## Cryptology ePrint Archive: Report 2021/864

A Fast and Simple Partially Oblivious PRF, with Applications

Nirvan Tyagi and Sofı́a Celi and Thomas Ristenpart and Nick Sullivan and Stefano Tessaro and Christopher A. Wood

Abstract: We build the first construction of a partially oblivious pseudorandom function (POPRF) that does not rely on bilinear pairings. Our construction can be viewed as combining elements of the 2HashDH OPRF of Jarecki, Kiayias, and Krawczyk with the Dodis-Yampolskiy PRF. We analyze our POPRF’s security in the random oracle model via reduction to a new one-more gap strong Diffie-Hellman inversion assumption. The most significant technical challenge is establishing confidence in the new assumption, which requires new proof techniques that enable us to show that its hardness is implied by the $q$-DL assumption in the algebraic group model.

Our new construction is as fast as the current, standards-track OPRF 2HashDH protocol, yet provides a new degree of flexibility useful in a variety of applications. We show how POPRFs can be used to prevent token hoarding attacks against Privacy Pass, reduce key management complexity in the OPAQUE password authenticated key exchange protocol, and ensure stronger security for password breach alerting services.

Category / Keywords: cryptographic protocols / verifiable oblivious pseudorandom functions, Diffie-Hellman inversion, anonymous tokens, blind signatures

Date: received 24 Jun 2021, last revised 6 Oct 2021

Contact author: nirvan tyagi at gmail com

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2021/864

[ Cryptology ePrint archive ]