Revision as of 12:09, 6 March 2024 edit Achmad Rachmani (talk \| contribs) Extended confirmed users 98,317 edits →Password-authenticated key exchange: Altered title. ← Previous edit		Revision as of 12:10, 6 March 2024 edit undo Achmad Rachmani (talk \| contribs) Extended confirmed users 98,317 edits →Verifiable OPRF: Altered title. Next edit →
Line 195: Fortunately, most OPRFs support verifiability. For example, when using [[RSA (cryptosystem)\|RSA]] blind signatures as the underlying construction, the client can, with the public key, verify the correctness of the resulting [[digital signature]]. When using [[Elliptic Curve]] or [[Diffie-Hellman]] based OPRFs, then knowing the public key ''y = g<sup>x</sup>'', it is possible to use a second request to the OPRF server to create a [[zero-knowledge proof]] of correctness for the previous result.<ref>{{cite book \|last1=Jarecki \|first1=Stanislaw \|last2=Kiayias \|first2=Aggelos \|last3=Krawczyk \|first3=Hugo \|chapter=Round-Optimal Password-Protected Secret Sharing and T-PAKE in the Password-Only Model \|series=Lecture Notes in Computer Science \|title~~=Advances in Cryptology – ASIACRYPT 2014 \|journal~~=Advances in Cryptology \|date=2014 \|volume=ASIACRYPT 2014 - 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7–11, 2014, Proceedings, Part II \|pages=233–253 \|doi=10.1007/978-3-662-45608-8_13\|isbn=978-3-662-45607-1 }}</ref><ref name="voprf">{{cite journal \|last1=Davidson \|first1=Alex \|last2=Faz-Hernandez \|first2=Armando \|last3=Sullivan \|first3=Nick \|last4=Wood \|first4=Christopher A. \|title=Oblivious Pseudorandom Functions (OPRFs) Using Prime-Order Groups \|journal=Internet Engineering Task Force \|date=2023 \|volume=RFC 9497 \|doi=10.17487/RFC9497 \|s2cid=149835146 \|url=https://www.rfc-editor.org/info/rfc9497}}</ref> === Partially-oblivious PRF ===

Oblivious pseudorandom function: Difference between revisions