diff --git a/draft-irtf-cfrg-voprf.md b/draft-irtf-cfrg-voprf.md index 40c27634..05f52054 100644 --- a/draft-irtf-cfrg-voprf.md +++ b/draft-irtf-cfrg-voprf.md @@ -710,19 +710,18 @@ Each of the three protocol variants are identified with a one-byte value (in hex {: #tab-modes title="Identifiers for protocol variants."} Additionally, each protocol variant is instantiated with a ciphersuite, -or suite. Each ciphersuite is identified with a two-byte value, referred -to as `suiteID`; see {{ciphersuites}} for the registry of initial values. +or suite. Each ciphersuite is identified with an ASCII string identifier, +referred to as identifier; see {{ciphersuites}} for the set of initial +ciphersuite values. -The mode and ciphersuite ID values are combined to create a "context string" -used throughout the protocol with the following function: +The mode and ciphersuite identifier values are combined to create a +"context string" used throughout the protocol with the following function: ~~~ pseudocode -def CreateContextString(mode, suiteID): - return "VOPRF10-" || I2OSP(mode, 1) || I2OSP(suiteID, 2) +def CreateContextString(mode, identifier): + return "OPRFV1-" || I2OSP(mode, 1) || "-" || identifier ~~~ -[[RFC editor: please change "VOPRF10" to "RFCXXXX", where XXXX is the final number, here and elsewhere before publication.]] - ## Key Generation and Context Setup {#offline} In the offline setup phase, the server key pair (`skS`, `pkS`) is generated @@ -752,43 +751,43 @@ def GenerateKeyPair(): Also during the offline setup phase, both the client and server create a context used for executing the online phase of the protocol after agreeing on a -mode and ciphersuite value `suiteID`. The context, such as `OPRFServerContext`, +mode and ciphersuite identifier. The context, such as `OPRFServerContext`, is an implementation-specific data structure that stores a context string and the relevant key material for each party. The OPRF variant server and client contexts are created as follows: ~~~ pseudocode -def SetupOPRFServer(suiteID, skS): - contextString = CreateContextString(modeOPRF, suiteID) +def SetupOPRFServer(identifier, skS): + contextString = CreateContextString(modeOPRF, identifier) return OPRFServerContext(contextString, skS) -def SetupOPRFClient(suiteID): - contextString = CreateContextString(modeOPRF, suiteID) +def SetupOPRFClient(identifier): + contextString = CreateContextString(modeOPRF, identifier) return OPRFClientContext(contextString) ~~~ The VOPRF variant server and client contexts are created as follows: ~~~ pseudocode -def SetupVOPRFServer(suiteID, skS): - contextString = CreateContextString(modeVOPRF, suiteID) +def SetupVOPRFServer(identifier, skS): + contextString = CreateContextString(modeVOPRF, identifier) return VOPRFServerContext(contextString, skS) -def SetupVOPRFClient(suiteID, pkS): - contextString = CreateContextString(modeVOPRF, suiteID) +def SetupVOPRFClient(identifier, pkS): + contextString = CreateContextString(modeVOPRF, identifier) return VOPRFClientContext(contextString, pkS) ~~~ The POPRF variant server and client contexts are created as follows: ~~~ pseudocode -def SetupPOPRFServer(suiteID, skS): - contextString = CreateContextString(modePOPRF, suiteID) +def SetupPOPRFServer(identifier, skS): + contextString = CreateContextString(modePOPRF, identifier) return POPRFServerContext(contextString, skS) -def SetupPOPRFClient(suiteID, pkS): - contextString = CreateContextString(modePOPRF, suiteID) +def SetupPOPRFClient(identifier, pkS): + contextString = CreateContextString(modePOPRF, identifier) return POPRFClientContext(contextString, pkS) ~~~ @@ -1267,13 +1266,14 @@ This section specifies an initial registry of ciphersuites with supported groups and hash functions. It also includes implementation details for each ciphersuite, focusing on input validation, as well as requirements for future ciphersuites. -## Ciphersuite Registry - -For each ciphersuite, contextString is that which is computed in the Setup functions. +For each ciphersuite, `contextString` is that which is computed in the Setup functions. Applications should take caution in using ciphersuites targeting P-256 and ristretto255. See {{cryptanalysis}} for related discussion. -### OPRF(ristretto255, SHA-512) +## OPRF(ristretto255, SHA-512) + +This ciphersuite uses ristretto255 {{RISTRETTO}} for the Group and SHA-512 for the Hash +function. The value of the ciphersuite identifier is "ristretto255-SHA512". - Group: ristretto255 {{!RISTRETTO=I-D.irtf-cfrg-ristretto255-decaf448}} - Order(): Return 2^252 + 27742317777372353535851937790883648493 (see {{RISTRETTO}}) @@ -1301,9 +1301,11 @@ See {{cryptanalysis}} for related discussion. represent a Scalar in the range \[0, `G.Order()` - 1\]. Note that this means the top three bits of the input MUST be zero. - Hash: SHA-512; Nh = 64. -- ID: 0x0001 -### OPRF(decaf448, SHAKE-256) +## OPRF(decaf448, SHAKE-256) + +This ciphersuite uses decaf448 {{RISTRETTO}} for the Group and SHAKE-256 for the Hash +function. The value of the ciphersuite identifier is "decaf448-SHAKE256". - Group: decaf448 {{!RISTRETTO}} - Order(): Return 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 @@ -1330,9 +1332,11 @@ See {{cryptanalysis}} for related discussion. little-endian 56-byte string. This function can fail if the input does not represent a Scalar in the range \[0, `G.Order()` - 1\]. - Hash: SHAKE-256; Nh = 64. -- ID: 0x0002 -### OPRF(P-256, SHA-256) +## OPRF(P-256, SHA-256) + +This ciphersuite uses P-256 {{NISTCurves}} for the Group and SHA-256 for the Hash +function. The value of the ciphersuite identifier is "P256-SHA256". - Group: P-256 (secp256r1) {{NISTCurves}} - Order(): Return 