Oblivious Pseudorandom Functions Using Prime-Order Groups
RFC 9497, “Oblivious Pseudorandom Functions Using Prime-Order Groups”, is an Informational document published in December 2023 by A. Davidson, A. Faz-Hernandez, N. Sullivan, C. A. Wood. The canonical text is published by the RFC Editor.
Abstract
An Oblivious Pseudorandom Function (OPRF) is a two-party protocol between a client and a server for computing the output of a Pseudorandom Function (PRF). The server provides the PRF private key, and the client provides the PRF input. At the end of the protocol, the client learns the PRF output without learning anything about the PRF private key, and the server learns neither the PRF input nor output. An OPRF can also satisfy a notion of 'verifiability', called a VOPRF. A VOPRF ensures clients can verify that the server used a specific private key during the execution of the protocol. A VOPRF can also be partially oblivious, called a POPRF. A POPRF allows clients and servers to provide public input to the PRF computation. This document specifies an OPRF, VOPRF, and POPRF instantiated within standard prime-order groups, including elliptic curves. This document is a product of the Crypto Forum Research Group (CFRG) in the IRTF.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 9497 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9496 The ristretto255 and decaf448 Groups
- RFC 9498 The GNU Name System
- RFC 9495 Certification Authority Authorization Processing for Email Addresses
- RFC 9494 Long-Lived Graceful Restart for BGP
- RFC 9500 Standard Public Key Cryptography Test Keys
- RFC 9493 Subject Identifiers for Security Event Tokens
- RFC 9501 Open Participation Principle regarding Remote Registration Fee
- RFC 9492 OSPF Application-Specific Link Attributes