Module oprf::coprf::coprf_online
source · Expand description
§E.2. CoPRF Online Protocol
Requester(bpk, input) Evaluator(k) Receiver(bpk, bsk)
--------------------------------------------------------------------------------------------------------------------------------
blindedElement = Blind(bpk, input)
blindedElement
---------->
evaluatedElement = BlindEvaluate(k, blindedElement)
evaluatedElement
---------->
output = Finalize(bsk, evaluatedElement)
Functions§
- The requester blinds a query for blind evaluation by Elgamal encryption with the blinding public key of the target receiver after applying the RO-mapping into the base group used by the encryption scheme to the input bytes.
- Blind conversion is performed using the homomorphic properties of the Elgamal ciphertext. Like all other ciphertexts received by the evaluator, the blinded output is rerandomized to provide collusion-resistance.
- Blind PRF Evaluation is performed using the homomorphic properties of Elgamal ciphertexts. Further, the converter rerandomizes every ciphertext that it receives in order to achieve resistance against collusion between requester and receiver.
- To recover the PRF output, the receiver performs unblinding of the blind evaluation result by Elgamal decryption.
- A PRF output can be blinded for blind conversion by perfoming an Elgamal encryption of it under the target blinding public key.
Type Aliases§
- The blinded coPRF input corresponds to a ciphertext of the underlying rerandomizable encryption scheme, in our case an Elgamal ciphertext.
- Since blind evaluation is performed via the homomorphic properties and rerandomizability of the underlying encryption scheme, a coPRF output is also a ciphertext of the underlying encryption scheme.
- CoPRF Inputs can be arbitrary byte strings.
- The coPRF range is the range of the underlying PRF, in our case the group of points on P-256.