Expand description
§E.1. CoPRF Setup
CoPRFs are defined in a multi-key setting, such that CoPRF evaluation keys are derived from a master secret.
Structs§
- CoPRF
Evaluator Context - The coPRF evaluator holds the coPRF master secret.
- CoPRF
Receiver Context - The coPRF receiver needs an unblinding private key in order to obtain the final coPRF output from the blinded evaluation result.
- CoPRF
Requester Context - The coPRF requester requires the blinding public key of the intended receiver of the PRF output.
Functions§
- derive_
key - E.1.5. Evaluation Key Derivation
Type Aliases§
- Blinding
Private Key - As unblinding is performed by Elgamal decryption, the unblinding private key is an Elgamal decryption key.
- Blinding
Public Key - As blinding is performed by Elgamal encryption, the blinding public key is an Elgamal encryption key.
- CoPRF
Key - A coPRF evaluation key is a scalar for the base group of the scheme, in our case P256.
- CoPRF
KeyID - A coPRF evaluation key is identified by a bytestring of arbitrary length.
- CoPRF
Master Secret - The master secret for generating coPRF keys. It is fixed to a
length 32 bytes since that is the number of bytes necessary as an
input for HPKE-style key derivation when targeting scalars in
P256. Per the HPKE RFC [RFC9180] it is crucial that a minimum of
Nskbytes of entropy is provided to the key derivation algorithm, whereNskis the number of bytes to represent a valid private key, i.e. a P256 scalar in our case.