webcrypto api (question)

[sublimator]

Curious what the plans are with the webcrypto API given the proof needs more than simple scalar arithmetic to solve. Meaning you couldn't really construct a useful client without user-land JS to to implement Group/Scalar functions. Signing is just one small piece ?

[armfazh]

The initial proposal (found in webcrypto.md) tries to re-purpose the signing operation under a different algorithm name. Thus, webcrypto API suffers no changes.

As the protocol got more variants (POPRF and VOPRF), the webcrypto API may not cover all of them. Then, it is desirable to have a special API to deal with the oblivious-PRF functions from the specification.

One potential solution is defining a proper API in WASI crypto, instead of in the Webcrypto API. Certainly, we want to hear more about use cases, and users to motivate its integration in WASI (cc: @jedisct1).

[jedisct1]

Designing a nice generic API may be challenging, but support for OPRFs can definitely be added to the WASI-Crypto specification.

Not as a REQUIRED module, but as an optional one. At least, this will ensure that all implementations share the same API.

[jedisct1]

Note that the module can be promoted to REQUIRED later, depending on usage.