cfrg / draft-irtf-cfrg-voprf

Oblivious Pseudorandom Functions (OPRFs) using Prime-Order Groups

https://cfrg.github.io/draft-irtf-cfrg-voprf/#go.draft-irtf-cfrg-voprf.html

Other

39 stars 15 forks source link

Use a per-mode-ciphersuite DST for deterministic key derivation #247

Closed armfazh closed 3 years ago

armfazh commented 3 years ago

no updates in the spec, this updates the code.

Adds the version as prefix in several parts.

chris-wood commented 3 years ago

243 changed the domain separation strings such that they're of the following general form:

LABEL-STRING || VERSION || MODE || SUITE-ID

So, for example, the finalize DST is:

"Finalize-" || "VOPRF06-" || MODE || SUITE-ID

This change seems to make the code do something like:

"VOPRF06-" || "Finalize-" || MODE || SUITE-ID

Which is a spec change. Was that intended? (For context, the change in #243 was to allow better re-use of internal functions for the DLEQ proofs outside of this spec.)

armfazh commented 3 years ago

chris-wood:

243 changed the domain separation strings such that they're of the following general form:

Which is a spec change. Was that intended?

No, I did changes in a old version. I fixed that now. The only "breaking change" is on DeriveKeyPair, now it uses the DST derived from mode and ciphersuite. (This was commented in #236 )

chris-wood commented 3 years ago

@armfazh can we file an issue to track updating this in CIRCL? And please feel free to merge with or without addressing the comment above!