{"draft":"draft-irtf-cfrg-voprf-21","doc_id":"RFC9497","title":"Oblivious Pseudorandom Functions (OPRFs) Using Prime-Order Groups","authors":["A. Davidson","A. Faz-Hernandez","N. Sullivan","C. A. Wood"],"format":["HTML","TEXT","PDF","XML"],"page_count":"61","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"Crypto Forum Research Group","abstract":"An Oblivious Pseudorandom Function (OPRF) is a two-party protocol\r\nbetween a client and a server for computing the output of a\r\nPseudorandom Function (PRF). The server provides the PRF private key,\r\nand the client provides the PRF input. At the end of the protocol,\r\nthe client learns the PRF output without learning anything about the\r\nPRF private key, and the server learns neither the PRF input nor\r\noutput. An OPRF can also satisfy a notion of 'verifiability', called\r\na VOPRF. A VOPRF ensures clients can verify that the server used a\r\nspecific private key during the execution of the protocol. A VOPRF\r\ncan also be partially oblivious, called a POPRF. A POPRF allows\r\nclients and servers to provide public input to the PRF computation.\r\nThis document specifies an OPRF, VOPRF, and POPRF instantiated within\r\nstandard prime-order groups, including elliptic curves. This document\r\nis a product of the Crypto Forum Research Group (CFRG) in the IRTF.","pub_date":"December 2023","keywords":[],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9497","errata_url":null}