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551. @@ -1363,9 +1367,11 @@ See {{cryptanalysis}} for related discussion. string using Octet-String-to-Field-Element from {{SEC1}}. This function can fail if the input does not represent a Scalar in the range \[0, `G.Order()` - 1\]. - Hash: SHA-256; Nh = 32. -- ID: 0x0003 -### OPRF(P-384, SHA-384) +## OPRF(P-384, SHA-384) + +This ciphersuite uses P-384 {{NISTCurves}} for the Group and SHA-384 for the Hash +function. The value of the ciphersuite identifier is "P384-SHA384". - Group: P-384 (secp384r1) {{NISTCurves}} - Order(): Return 0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973. @@ -1397,9 +1403,11 @@ See {{cryptanalysis}} for related discussion. string using Octet-String-to-Field-Element from {{SEC1}}. This function can fail if the input does not represent a Scalar in the range \[0, `G.Order()` - 1\]. - Hash: SHA-384; Nh = 48. -- ID: 0x0004 -### OPRF(P-521, SHA-512) +## OPRF(P-521, SHA-512) + +This ciphersuite uses P-521 {{NISTCurves}} for the Group and SHA-512 for the Hash +function. The value of the ciphersuite identifier is "P521-SHA512". - Group: P-521 (secp521r1) {{NISTCurves}} - Order(): Return 0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409. @@ -1431,7 +1439,6 @@ See {{cryptanalysis}} for related discussion. string using Octet-String-to-Field-Element from {{SEC1}}. This function can fail if the input does not represent a Scalar in the range \[0, `G.Order()` - 1\]. - Hash: SHA-512; Nh = 64. -- ID: 0x0005 ## Future Ciphersuites @@ -1748,7 +1755,7 @@ each ciphersuite. Both `pkSm` and `skSm` are the serialized values of is derived from a seed `Seed` and info string `KeyInfo`, which are listed as well, using the `DeriveKeyPair` function from {{offline}}. -## OPRF(ristretto255, SHA-512) +## ristretto255-SHA512 ### OPRF Mode @@ -1756,8 +1763,8 @@ listed as well, using the `DeriveKeyPair` function from {{offline}}. Seed = a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a 3a3 KeyInfo = 74657374206b6579 -skSm = e617ae6f2d10de61e16cab73023c5a2df74335d13f89470957214664468d2 -e0b +skSm = 5ebcea5ee37023ccb9fc2d2019f9d7737be85591ae8652ffa9ef0f4d37063 +b0e ~~~ #### Test Vector 1, Batch Size 1 @@ -1766,13 +1773,13 @@ e0b Input = 00 Blind = 64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec4c1f 6706 -BlindedElement = c83d0d8a3e80be2ced8bf35c5f3e24d42260ca8fa9a0403ca83 -033588c26614d -EvaluationElement = b29ca44d6dfafc77a50b72abc53cfb7abcbe9cf6714afc76 -893ee8dcaf053b59 -Output = 8a19c9b8f4459d541ebbfff4e29f36620e44e825a27b0f2e3a3c0d8e963 -588ee04348312dc8b43a48c41d4e7d904f95c91813a6b4f624392433f0568409da62 -8 +BlindedElement = 609a0ae68c15a3cf6903766461307e5c8bb2f95e7e6550e1ffa +2dc99e412803c +EvaluationElement = 7ec6578ae5120958eb2db1745758ff379e77cb64fe77b0b2 +d8cc917ea0869c7e +Output = 527759c3d9366f277d8c6020418d96bb393ba2afb20ff90df23fb770826 +4e2f3ab9135e3bd69955851de4b1f9fe8a0973396719b7912ba9ee8aa7d0b5e24bcf +6 ~~~ #### Test Vector 2, Batch Size 1 @@ -1781,13 +1788,13 @@ Output = 8a19c9b8f4459d541ebbfff4e29f36620e44e825a27b0f2e3a3c0d8e963 Input = 5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a Blind = 64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec4c1f 6706 -BlindedElement = 8673ffd2f26b2579922fc485c77e106def00982e0abb233b4c6 -e54841d43ba29 -EvaluationElement = 68ed7037846f48a1b4073a0d110f6e4de8f53ab845365c0f -3d7f1b67caa39126 -Output = bcdbd421c0863495d63d81a868858f34f5215437c5777072a92703f36b3 -6c4a2d3e7e54a5762e70b06223527c211e2d4364481270f72971a2db8b7ab8fad84e -e +BlindedElement = da27ef466870f5f15296299850aa088629945a17d1f5b7f5ff0 +43f76b3c06418 +EvaluationElement = b4cbf5a4f1eeda5a63ce7b77c7d23f461db3fcab0dd28e4e +17cecb5c90d02c25 +Output = f4a74c9c592497375e796aa837e907b1a045d34306a749db9f34221f7e7 +50cb4f2a6413a6bf6fa5e19ba6348eb673934a722a7ede2e7621306d18951e7cf2c7 +3 ~~~ ### VOPRF Mode @@ -1796,10 +1803,10 @@ e Seed = a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a 3a3 KeyInfo = 74657374206b6579 -skSm = a3b8dea4a99be2469da7f7d2d93fe5f2867317d6705350475d47739c7214d -a07 -pkSm = c00fbee6832a8e5d6cc1d1a23315daf6a6018f19e29ba37b05499259da854 -b48 +skSm = e6f73f344b79b379f1a0dd37e07ff62e38d9f71345ce62ae3a9bc60b04ccd +909 +pkSm = c803e2cc6b05fc15064549b5920659ca4a77b2cca6f04f6b357009335476a +d4e ~~~ #### Test Vector 1, Batch Size 1 @@ -1808,17 +1815,17 @@ b48 Input = 00 Blind = 64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec4c1f 6706 -BlindedElement = 6cce2c7913f4c8c0ac44ec149a1544b0e711e1630753d4efc7c -5fe36a4d50638 -EvaluationElement = 826f2f3e553a039bcd69c9df6cb166e7943fd207089ae704 -1f6041322ce7033a -Proof = 2e541a6962e783d2f42d5f4fb1364e51c368e95e83a962614714e9dfe21a -720cd8c8eb8106131b4a758b5a0987d3870adb348f5eae7b4a2bc26735928cc4b90c +BlindedElement = 863f330cc1a1259ed5a5998a23acfd37fb4351a793a5b3c090b +642ddc439b945 +EvaluationElement = aa8fa048764d5623868679402ff6108d2521884fa138cd7f +9c7669a9a014267e +Proof = ddef93772692e535d1a53903db24367355cc2cc78de93b3be5a8ffcc6985 +dd066d4346421d17bf5117a2a1ff0fcb2a759f58a539dfbe857a40bce4cf49ec600d ProofRandomScalar = 222a5e897cf59db8145db8d16e597e8facb80ae7d4e26d98 81aa6f61d645fc0e -Output = 4d5dd83db5bfd850e3e0c17519f1013aab904e7b131dc1ded31f7a76aac -f040f6b344b0e635cf6df30771a35157e0e3d9539f7a891b48cd8521692b15c51538 -d +Output = b58cfbe118e0cb94d79b5fd6a6dafb98764dff49c14e1770b566e42402d +a1a7da4d8527693914139caee5bd03903af43a491351d23b430948dd50cde10d32b3 +c ~~~ #### Test Vector 2, Batch Size 1 @@ -1827,17 +1834,17 @@ d Input = 5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a Blind = 64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec4c1f 6706 -BlindedElement = 