A golang implementation of the VOPRF protocol in draft-irtf-cfrg-voprf.
Run:
make docs
and navigate to http://localhost:6060/pkg.
Run tests:
make test
Run benchmarks:
make bench
Starts a server for running the (V)OPRF protocol.
-
Run server (OPRF, P384):
make server GROUP=P384 -
Run server (VOPRF, P384):
make server GROUP=P384 VERIFIABLE=1-
Expected output:
go build -o voprf-go ./voprf-go --mode=server --max_evals=10 --ciph=VOPRF-P521-HKDF-SHA512-SSWU-RO Starting server... Server listening on port 3001 Secret key: <secret-key> Public key: <public-key>
-
-
Can also use P521 and curve448 as group inputs
Starts a client that communicates with a running (V)OPRF server (default port 3001).
-
Run client (OPRF):
make client GROUP=P384-
Expected output (OPRF):
go build -o voprf-go ./voprf-go --mode=client --n=3 --ciph=OPRF-P384-HKDF-SHA512-SSWU-RO Starting client... *********** Inputs =========== ... *********** *********** Blinds =========== ... *********** *********** Outputs =========== ... *********** *********** Evaluations =========== { "elements": [ ... ] } ***********
-
-
Run client (VOPRF):
make client VERIFIABLE=1 PUBLIC_KEY=<server_public_key>-
Expected output (VOPRF):
go build -o voprf-go ./voprf-go --mode=client --n=3 --ciph=VOPRF-P384-HKDF-SHA512-SSWU-RO --pk=<server_public_key> Starting client... Setting public key: <server_public_key> *********** Inputs =========== ... *********** *********** Blinds =========== ... *********** *********** Outputs =========== ... *********** *********** Evaluations =========== { "elements": [ ... ], "proof": [ ... ] } ***********
-
-
Can also use P521 and curve448 as group inputs
Run a server:
make server GROUP=<group> TEST=<tv_idx>
Run a client:
make client GROUP=<group> TEST=<tv_idx>
The setting of <tv_idx> corresponds to the index of the test vector
that is used (a value from 0 to 8). The ciphersuite can be configured as
above, but only verifiable ciphersuites are supported.
- OPRF-P384-HKDF-SHA512-SSWU-RO
- VOPRF-P384-HKDF-SHA512-SSWU-RO
- OPRF-P521-HKDF-SHA512-SSWU-RO
- VOPRF-P521-HKDF-SHA512-SSWU-RO
- OPRF-curve448-HKDF-SHA512-ELL2-RO
- VOPRF-curve448-HKDF-SHA512-ELL2-RO
These are the initial inputs (x) generated by the client. They are
generated as part of the OPRF_Blind (/VOPRF_Blind) algorithms, and then
stored for the purpose of running OPRF_Finalize (/VOPRF_Finalize) later
after the client has received output from the server.
The scalar values that are used for blinding the group elements
generated by computing H_1(x), where x is an input value.
Specifically, the blinds are the values r where P = rH_1(x) are the
group elements sent to the server.
The outputs (denoted by y) of OPRF_Finalize (/VOPRF_Finalize) after
the server output is received and validated.
The array defined by "elements" are the group elements Q = kP
computed by the server (where k is the Server's secret key). The array
of elements "proof" are scalar values that are computed as a DLEQ
proof object over the evaluated group elements. The "proof" values are
only generated when the server & client are running a VOPRF protocol.