Deriving keys from low-entropy data

Mishti Network derives keys from low-entropy data by using a threshold verifiable oblivious pseudorandom function (tVOPRF)

Pseudorandom Functions (PRF)

A standard pseudorandom function, without obliviousness, takes a secret key and mixes it with an input to give a pseudorandom output. If you don't know the secret, it is computationally not feasible tell the difference between the output and pure randomness. This is great for turning data into keys, but it "sees" the data so can't be used with sensitive data.

Oblivious Pseudorandom Function

An oblivious pseudorandom function is a pseudrandom function on hidden input. Mishti Network employs a particular type of OPRF called 2HashDH introduced by Jarecki, Kiayias, and, Krawczyk in 2014.

2HashDH Oblivious pseudorandom function (OPRF)

The PRF in 2HashDH for input x and key k is.

hashToScalar(
    k * hashToCurve(x)
)

But the "server" (in our case, the network) never sees hashToCurve(x). Rather, the client generates a random mask r to hide its input and sends

r * hashtoCurve(x)

The server multiples this by k and returns the resulting value. Then, the client multiples this result by r^(-1). The client and server have together computed this PRF without revealing the client's input!

OPRF Architecture Sequence Diagram

Last updated