Revision as of 09:39, 1 February 2024 edit Frap (talk \| contribs) Extended confirmed users, File movers, Pending changes reviewers, Rollbackers 35,593 edits MOS:HEAD ← Previous edit		Revision as of 14:28, 1 February 2024 edit undo Jasonkresch (talk \| contribs) 59 edits →Extensions: added section on verifiability Tag: Disambiguation links added Next edit →
Line 179: == Extensions == The OPRF construction can be extended in various ways. These include: verifiable, partially-oblivious, threshold-secure, and post-quantum secure versions. === Verifiable OPRF === Many applications require the ability of the first-party to verify the OPRF output was computed correctly. For example, when using the output as a key to encrypt data. If the wrong value is computed, that encrypted data may be lost forever. Fortunately, most OPRFs support verifiability. For example, when using [[RSA]] blind signatures as the underlying construction, the client can, with the public key, verify the correctness of the resulting [[digital signature]]. When using [[Elliptic Curve]] or [[Diffie-Hellman]] based OPRFs, then knowing the public key ''y = g^x'', it is possible to use a second request to the OPRF server to create a [[zero-knowledge proof]] of correctness for the previous result. === Partially-oblivious PRF ===

Oblivious pseudorandom function: Difference between revisions