cfrg / draft-irtf-cfrg-voprf

Oblivious Pseudorandom Functions (OPRFs) using Prime-Order Groups
https://cfrg.github.io/draft-irtf-cfrg-voprf/#go.draft-irtf-cfrg-voprf.html
Other
39 stars 15 forks source link

Addresses comments by RH #357

Closed armfazh closed 2 years ago

armfazh commented 2 years ago

Addresses comments by RH.

Section 2.1 says: "... each element in the proof ...". In the previous sentence, there is a discussion of "batching DLEQ proofs". I think this is talking about each proof in the batch. Please clarify.

Section 6.1: Please consider definitions for domain and range. The definitions probably go in Section 1.3, nit in this section.

Comment: I think the description is abstract, and there is no need to define these terms.

Nits:

The document uses "byte array" and "byte string". I think it would be helpful to pick one and use it throughout. (I have a mild preference for byte string because it makes it easier to define "ASCII string literals".)

Throughout the document: s/SHAKE-256/SHAKE256/

The curves referenced in [X9.62] are also available in [SEC2], which is already being referenced. I think you can get away with one less reference.

Comment: Still using X9.62 as appeared before than SEC2.

Section 3.1: s/a one-byte value/a one-byte value (in hexadecimal)/

Section 3.2: s/optional public/an optional public/

Section 5.3: s/specification, however/specification; however,/

Section 6.2.1 says: "... VOPRF protocol Section 6.1 ...". There seem to be some words missing. I think this is trying to say: "... VOPRF protocol specified in Section 6.1 of this document ...".

Suggestion:

Once the change log is removed by the RFC Editor, the rationale for having both ComputeComposites and ComputeCompositesFast will be lost. Please add some text to the body of the document to capture this detail.