npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@celo/poprf

v0.1.9

Published

A threshold-computable partially-oblivous psuedo-random function

Downloads

71

Readme

Pith POPRF

:warning: Functionality in this repository has not undergone detailed security review. It should be used with caution. It may contain unknown vulnerabilities and based on results of further review, it may be changed in backwards incompatible ways.

This repository implements a threshold-computable partially-oblivious pseudo-random function (POPRF) with evaluations that are verifiable by the client.

A partially-oblivious PRF (POPRF) is a protocol between a client and a server to evaluate the keyed pseudo-random function F(k, t, m). The client provides the tag input, t, and message input, m. The server provides the secret key input k. During the exchange the server learns the client-provided tag, but gains no other information. In particular, they learn nothing about the message. The client learns the output of the PRF function F, but no other information about the secret key held by the server.

Building upon the existing BLS threshold signature based OPRF implemented for use on Celo in ODIS, this repository implements an extension to the Pythia POPRF specification to provide threshold computation and verification against a single pre-shared public key. This construction is called Pith for its basis on Pythia and usage in the Celo PIN/Password Encrypted Account Recovery protocol PEAR.

At a high level, the POPRF is a protocol with a client and a service who collectively compute a keyed PRF (i.e. essentially a hash) over a tag input and a message input. The message input is secret to the client, and the private key input is secret to the service. In order to compute the final function the client "blinds" the message and sends it, along with the tag, to the service. The service may choose to compute the POPRF function over this blinded message and plaintext tag, resulting in a blinded evaluation. This is sent back to the client, who unblinds the evaluation to get the final output. More details are available in the specification below.

Specification

The specification linked above is also available in this repository as specification.md.

Applications

Some applications of (P)OPRFs include:

WASM bindings

This library provides WASM bindings for signing under the ffi/wasm.rs module. These can be built via the wasm-pack tool. Depending on the platform you are targeting, you'll need to use a different build flag.

Note: You can also replace celo with your own NPM username to test publish.

# Builds the WASM and wraps it as NPM package @celo/poprf
wasm-pack build --target nodejs --scope celo -- --features=wasm

The bundled WASM package will be under the pkg/ directory. You can then either pack and publish it with wasm-pack's pack and publish commands, or manually import it in your application.

wasm-pack publish --access public

TypeScript usage

Here is an example of using the library. In practice there will be a client and a server, with the assumption that the client holds the message and the server holds the private key. In this snippet, both client and server are represented.

import * as poprf from '@celo/poprf'
import 'crypto'

const message = Buffer.from("message")
const tag = Buffer.from("tag")

// Generate a local keypair for demonstration purposes.
const keypair = poprf.keygen(crypto.randomBytes(32))

// Client: Blind the message to send to the server.
const { blindedMessage, blindingFactor } = poprf.blindMsg(message, crypto.randomBytes(32))

// Server: Evaluate the POPRF over the blinded message and tag.
const response = poprf.blindEval(keypair.privateKey, tag, blindedMessage)

// Client: Unblind and verify the evaluation returned from the server.
const result = poprf.unblindResp(keypair.publicKey, blindingFactor, tag, response)