An Oblivious Pseudo-Random Function (OPRF) is versatile cryptographic primitive which is the basis for a wide range of protocols and tools. They enable one to outsource randomness computations to another party without having to trust them or make any compromises in confidentiality of the inputs. The most common benefit of using an OPRF, is that it adds strong privacy guarantees to protocols. A well-placed OPRF can also provide confidentiality without needing a PKI infrastructure. In some cases an OPRF can provide strong security guarantees that traditional systems cannot provide. OPRFs are truly one of the most exciting and underappreciated cryptographic building blocks of the last decade.
In this talk I am will explain how OPRFs work, properties can achieve, and how OPRFs are used in various protocols. I am going to show some examples of existing free software tools which use or provide OPRFs and how these tools compare to alternative solutions.
The talk is structured in two parts, a theoretic part which explains various types of OPRFs, their properties and where and how these are beneficial. And in the second part I will show concrete free software implementations: liboprf, libopaque, sphinx (a password storage that could be run by the NSA) and klutshnik, a threshold key management system, all authored by Yours Truly. I will also touch briefly on standardisation efforts of OPAQUE and OPRF by the IRTF CFRG, to which I contribute.
Other examples I will bring will include private set intersection (used for contact discovery or haveibeenpwned-style privacy- respecting compromised account checks), private information retrieval, single-sign-on with privacy, deduplication and secure pattern matching.