Module oprf::coprf::coprf_setup

E.1. CoPRF Setup

CoPRFs are defined in a multi-key setting, such that CoPRF evaluation keys are derived from a master secret.

Structs

• CoPRFEvaluatorContext
  The coPRF evaluator holds the coPRF master secret.
• CoPRFReceiverContext
  The coPRF receiver needs an unblinding private key in order to obtain the final coPRF output from the blinded evaluation result.
• CoPRFRequesterContext
  The coPRF requester requires the blinding public key of the intended receiver of the PRF output.

Functions

• derive_key
  E.1.5. Evaluation Key Derivation

Type Aliases

• BlindingPrivateKey
  As unblinding is performed by Elgamal decryption, the unblinding private key is an Elgamal decryption key.
• BlindingPublicKey
  As blinding is performed by Elgamal encryption, the blinding public key is an Elgamal encryption key.
• CoPRFKey
  A coPRF evaluation key is a scalar for the base group of the scheme, in our case P256.
• CoPRFKeyID
  A coPRF evaluation key is identified by a bytestring of arbitrary length.
• CoPRFMasterSecret
  The master secret for generating coPRF keys. It is fixed to a length 32 bytes since that is the number of bytes necessary as an input for HPKE-style key derivation when targeting scalars in P256. Per the HPKE RFC [RFC9180] it is crucial that a minimum of Nsk bytes of entropy is provided to the key derivation algorithm, where Nsk is the number of bytes to represent a valid private key, i.e. a P256 scalar in our case.