Replace the server's global oprf_seed in OPAQUE with a per-user seed

boltlabs-inc / key-mgmt-spec

Formal specification for the key management project

MIT License

3 stars 2 forks source link

Replace the server's global oprf_seed in OPAQUE with a per-user seed #142

Open indomitableSwan opened 1 year ago

indomitableSwan commented 1 year ago

Instead of using a global oprf_seed in OPAQUE, the server should first pick a per-user seed, user_seed, and then derive the per-user OPAQUE oprf seed from user_seed plus a domain separator.