]
      }
      ***********
      
  • Can also use P521 and curve448 as group inputs

Generate test vectors

Run a server:

make server GROUP=<group> TEST=<tv_idx>

Run a client:

make client GROUP=<group> TEST=<tv_idx>

The setting of <tv_idx> corresponds to the index of the test vector that is used (a value from 0 to 8). The ciphersuite can be configured as above, but only verifiable ciphersuites are supported.

Supported ciphersuites

  • OPRF-P384-HKDF-SHA512-SSWU-RO
  • VOPRF-P384-HKDF-SHA512-SSWU-RO
  • OPRF-P521-HKDF-SHA512-SSWU-RO
  • VOPRF-P521-HKDF-SHA512-SSWU-RO
  • OPRF-curve448-HKDF-SHA512-ELL2-RO
  • VOPRF-curve448-HKDF-SHA512-ELL2-RO

Client Outputs

Inputs

These are the initial inputs (x) generated by the client. They are generated as part of the OPRF_Blind (/VOPRF_Blind) algorithms, and then stored for the purpose of running OPRF_Finalize (/VOPRF_Finalize) later after the client has received output from the server.

Blinds

The scalar values that are used for blinding the group elements generated by computing H_1(x), where x is an input value. Specifically, the blinds are the values r where P = rH_1(x) are the group elements sent to the server.

Outputs

The outputs (denoted by y) of OPRF_Finalize (/VOPRF_Finalize) after the server output is received and validated.

Evaluations

The array defined by "elements" are the group elements Q = kP computed by the server (where k is the Server's secret key). The array of elements "proof" are scalar values that are computed as a DLEQ proof object over the evaluated group elements. The "proof" values are only generated when the server & client are running a VOPRF protocol.