chris-wood
commented
2 years ago @armfazh suggestions applied and comments resolved. Please have another look.
Closed chris-wood closed 2 years ago
chris-wood
commented
2 years ago @armfazh suggestions applied and comments resolved. Please have another look.
bytemare
commented
2 years ago @chris-wood We could piggyback #291 in this PR
chris-wood
commented
2 years ago @bytemare I figured we'd leave that out for now, since this is primarily a refactoring.
chris-wood
commented
2 years ago Ready for review. @alxdavids, please let me know if you will or will not have time to review this.
alxdavids
commented
2 years ago @chris-wood I will review it, but I won't be able to get it done until the start of next week. Does this need to move on a quicker timeframe?
bytemare
commented
2 years ago Forgot to confirm that vectors are ok!
This refactor is predicated on the observation that 2HashDH and 3HashSDHI are equivalent for the non-verifiable case, and that public input is only really relevant for the verifiable case. The end result is three protocol variants in the spec: a base OPRF mode that is not variable, a 2HashDH verifiable mode without public input, and a 3HashDH-SDHI variant that is verifiable with public input.
I think this is a good compromise given all the considerations involved -- threshold VOPRF, huzzah! -- and in the end yields a more understandable document. I also think the new structure should be easier to follow.
Rendered version of this PR.
Note: test vectors have not yet been updated. I will do that in a followup series of commits once this gets some approvals.
cc @kevinlewi, @bytemare, @hugokraw, @tomrist