ppoprf/
lib.rs

1//! This module defines the combined functionality for producing a
2//! puncturable partially oblivious pseudorandom function (PPOPRF)
3//! protocol. The protocol combines the PPOPRF of [Tyagi et
4//! al.](https://eprint.iacr.org/2021/864.pdf) with the classic GGM
5//! puncturable PRF.
6//!
7//! The result is a POPRF that can provide forward-security guarantees
8//! related to the pseudorandomness of client-side outputs, by allowing
9//! the puncturing of metadata tags from the server secret key. Such
10//! guarantees hold when clients reveal POPRF outputs for a metadata tag
11//! `t`, after `t` has been punctured from the secret key. This
12//! functionality is used to provide forward-secure randomness to
13//! clients in the STAR protocol.
14
15pub mod ggm;
16pub mod ppoprf;
17
18mod strobe_rng;
19
20use derive_more::{Display, Error};
21
22#[derive(Debug, Error, Display)]
23pub enum PPRFError {
24  #[display(fmt = "Specified tag ({md}) is not a valid metadata tag")]
25  BadTag { md: u8 },
26  #[display(fmt = "No prefix found")]
27  NoPrefixFound,
28  #[display(fmt = "Tag already punctured")]
29  AlreadyPunctured,
30  #[display(
31    fmt = "Input length ({actual}) does not match input param ({expected})"
32  )]
33  BadInputLength { actual: usize, expected: usize },
34  #[display(fmt = "Unexpected end of bv")]
35  UnexpectedEndOfBv,
36  #[display(fmt = "Bincode serialization error: {_0}")]
37  Bincode(bincode::Error),
38  #[display(fmt = "Serialized data exceeds size limit")]
39  SerializedDataTooBig,
40  #[display(fmt = "Bad compressed ristretto point encoding")]
41  BadPointEncoding,
42}
43
44pub trait PPRF {
45  fn setup() -> Self;
46  fn eval(&self, input: &[u8], output: &mut [u8]) -> Result<(), PPRFError>;
47  fn puncture(&mut self, input: &[u8]) -> Result<(), PPRFError>;
48}