6a4e632b76a2cfcb0295ee74098a15a3e858f6006fd9fa8576a -5813e051ac134 -EvaluationElement = 2cb879d933a1af46c77e89f3f39a38f80347bf4716da3dc3 -07c8aa1282179823 -Proof = eabae3489c46b9e9a8da0cc921d2bc2960ef5fb0b38c8f067cc5c21f62f4 -eb0ff5472009aec126f543b6051b5d62ccbf2625aab6684076c26cfdf0904257090c +BlindedElement = cc0b2a350101881d8a4cba4c80241d74fb7dcbfde4a61fde2f9 +1443c2bf9ef0c +EvaluationElement = 60a59a57208d48aca71e9e850d22674b611f752bed48b36f +7a91b372bd7ad468 +Proof = 401a0da6264f8cf45bb2f5264bc31e109155600babb3cd4e5af7d181a2c9 +dc0a67154fabf031fd936051dec80b0b6ae29c9503493dde7393b722eafdf5a50b02 ProofRandomScalar = 222a5e897cf59db8145db8d16e597e8facb80ae7d4e26d98 81aa6f61d645fc0e -Output = 5c3fe06ef39905710a124df0727c6c938f48234b35ccc4548c0736d7f6f -36e6b7333a9aefc93d6b1ee20151a40bce453866b62cf5d41799982fee6100680915 -9 +Output = 8a9a2f3c7f085b65933594309041fc1898d42d0858e59f90814ae90571a +6df60356f4610bf816f27afdd84f47719e480906d27ecd994985890e5f539e7ea74b +6 ~~~ #### Test Vector 3, Batch Size 2 @@ -1847,20 +1854,20 @@ Input = 00,5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a Blind = 64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec4c1f 6706,222a5e897cf59db8145db8d16e597e8facb80ae7d4e26d9881aa6f61d645fc0 e -BlindedElement = 6cce2c7913f4c8c0ac44ec149a1544b0e711e1630753d4efc7c -5fe36a4d50638,aa9908e4c40b7fe5f091cf0f7fb8ec75ffdaaf2d19512b7b9939f0 -ffaaa0654f -EvaluationElement = 826f2f3e553a039bcd69c9df6cb166e7943fd207089ae704 -1f6041322ce7033a,902ef95488cc3c47fe569bc96c922a4ae3f9ebd8ccbc71bfefa -5f1e7da9ab953 -Proof = d9bfee92cd7496cdf469947b534549ceb79ebd7b5695d20437b3e14758cf -de0998eaa13a480cc35b562cbfb1412b1677650cd901b5fb4d6805581a95b440320f +BlindedElement = 863f330cc1a1259ed5a5998a23acfd37fb4351a793a5b3c090b +642ddc439b945,90a0145ea9da29254c3a56be4fe185465ebb3bf2a1801f7124bbba +dac751e654 +EvaluationElement = aa8fa048764d5623868679402ff6108d2521884fa138cd7f +9c7669a9a014267e,cc5ac221950a49ceaa73c8db41b82c20372a4c8d63e5dded2db +920b7eee36a2a +Proof = cc203910175d786927eeb44ea847328047892ddf8590e723c37205cb7460 +0b0a5ab5337c8eb4ceae0494c2cf89529dcf94572ed267473d567aeed6ab873dee08 ProofRandomScalar = 419c4f4f5052c53c45f3da494d2b67b220d02118e0857cdb cf037f9ea84bbe0c -Output = 4d5dd83db5bfd850e3e0c17519f1013aab904e7b131dc1ded31f7a76aac -f040f6b344b0e635cf6df30771a35157e0e3d9539f7a891b48cd8521692b15c51538 -d,5c3fe06ef39905710a124df0727c6c938f48234b35ccc4548c0736d7f6f36e6b73 -33a9aefc93d6b1ee20151a40bce453866b62cf5d41799982fee61006809159 +Output = b58cfbe118e0cb94d79b5fd6a6dafb98764dff49c14e1770b566e42402d +a1a7da4d8527693914139caee5bd03903af43a491351d23b430948dd50cde10d32b3 +c,8a9a2f3c7f085b65933594309041fc1898d42d0858e59f90814ae90571a6df6035 +6f4610bf816f27afdd84f47719e480906d27ecd994985890e5f539e7ea74b6 ~~~ ### POPRF Mode @@ -1869,10 +1876,10 @@ d,5c3fe06ef39905710a124df0727c6c938f48234b35ccc4548c0736d7f6f36e6b73 Seed = a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a 3a3 KeyInfo = 74657374206b6579 -skSm = 024eaeb72e5b3729d7f19d90aa44e3d2f4c445fb29011ffd755655636f2b1 -00a -pkSm = e001954ccd18ec5aa89bcbf26c03d84dc4d9c9b973d9f06b1e0ceb7b79f41 -d65 +skSm = 145c79c108538421ac164ecbe131942136d5570b16d8bf41a24d4337da981 +e07 +pkSm = c647bef38497bc6ec077c22af65b696efa43bff3b4a1975a3e8e0a1c5a79d +631 ~~~ #### Test Vector 1, Batch Size 1 @@ -1882,17 +1889,17 @@ Input = 00 Info = 7465737420696e666f Blind = 64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec4c1f 6706 -BlindedElement = 009ffa1ffc529e4f1d3d8de1c06d22fbb15e39920a72ad4efed -6c39af9438a2d -EvaluationElement = aa9af25bf4edead5e2e0a4b8f93db9b497017f93cf68c750 -45f02172bfc5d304 -Proof = bb893ccce54685a871185bb056cb5e0594d09d3b53f2f879de06a650b8ae -ff08371f2ff9f3d5cac7f393cc37b2c71c2a6fbb80f35fe36b8e5cbddf11469c8e03 +BlindedElement = c8713aa89241d6989ac142f22dba30596db635c772cbf25021f +dd8f3d461f715 +EvaluationElement = 1a4b860d808ff19624731e67b5eff20ceb2df3c3c03b906f +5693e2078450d874 +Proof = 41ad1a291aa02c80b0915fbfbb0c0afa15a57e2970067a602ddb9e8fd6b7 +100de32e1ecff943a36f0b10e3dae6bd266cdeb8adf825d86ef27dbc6c0e30c52206 ProofRandomScalar = 222a5e897cf59db8145db8d16e597e8facb80ae7d4e26d98 81aa6f61d645fc0e -Output = e7ed59e3f808c369598961ebfd9af74272894e0904d1c11653a21b08204 -dba1a5fb5c3dd6be6c419190a84b576d91eb3d8d920d450fee0427fd24524950d72d -6 +Output = ca688351e88afb1d841fde4401c79efebb2eb75e7998fa9737bd5a82a15 +2406d38bd29f680504e54fd4587eddcf2f37a2617ac2fbd2993f7bdf45442ace7d22 +1 ~~~ #### Test Vector 2, Batch Size 1 @@ -1902,17 +1909,17 @@ Input = 5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a Info = 7465737420696e666f Blind = 64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec4c1f 6706 -BlindedElement = 5e009e08e228f95ee3703cff60a1d54225bb282bdb6d7dc9a78 -e287f8418315a -EvaluationElement = 2e528236481eb6d87b07ef5f8c17910323d04b3bf0cb2f2d -23d5a7ad9f069b22 -Proof = 3796381ab287189839288bbaffc971eb87c3a28226fa99dc83b363adb2f4 -b20e4ae81fb675ebcd43d13918f71846cb488d0ce7d473bfca68450a5a5472564500 +BlindedElement = f0f0b209dd4d5f1844dac679acc7761b91a2e704879656cb7c2 +01e82a99ab07d +EvaluationElement = 8c3c9d064c334c6991e99f286ea2301d1bde170b54003fb9 +c44c6d7bd6fc1540 +Proof = 4c39992d55ffba38232cdac88fe583af8a85441fefd7d1d4a8d0394cd1de +77018bf135c174f20281b3341ab1f453fe72b0293a7398703384bed822bfdeec8908 ProofRandomScalar = 222a5e897cf59db8145db8d16e597e8facb80ae7d4e26d98 81aa6f61d645fc0e -Output = 9a0d8c55e2fef4bada9fb5877a0e739496e539a0d835722911dab9ec112 -397e763a605acbc072619e8b8acefb8ee704a357556edc802648089d684baa763ce1 -4 +Output = 7c6557b276a137922a0bcfc2aa2b35dd78322bd500235eb6d6b6f91bc5b +56a52de2d65612d503236b321f5d0bebcbc52b64b92e426f29c9b8b69f52de98ae50 +7 ~~~ #### Test Vector 3, Batch Size 2 @@ -1923,32 +1930,32 @@ Info = 7465737420696e666f Blind = 64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec4c1f 6706,222a5e897cf59db8145db8d16e597e8facb80ae7d4e26d9881aa6f61d645fc0 e -BlindedElement = 009ffa1ffc529e4f1d3d8de1c06d22fbb15e39920a72ad4efed -6c39af9438a2d,1ee64b9e5148987ca6647ccddc11ef506231e986d5ce08ef9b8230 -871f840b3a -EvaluationElement = aa9af25bf4edead5e2e0a4b8f93db9b497017f93cf68c750 -45f02172bfc5d304,3073794fd68f64432b4d1f24752c4398f0e81e00b5b5842e463 -5dd381331091b -Proof = 7d59db67715a9030d46ab50a614fb55927961c8d9322cb6973ef36775309 -810b9f4a670ba4b9321f5cf753be2a58dee0730cfabd12b8f25a8a342e158ae2b608 +BlindedElement = c8713aa89241d6989ac142f22dba30596db635c772cbf25021f +dd8f3d461f715,423a01c072e06eb1cce96d23acce06e1ea64a609d7ec9e9023f304 +9f2d64e50c +EvaluationElement = 1a4b860d808ff19624731e67b5eff20ceb2df3c3c03b906f +5693e2078450d874,aa1f16e903841036e38075da8a46655c94fc92341887eb5819f +46312adfc0504 +Proof = 43fdb53be399cbd3561186ae480320caa2b9f36cca0e5b160c4a677b8bbf +4301b28f12c36aa8e11e5a7ef551da0781e863a6dc8c0b2bf5a149c9e00621f02006 ProofRandomScalar = 419c4f4f5052c53c45f3da494d2b67b220d02118e0857cdb cf037f9ea84bbe0c -Output = e7ed59e3f808c369598961ebfd9af74272894e0904d1c11653a21b08204 -dba1a5fb5c3dd6be6c419190a84b576d91eb3d8d920d450fee0427fd24524950d72d -6,9a0d8c55e2fef4bada9fb5877a0e739496e539a0d835722911dab9ec112397e763 -a605acbc072619e8b8acefb8ee704a357556edc802648089d684baa763ce14 +Output = ca688351e88afb1d841fde4401c79efebb2eb75e7998fa9737bd5a82a15 +2406d38bd29f680504e54fd4587eddcf2f37a2617ac2fbd2993f7bdf45442ace7d22 +1,7c6557b276a137922a0bcfc2aa2b35dd78322bd500235eb6d6b6f91bc5b56a52de +2d65612d503236b321f5d0bebcbc52b64b92e426f29c9b8b69f52de98ae507 ~~~ -## OPRF(decaf448, SHAKE-256) +## decaf448-SHAKE256 ### OPRF Mode ~~~ Seed = a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a -3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3 +3a3 KeyInfo = 74657374206b6579 -skSm = 30f71e5b5be9c91dd54c5a48e82be8d47eeb2cb2c45d7874a45dddc85af8d -3f95b1ce73a99c47edc26ac9ddd936bd9b6b73728995bf1d213 +skSm = e8b1375371fd11ebeb224f832dcc16d371b4188951c438f751425699ed29e +cc80c6c13e558ccd67634fd82eac94aa8d1f0d7fee990695d1e ~~~ #### Test Vector 1, Batch Size 1 @@ -1957,13 +1964,13 @@ skSm = 30f71e5b5be9c91dd54c5a48e82be8d47eeb2cb2c45d7874a45dddc85af8d Input = 00 Blind = 64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec65fa 3833a26e9388336361686ff1f83df55046504dfecad8549ba112 -BlindedElement = a4205d2af0410dccbd4464629ba1b835456d04d994cf93988cf -2c3b9d45d3c4671c7625f52c66c760a069e2c3c367826debb13da089d735c -EvaluationElement = e8d78cf5212fddf940f9f6fe02250ed83cc0595e3f0e7481 -1cdb9f62c0fa7fea94c45795637dc5c3ac31ee1cff18d0d675396ae09b302f76 -Output = 1c1a9df7d0616e0f5fdfb6479acec73a4f5562da8f9488f3b6112ef11c6 -7c5900e0abc3a169486ac7230a306c8796562a045c66305ed7cb2a3fae658e45eae4 -c +BlindedElement = e0ae01c4095f08e03b19baf47ffdc19cb7d98e583160522a3c7 +d6a0b2111cd93a126a46b7b41b730cd7fc943d4e28e590ed33ae475885f6c +EvaluationElement = 50ce4e60eed006e22e7027454b5a4b8319eb2bc8ced609eb +19eb3ad42fb19e06ba12d382cbe7ae342a0cad6ead0ef8f91f00bb7f0cd9c0a2 +Output = 37d3f7922d9388a15b561de5829bbf654c4089ede89c0ce0f3f85bcdba0 +9e382ce0ab3507e021f9e79706a1798ffeac68ebd5cf62e5eb9838c7068351d97ae3 +7 ~~~ #### Test Vector 2, Batch Size 1 @@ -1972,12 +1979,12 @@ c Input = 5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a Blind = 64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec65fa 3833a26e9388336361686ff1f83df55046504dfecad8549ba112 -BlindedElement = ec5b609e5d3c0bb024c35256194694ea6e42aa24d13cf6b0597 -49cb36911ccba0923cb73136acdf4bcecf23b6025f7b9b93d2eb0c09d964d -EvaluationElement = 524c3a644e381b4ae416724247f94b996f655167e0d4e1ba -d93cbc731c3beb36e3822e9dcbdc3600966226387a2306ba70eb68db5a64f92f -Output = 95f519e8ff2b54d8d596da2c54829ae3dd900f5c18eef48efa03ef6694c -505bea17b7982246c862d081b9fdcf295debc60abec8b0ddbfdf48bd302a3fe61b21 +BlindedElement = 86a88dc5c6331ecfcb1d9aacb50a68213803c462e377577cacc +00af28e15f0ddbc2e3d716f2f39ef95f3ec1314a2c64d940a9f295d8f13bb +EvaluationElement = 162e9fa6e9d527c3cd734a31bf122a34dbd5bcb7bb23651f +1768a7a9274cc116c03b58afa6f0dede3994a60066c76370e7328e7062fd5819 +Output = a2a652290055cb0f6f8637a249ee45e32ef4667db0b4c80c0a70d2a6416 +4d01525cfdad5d870a694ec77972b9b6ec5d2596a5223e5336913f945101f0137f55 e ~~~ @@ -1985,12 +1992,12 @@ e ~~~ Seed = a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a -3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3 +3a3 KeyInfo = 74657374206b6579 -skSm = 44c46e78aa6386cee57a46c75d124b13ced3e5f055caa3baaad61501330a4 -24463400453c97245a8f7b4c65f2c4c3dabd09a049c034f9e20 -pkSm = 78f4233110896fd41531fce182094c3bc4cf65f97b23078476b3b68118736 -617172d3735c5832081864e7c75cd3ddb449e93068b34ba863e +skSm = e3c01519a076a326a0eb566343e9b21c115fa18e6e85577ddbe890b33104f +cc2835ddfb14a928dc3f5d79b936e17c76b99e0bf6a1680930e +pkSm = 945fc518c47695cf65217ace04b86ac5e4cbe26ca649d52854bb16c494ce0 +9069d6add96b20d4b0ae311a87c9a73e3a146b525763ab2f955 ~~~ #### Test Vector 1, Batch Size 1 @@ -1999,19 +2006,19 @@ pkSm = 78f4233110896fd41531fce182094c3bc4cf65f97b23078476b3b68118736 Input = 00 Blind = 64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec65fa 3833a26e9388336361686ff1f83df55046504dfecad8549ba112 -BlindedElement = 38b758b69dfaaff8576eaaabfe70801813d95eb098f85516bcd -46a0f68d1ea8cc1dea3bc7c8d340ee77c5bbca6e7d723e51d77e0807acd0d -EvaluationElement = 7a8374bbae55dfc91e10a9d8042015419c505a6a8ac54e5b -93867747eb04252aba316d9f750fa0c54458aa8c90e963a60af5ae6f141af8d2 -Proof = 2fd38cf9829c5f3fd294a5eb114356cd67cc5839cf797dc060273e07cf57 -0dbabea029f0bf4675d84866865d1d146bfa38eff8195b59cf3c180bab30509061b9 -d02e70f709f085dc8c98c0924259c9a3463ef5ceb97105989941155b98bd7b03b1e1 -e538850139dc1a56beff1bb9401f +BlindedElement = 7261bbc335c664ba788f1b1a1a4cd5190cc30e787ef277665ac +1d314f8861e3ec11854ce3ddd42035d9e0f5cddde324c332d8c880abc00eb +EvaluationElement = ca1491a526c28d880806cf0fb0122222392cf495657be6e4 +c9d203bceffa46c86406caf8217859d3fb259077af68e5d41b3699410781f467 +Proof = f84bbeee47aedf43558dae4b95b3853635a9fc1a9ea7eac9b454c64c66c4 +f49cd1c72711c7ac2e06c681e16ea693d5500bbd7b56455df52f69e00b76b4126961 +e1562fdbaaac40b7701065cbeece3febbfe09e00160f81775d36daed99d8a2a10be0 +759e01b7ee81217203416c9db208 ProofRandomScalar = b1b748135d405ce48c6973401d9455bb8ccd18b01d0295c0 627f67661200dbf9569f73fbb3925daa043a070e5f953d80bb464ea369e5522b -Output = 3db64b6f803391e7c9803135457da250eb29778480c30f29d53e9ff46c3 -ce5ba9555418fc28af347c18b77a990eb904d0043a3411837b6d316f749428a9a370 -4 +Output = e2ac40b634f36cccd8262b285adff7c9dcc19cd308564a5f4e581d1a853 +5773b86fa4fc9f2203c370763695c5093aea4a7aedec4488b1340ba3bf663a23098c +1 ~~~ #### Test Vector 2, Batch Size 1 @@ -2020,19 +2027,19 @@ ce5ba9555418fc28af347c18b77a990eb904d0043a3411837b6d316f749428a9a370 Input = 5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a Blind = 64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec65fa 3833a26e9388336361686ff1f83df55046504dfecad8549ba112 -BlindedElement = ea9b2d51579f5c07c5c511cf3bba888f5fc76d6ce29075a0b02 -5adb3daf4b568045c28e6bd00442251597ba6264e59beaf46220d8405fff6 -EvaluationElement = f6d23094a82e33e231003a1ecdd4659029d613932b767451 -c607ec428315283fe0b121bf09d7c88cf2ed50910463e38383fb52e5562a87f0 -Proof = 104e45c171bd7ca9119af1091e3175c8af4e9efdbd4704b3d5a8dfc99465 -9842ea021da27a9c1e0fbac369627eb5e9cf9e82964b7412081f15f6bfc5c68425f6 -4f1a4dae420a03d582a6cfffc0fc4da71a145bb5305ae28985e15e067d28523578ea -696205cea28cf5831abed3e40f37 +BlindedElement = 88287e553939090b888ddc15913e1807dc4757215555e1c3a79 +488ef311594729c7fa74c772a732b78440b7d66d0aa35f3bb316f1d93e1b2 +EvaluationElement = c00978c73e8e4ee1d447ab0d3ad1754055e72cc85c08e3a0 +db170909a9c61cbff1f1e7015f289e3038b0f341faea5d7780c130106065c231 +Proof = 7a2831a6b237e11ac1657d440df93bc5ce00f552e6020a99d5c956ffc4d0 +7b5ade3e82ecdc257fd53d76239e733e0a1313e84ce16cc0d82734806092a693d7e8 +d3c420c2cb6ccd5d0ca32514fb78e9ad0973ebdcb52eba438fc73948d76339ee7101 +21d83e2fe6f001cfdf551aff9f36 ProofRandomScalar = b1b748135d405ce48c6973401d9455bb8ccd18b01d0295c0 627f67661200dbf9569f73fbb3925daa043a070e5f953d80bb464ea369e5522b -Output = 4dc9ec52b6aa7f1f38a320d10cb58e0d86b040f6376d2f178f42c99986f -e932aca7162cb72dd94056724617979c0f7ea652b1492bbad1d82748a38ff4daf129 -8 +Output = 862952380e07ec840d9f6e6f909c5a25d16c3dacb586d89a181b4aa7380 +c959baa8c480fe8e6c64e089d68ea7aeeb5817bd524d7577905b5bab487690048c94 +1 ~~~ #### Test Vector 3, Batch Size 2 @@ -2043,36 +2050,36 @@ Blind = 64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec65fa 3833a26e9388336361686ff1f83df55046504dfecad8549ba112,b1b748135d405ce 48c6973401d9455bb8ccd18b01d0295c0627f67661200dbf9569f73fbb3925daa043 a070e5f953d80bb464ea369e5522b -BlindedElement = 38b758b69dfaaff8576eaaabfe70801813d95eb098f85516bcd -46a0f68d1ea8cc1dea3bc7c8d340ee77c5bbca6e7d723e51d77e0807acd0d,5a788e -f7949021b22da4a4e89b2443458c96fcbec8b66b08df885eec8fb4070fefe8b50e08 -5e043c368cc05a9339b5ae31eb6482efc0d933 -EvaluationElement = 7a8374bbae55dfc91e10a9d8042015419c505a6a8ac54e5b -93867747eb04252aba316d9f750fa0c54458aa8c90e963a60af5ae6f141af8d2,0ac -81e0e5b9fa6d90be58a6fc3fb4fde57e0efacbe210cebc2c85a6e934114b5e0e5ba4 -cc202bde7cd7708415cdcc2312a51fca6ad6f06bf -Proof = a221b134d99ba97cad98bf45341eeacd8a402a6e4c5ea5f93cee54ad0f2b -ee544f67d2859a5253cb9def403bfee9420a5224fad35e3f9a3fbb5f28f6b8abcb34 -130beaa158a41d1497aacc2f073b2da5471067bb832ec8044f417f528e2e6ccb897f -992424220d608b5e7bbfd4257e1f +BlindedElement = 7261bbc335c664ba788f1b1a1a4cd5190cc30e787ef277665ac +1d314f8861e3ec11854ce3ddd42035d9e0f5cddde324c332d8c880abc00eb,2e15f3 +93c035492a1573627a3606e528c6294c767c8d43b8c691ef70a52cc7dc7d1b53fe45 +8350a270abb7c231b87ba58266f89164f714d9 +EvaluationElement = ca1491a526c28d880806cf0fb0122222392cf495657be6e4 +c9d203bceffa46c86406caf8217859d3fb259077af68e5d41b3699410781f467,8ec +68e9871b296e81c55647ce64a04fe75d19932f1400544cd601468c60f998408bbb54 +6601d4a636e8be279e558d70b95c8d4a4f61892be +Proof = 167d922f0a6ffa845eed07f8aa97b6ac746d902ecbeb18f49c009adc0521 +eab1e4d275b74a2dc266b7a194c854e85e7eb54a9a36376dfc04ec7f3bd55fc9618c +3970cb548e064f8a2f06183a5702933dbc3e4c25a73438f2108ee1981c306181003c +7ea92fce963ec7b4ba4f270e6d38 ProofRandomScalar = 63798726803c9451ba405f00ef3acb633ddf0c420574a2ec 6cbf28f840800e355c9fbaac10699686de2724ed22e797a00f3bd93d105a7f23 -Output = 3db64b6f803391e7c9803135457da250eb29778480c30f29d53e9ff46c3 -ce5ba9555418fc28af347c18b77a990eb904d0043a3411837b6d316f749428a9a370 -4,4dc9ec52b6aa7f1f38a320d10cb58e0d86b040f6376d2f178f42c99986fe932aca -7162cb72dd94056724617979c0f7ea652b1492bbad1d82748a38ff4daf1298 +Output = e2ac40b634f36cccd8262b285adff7c9dcc19cd308564a5f4e581d1a853 +5773b86fa4fc9f2203c370763695c5093aea4a7aedec4488b1340ba3bf663a23098c +1,862952380e07ec840d9f6e6f909c5a25d16c3dacb586d89a181b4aa7380c959baa +8c480fe8e6c64e089d68ea7aeeb5817bd524d7577905b5bab487690048c941 ~~~ ### POPRF Mode ~~~ Seed = a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a -3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3 +3a3 KeyInfo = 74657374206b6579 -skSm = fdd59cb218c7fbdcd48b18ef21ab647a6c210110c765bc3da6c11e563671a -48402c23129ce2ffd021d99da5a2d04158883c65d7f74a4901b -pkSm = 1223e0aec4ee5bc19181078be380cc745d1896e1369aed3cc8a45b40ba3f9 -aa1f79e23d542d6529e17465d1954d75e336910c6417de99200 +skSm = 792a10dcbd3ba4a52a054f6f39186623208695301e7adb9634b74709ab22d +e402990eb143fd7c67ac66be75e0609705ecea800992aac8e19 +pkSm = 6c9d12723a5bbcf305522cc04b4a34d9ced2e12831826018ea7b5dcf54526 +47ad262113059bf0f6e4354319951b9d513c74f29cb0eec38c1 ~~~ #### Test Vector 1, Batch Size 1 @@ -2082,19 +2089,19 @@ Input = 00 Info = 7465737420696e666f Blind = 64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec65fa 3833a26e9388336361686ff1f83df55046504dfecad8549ba112 -BlindedElement = f86104fcefec6bdca7767bc3e6a2ac9de2b00546579fd50ff66 -687df531f7a2dfa8689a6cfdf91efc32d6fff490e722990752b7bc4bda28f -EvaluationElement = 76f27e6fa79cd38638e35f5caa5d641e41526fbfd9272c19 -be22dfc8cdd962e6d5d4e0c605c9bd6588eb9698a2bbf792a0827bb1116c8812 -Proof = 3a1b3400ad16e1562e731c64520fa5a3664c1487ffe6537e85029842904d -3e01f9e7435b881ab9346847cc3470a2b37e6a10a4ef7bd36b2d06c602086a33252f -39c562aab5820a66c3bdf9d72583587e93ea893725be535cdeca1094d5b4dae119b4 -9456162f60034a904f521f7cd818 +BlindedElement = 161183c13c6cb33b0e4f9b7365f8c5c12d13c72f8b62d276ca0 +9368d093dce9b42198276b9e9d870ac392dda53efd28d1b7e6e8c060cdc42 +EvaluationElement = 06ec89dfde25bb2a6f0145ac84b91ac277b35de39ad1d6f4 +02a8e46414952ce0d9ea1311a4ece283e2b01558c7078b040cfaa40dd63b3e6c +Proof = 66caee75bf2460429f620f6ad3e811d524cb8ddd848a435fc5d89af48877 +abf6506ee341a0b6f67c2d76cd021e5f3d1c9abe5aa9f0dce016da746135fedba2af +41ed1d01659bfd6180d96bc1b7f320c0cb6926011ce392ecca748662564892bae665 +16acaac6ca39aadf6fcca95af406 ProofRandomScalar = b1b748135d405ce48c6973401d9455bb8ccd18b01d0295c0 627f67661200dbf9569f73fbb3925daa043a070e5f953d80bb464ea369e5522b -Output = 2a08f81bf204eb43a57dbc011946861ed715a2fd3d39a3b35e43c74d07d -4734149ba163389a02f6cd33fbb5b84e167d35dca7a7dc00b89418398c255c8293ac -6 +Output = 4423f6dcc1740688ea201de57d76824d59cd6b859e1f9884b7eebc49b0b +971358cf9cb075df1536a8ea31bcf55c3e31c2ba9cfa8efe54448d17091daeb9924e +d ~~~ #### Test Vector 2, Batch Size 1 @@ -2104,19 +2111,19 @@ Input = 5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a Info = 7465737420696e666f Blind = 64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec65fa 3833a26e9388336361686ff1f83df55046504dfecad8549ba112 -BlindedElement = e6f508abea28cbb0242f0dae1c0a92e017127edb7c8d8e0ec98 -a5ea25c6bc9bb86bfc0bf9b8a086302e29a2a4b0a1d9d80f2d439cfba3ec1 -EvaluationElement = 1ea637b039e0ab12c6959c74e275471e33655007a7fa23af -97ec578bcfc8c3381d4929ebf51433b76460d583f16b7cf1e75b9708f5d9d2f7 -Proof = d53a1bfeafc5b47fc86406fba080e57434a7004a0739399ccb356f790b13 -585da9d69a25c526e039fa06ad6a5781283ea7997eced063fd32e58bc95d57fd771c -ad4a7e23633ae2049eec5ad86ade6a5e98d44f78fd86b5f55ab3c7a03025d6aec1f4 -f50a2bd7b9b554841f6b4cd23d14 +BlindedElement = 12082b6a381c6c51e85d00f2a3d828cdeab3f5cb19a10b9c014 +c33826764ab7e7cfb8b4ff6f411bddb2d64e62a472af1cd816e5b712790c6 +EvaluationElement = f2919b7eedc05ab807c221fce2b12c4ae9e19e6909c47845 +64b690d1972d2994ca623f273afc67444d84ea40cbc58fcdab7945f321a52848 +Proof = a295677c54d1bc4286330907fc2490a7de163da26f9ce03a462a452fea42 +2b19ade296ba031359b3b6841e48455d20519ad01b4ac4f0b92e76d3cf16fbef0a3f +72791a8401ef2d7081d361e502e96b2c60608b9fa566f43d4611c2f161d83aabef7f +8017332b26ed1daaf80440772022 ProofRandomScalar = b1b748135d405ce48c6973401d9455bb8ccd18b01d0295c0 627f67661200dbf9569f73fbb3925daa043a070e5f953d80bb464ea369e5522b -Output = 80ac73a09fbf8cbd329ff1b7f42d8d14e46ae5b732f776f3203f0680daf -265254360da0afcd9dc1d0cd3858ab21ce8e7a19f0426d7e701cfda34fb8238c9e43 -4 +Output = 8691905500510843902c44bdd9730ab9dc3925aa58ff9dd42765a2baf63 +3126de0c3adb93bef5652f38e5827b6396e87643960163a560fc4ac9738c8de4e4a8 +d ~~~ #### Test Vector 3, Batch Size 2 @@ -2128,27 +2135,27 @@ Blind = 64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec65fa 3833a26e9388336361686ff1f83df55046504dfecad8549ba112,b1b748135d405ce 48c6973401d9455bb8ccd18b01d0295c0627f67661200dbf9569f73fbb3925daa043 a070e5f953d80bb464ea369e5522b -BlindedElement = f86104fcefec6bdca7767bc3e6a2ac9de2b00546579fd50ff66 -687df531f7a2dfa8689a6cfdf91efc32d6fff490e722990752b7bc4bda28f,50c684 -9c8f6355687bbc9d4675bcea953cb913c5447c9c8400062ae37f808ce8a75d592c56 -f3393d4ea12ec72f9f84402002eb497201089a -EvaluationElement = 76f27e6fa79cd38638e35f5caa5d641e41526fbfd9272c19 -be22dfc8cdd962e6d5d4e0c605c9bd6588eb9698a2bbf792a0827bb1116c8812,7ca -a4dd83ecae98fc3e282a0e7df1887393a3fc1e17935dfe355da394756fbfcad65386 -eeedf1ba8498411645448c7027753cd9090198c02 -Proof = b4f869bf5ec65e0152af5bd29f9fa32c3dfc00355e4e019feda07a281547 -fb2f0c559c600bf6cb52a92753264d1c1367e0134b132880732ec70a8c741d60370e -5c22c4aca0e4564732b0157858f3c968bda06aab34c71386ec88afe76ec2c14bf56f -0adf7b05bab826e4aa034cc78837 +BlindedElement = 161183c13c6cb33b0e4f9b7365f8c5c12d13c72f8b62d276ca0 +9368d093dce9b42198276b9e9d870ac392dda53efd28d1b7e6e8c060cdc42,fc8847 +d43fb4cea4e408f585661a8f2867533fa91d22155d3127a22f18d3b007add480f7d3 +00bca93fa47fe87ae06a57b7d0f0d4c30b12f0 +EvaluationElement = 06ec89dfde25bb2a6f0145ac84b91ac277b35de39ad1d6f4 +02a8e46414952ce0d9ea1311a4ece283e2b01558c7078b040cfaa40dd63b3e6c,2e7 +4c626d07de49b1c8c21d87120fd78105f485e36816af9bde3e3efbeef76815326062 +fd333925b66c5ce5a20f100bf01770c16609f990a +Proof = fd94db736f97ea4efe9d0d4ad2933072697a6bbeb32834057b23edf7c700 +9f011dfa72157f05d2a507c2bbf0b54cad99ab99de05921c021fda7d70e65bcecdb0 +5f9a30154127ace983c74d10fd910b554c5e95f6bd1565fd1f3dbbe3c523ece5c72d +57a559b7be1368c4786db4a3c910 ProofRandomScalar = 63798726803c9451ba405f00ef3acb633ddf0c420574a2ec 6cbf28f840800e355c9fbaac10699686de2724ed22e797a00f3bd93d105a7f23 -Output = 2a08f81bf204eb43a57dbc011946861ed715a2fd3d39a3b35e43c74d07d -4734149ba163389a02f6cd33fbb5b84e167d35dca7a7dc00b89418398c255c8293ac -6,80ac73a09fbf8cbd329ff1b7f42d8d14e46ae5b732f776f3203f0680daf2652543 -60da0afcd9dc1d0cd3858ab21ce8e7a19f0426d7e701cfda34fb8238c9e434 +Output = 4423f6dcc1740688ea201de57d76824d59cd6b859e1f9884b7eebc49b0b +971358cf9cb075df1536a8ea31bcf55c3e31c2ba9cfa8efe54448d17091daeb9924e +d,8691905500510843902c44bdd9730ab9dc3925aa58ff9dd42765a2baf633126de0 +c3adb93bef5652f38e5827b6396e87643960163a560fc4ac9738c8de4e4a8d ~~~ -## OPRF(P-256, SHA-256) +## P256-SHA256 ### OPRF Mode @@ -2156,8 +2163,8 @@ Output = 2a08f81bf204eb43a57dbc011946861ed715a2fd3d39a3b35e43c74d07d Seed = a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a 3a3 KeyInfo = 74657374206b6579 -skSm = 274d7747cf2e26352ecea6bd768c426087da3dfcd466b6841b441ada8412f -b33 +skSm = 159749d750713afe245d2d39ccfaae8381c53ce92d098a9375ee70739c7ac +0bf ~~~ #### Test Vector 1, Batch Size 1 @@ -2166,12 +2173,12 @@ b33 Input = 00 Blind = 3338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7a d364 -BlindedElement = 02ff9dc7d4350ab6fe1f41299ec5fa8283b6ef37fc62682ea69 -6142e13aad4ae9c -EvaluationElement = 023a5facf92477164f10cc6bf35b4d9272bfadf98dbabbe7 -b7a137efa1af6546fb -Output = 488d693c0d43ab75703901fa1398907cf7dc7a90978d1c2f0def63c88e8 -1b8b0 +BlindedElement = 03723a1e5c09b8b9c18d1dcbca29e8007e95f14f4732d9346d4 +90ffc195110368d +EvaluationElement = 030de02ffec47a1fd53efcdd1c6faf5bdc270912b8749e78 +3c7ca75bb412958832 +Output = a0b34de5fa4c5b6da07e72af73cc507cceeb48981b97b7285fc375345fe +495dd ~~~ #### Test Vector 2, Batch Size 1 @@ -2180,12 +2187,12 @@ Output = 488d693c0d43ab75703901fa1398907cf7dc7a90978d1c2f0def63c88e8 Input = 5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a Blind = 3338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7a d364 -BlindedElement = 03b3cd723330e42975e6e18a6157ecf9455894c18a0189e3e62 -4a46d705f790fcc -EvaluationElement = 03f1ea590f2cc4afd45a841285c6be4d88825a9c6c04eb55 -a1ca996583dd3e2e9f -Output = dacd8400f6fae62beabead9bc27869b5109fb5d87da338ae2488712ec25 -f1be9 +BlindedElement = 03cc1df781f1c2240a64d1c297b3f3d16262ef5d4cf10273488 +2675c26231b0838 +EvaluationElement = 03a0395fe3828f2476ffcd1f4fe540e5a8489322d398be3c +4e5a869db7fcb7c52c +Output = c748ca6dd327f0ce85f4ae3a8cd6d4d5390bbb804c9e12dcf94f853fece +3dcce ~~~ ### VOPRF Mode @@ -2194,10 +2201,10 @@ f1be9 Seed = a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a 3a3 KeyInfo = 74657374206b6579 -skSm = b3d12edba73e40401fdc27c0094a56337feb3646d1633345af7e7142a6b15 -59d -pkSm = 03f9fc787c9a4dda44a4b811a961d1fd60f87be7465b8a1b9058dc534dae7 -0624c +skSm = ca5d94c8807817669a51b196c34c1b7f8442fde4334a7121ae4736364312f +ca6 +pkSm = 03e17e70604bcabe198882c0a1f27a92441e774224ed9c702e51dd17038b1 +02462 ~~~ #### Test Vector 1, Batch Size 1 @@ -2206,16 +2213,16 @@ pkSm = 03f9fc787c9a4dda44a4b811a961d1fd60f87be7465b8a1b9058dc534dae7 Input = 00 Blind = 3338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7a d364 -BlindedElement = 02bf13d60f3e39e2018c7be9876d88b52e56c0fc2847c8550e3 -cee152c51cf72ec -EvaluationElement = 0253e64b5251607348f2b46064805275a849e44db465f649 -267c54bd7a774d670f -Proof = d0bff8c87ee38f2b2e9e28161fb0f3bc7e4c3bee7329276487d4fd98d4f4 -74fff793a846ffcb44d48f9545e321d89e4e6bccea858089732abf10bf19a220a936 +BlindedElement = 02dd05901038bb31a6fae01828fd8d0e49e35a486b5c5d4b499 +4013648c01277da +EvaluationElement = 0209f33cab60cf8fe69239b0afbcfcd261af4c1c5632624f +2e9ba29b90ae83e4a2 +Proof = e7c2b3c5c954c035949f1f74e6bce2ed539a3be267d1481e9ddb178533df +4c2664f69d065c604a4fd953e100b856ad83804eb3845189babfa5a702090d6fc5fa ProofRandomScalar = f9db001266677f62c095021db018cd8cbb55941d4073698c e45c405d1348b7b1 -Output = 9df5d51a9149a86c3660396feabaf790b8c838fc96012adba5acbd913f2 -a4016 +Output = 0412e8f78b02c415ab3a288e228978376f99927767ff37c5718d420010a +645a1 ~~~ #### Test Vector 2, Batch Size 1 @@ -2224,16 +2231,16 @@ a4016 Input = 5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a Blind = 3338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7a d364 -BlindedElement = 02a13e263fd9df5aa0078f8d5d6cbe8763e5bee69ee06841a66 -dad0db8701480cf -EvaluationElement = 02d9f54fcb97bdab47e6664376a75911f1c3e447f5754550 -89d926fbd032cb6e53 -Proof = e3ccd78a2f2428d04599c90d4b45e3de49b38a3ba0c80a224b8125747648 -718319238dd349cdeb533a6d24333b56aafbb202bec1831511717b231b89b8b36853 +BlindedElement = 03cd0f033e791c4d79dfa9c6ed750f2ac009ec46cd4195ca6fd +3800d1e9b887dbd +EvaluationElement = 030d2985865c693bf7af47ba4d3a3813176576383d19aff0 +03ef7b0784a0d83cf1 +Proof = 2787d729c57e3d9512d3aa9e8708ad226bc48e0f1750b0767aaff73482c4 +4b8d2873d74ec88aebd3504961acea16790a05c542d9fbff4fe269a77510db00abab ProofRandomScalar = f9db001266677f62c095021db018cd8cbb55941d4073698c e45c405d1348b7b1 -Output = beef8ec835625f610d616d32b1d13f2f899f07c0b8089fa48a1f0ecbc5a -91b8b +Output = 771e10dcd6bcd3664e23b8f2a710cfaaa8357747c4a8cbba03133967b5c +24f18 ~~~ #### Test Vector 3, Batch Size 2 @@ -2243,19 +2250,19 @@ Input = 00,5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a Blind = 3338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7a d364,f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b 1 -BlindedElement = 02bf13d60f3e39e2018c7be9876d88b52e56c0fc2847c8550e3 -cee152c51cf72ec,0322b89e261428d77367cba2aa78fdfa2b21c2919150cafe802e -9020c7f95ec180 -EvaluationElement = 0253e64b5251607348f2b46064805275a849e44db465f649 -267c54bd7a774d670f,02182b225cfab1d2e25da200549d8b5e2c4581aa7b7bd85be -f9b61a14549f58230 -Proof = 900fd64d21320b6059a2810f7046066c4c91a5f4e4f6063c7b51316a4862 -2de8f3a28e5f1d0ebe8ae77fdaacbcb1ae92685243e9ceb813bb749dee6c7123270e +BlindedElement = 02dd05901038bb31a6fae01828fd8d0e49e35a486b5c5d4b499 +4013648c01277da,03462e9ae64cae5b83ba98a6b360d942266389ac369b923eb3d5 +57213b1922f8ab +EvaluationElement = 0209f33cab60cf8fe69239b0afbcfcd261af4c1c5632624f +2e9ba29b90ae83e4a2,02bb24f4d838414aef052a8f044a6771230ca69c0a5677540 +fff738dd31bb69771 +Proof = bdcc351707d02a72ce49511c7db990566d29d6153ad6f8982fad2b435d6c +e4d60da1e6b3fa740811bde34dd4fe0aa1b5fe6600d0440c9ddee95ea7fad7a60cf2 ProofRandomScalar = 350e8040f828bf6ceca27405420cdf3d63cb3aef005f40ba 51943c8026877963 -Output = 9df5d51a9149a86c3660396feabaf790b8c838fc96012adba5acbd913f2 -a4016,beef8ec835625f610d616d32b1d13f2f899f07c0b8089fa48a1f0ecbc5a91b -8b +Output = 0412e8f78b02c415ab3a288e228978376f99927767ff37c5718d420010a +645a1,771e10dcd6bcd3664e23b8f2a710cfaaa8357747c4a8cbba03133967b5c24f +18 ~~~ ### POPRF Mode @@ -2264,10 +2271,10 @@ a4016,beef8ec835625f610d616d32b1d13f2f899f07c0b8089fa48a1f0ecbc5a91b Seed = a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a 3a3 KeyInfo = 74657374206b6579 -skSm = 59519f6c7da344f340ad35ad895a5b97437673cc3ac8b964b823cdb52c932 -f86 -pkSm = 0335065d006a3db4fb09154024dff38c3188a1027e19ce6932e6824c12764 -47766 +skSm = 6ad2173efa689ef2c27772566ad7ff6e2d59b3b196f00219451fb2c89ee4d +ae2 +pkSm = 030d7ff077fddeec965db14b794f0cc1ba9019b04a2f4fcc1fa525dedf72e +2a3e3 ~~~ #### Test Vector 1, Batch Size 1 @@ -2277,16 +2284,16 @@ Input = 00 Info = 7465737420696e666f Blind = 3338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7a d364 -BlindedElement = 02811b5218bd2bb8361f990efb6062f1201241bcd6f053a5c35 -c34dcd7292e7730 -EvaluationElement = 02555fc8577c4f88eeb13bc6ac53994f8fb287a33a704592 -05ddff91bc19b6a2da -Proof = d87b112dfa11b77f226b85693ab1b5f63adfa491b6e051e570a12392a926 -c4816778b527526ba6212c4b0597f13e05f5f9b2223429aab82cd2596625ab1cad0b +BlindedElement = 031563e127099a8f61ed51eeede05d747a8da2be329b40ba1f0 +db0b2bd9dd4e2c0 +EvaluationElement = 02c5e5300c2d9e6ba7f3f4ad60500ad93a0157e6288eb04b +67e125db024a2c74d2 +Proof = f8a33690b87736c854eadfcaab58a59b8d9c03b569110b6f31f8bf7577f3 +fbb85a8a0c38468ccde1ba942be501654adb106167c8eb178703ccb42bccffb9231a ProofRandomScalar = f9db001266677f62c095021db018cd8cbb55941d4073698c e45c405d1348b7b1 -Output = af6525716fe5dd844076bb5cb118ceda08c02c2d1a02368922ddad63f40 -f8b44 +Output = 193a92520bd8fd1f37accb918040a57108daa110dc4f659abe212636d24 +5c592 ~~~ #### Test Vector 2, Batch Size 1 @@ -2296,16 +2303,16 @@ Input = 5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a Info = 7465737420696e666f Blind = 3338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7a d364 -BlindedElement = 03e9ddbb1fa70461119afcf0ffbfe3fcd105690c14cf0e07872 -e72d4f63aa0e197 -EvaluationElement = 03156037ca1ab2166e924e6197344a9885256de2cd7d9432 -ae36e3f94049e94bbb -Proof = d087b632e2aa4a67e0bc8b7cf012646217a2dfdbf49c60f236a43c66c72b -7f2767b85dc93b96a11e3286ef1ff1864b544a68c2c2d8c2bc35ef7cf7dd34189d3e +BlindedElement = 021a440ace8ca667f261c10ac7686adc66a12be31e3520fca31 +7643a1eee9dcd4d +EvaluationElement = 0208ca109cbae44f4774fc0bdd2783efdcb868cb4523d521 +96f700210e777c5de3 +Proof = 043a8fb7fc7fd31e35770cabda4753c5bf0ecc1e88c68d7d35a62bf2631e +875af4613641be2d1875c31d1319d191c4bbc0d04875f4fd03c31d3d17dd8e069b69 ProofRandomScalar = f9db001266677f62c095021db018cd8cbb55941d4073698c e45c405d1348b7b1 -Output = 192f4e5d4f89ffe4b9cea5c1c9619ffe32443a5c04fc35f98c3821420cf -1890c +Output = 1e6d164cfd835d88a31401623549bf6b9b306628ef03a7962921d62bc5f +fce8c ~~~ #### Test Vector 3, Batch Size 2 @@ -2316,31 +2323,31 @@ Info = 7465737420696e666f Blind = 3338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7a d364,f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b 1 -BlindedElement = 02811b5218bd2bb8361f990efb6062f1201241bcd6f053a5c35 -c34dcd7292e7730,0366ff91265bb4a9d24130b9e8cd3ecc523084b512b6b0722de4 -4049616b8c374f -EvaluationElement = 02555fc8577c4f88eeb13bc6ac53994f8fb287a33a704592 -05ddff91bc19b6a2da,032bdb191ef5604cf43d0c37faead30c4b2b21e3f61c0d47c -cc84850fc5656e500 -Proof = 1bd5f64dffa2ab8d6532122887ed55ad17d114020901a7a01cf2412d568e -22b6d0536fd6dbefe9f417060468ee3cc451a8f3750f4d8d4acf1e98437248cc7fa2 +BlindedElement = 031563e127099a8f61ed51eeede05d747a8da2be329b40ba1f0 +db0b2bd9dd4e2c0,03ca4ff41c12fadd7a0bc92cf856732b21df652e01a3abdf0fa8 +847da053db213c +EvaluationElement = 02c5e5300c2d9e6ba7f3f4ad60500ad93a0157e6288eb04b +67e125db024a2c74d2,02f0b6bcd467343a8d8555a99dc2eed0215c71898c5edb77a +3d97ddd0dbad478e8 +Proof = 8fbd85a32c13aba79db4b42e762c00687d6dbf9c8cb97b2a225645ccb00d +9d7580b383c885cdfd07df448d55e06f50f6173405eee5506c0ed0851ff718d13e68 ProofRandomScalar = 350e8040f828bf6ceca27405420cdf3d63cb3aef005f40ba 51943c8026877963 -Output = af6525716fe5dd844076bb5cb118ceda08c02c2d1a02368922ddad63f40 -f8b44,192f4e5d4f89ffe4b9cea5c1c9619ffe32443a5c04fc35f98c3821420cf189 -0c +Output = 193a92520bd8fd1f37accb918040a57108daa110dc4f659abe212636d24 +5c592,1e6d164cfd835d88a31401623549bf6b9b306628ef03a7962921d62bc5ffce +8c ~~~ -## OPRF(P-384, SHA-384) +## P384-SHA384 ### OPRF Mode ~~~ Seed = a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a -3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3 +3a3 KeyInfo = 74657374206b6579 -skSm = c0503759ddd1e31d8c7eae9304c9b1c16f83d1f6d962e3e7b789cd85fd581 -800e96c5c4256131aafcff9a76919abbd55 +skSm = dfe7ddc41a4646901184f2b432616c8ba6d452f9bcd0c4f75a5150ef2b2ed +02ef40b8b92f60ae591bcabd72a6518f188 ~~~ #### Test Vector 1, Batch Size 1 @@ -2349,12 +2356,12 @@ skSm = c0503759ddd1e31d8c7eae9304c9b1c16f83d1f6d962e3e7b789cd85fd581 Input = 00 Blind = 504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562 889d89dbfa691d1cde91517fa222ed7ad364 -BlindedElement = 0396a1584fedc4d91ddb753a0c49e0aa2298c1936dbc935d60f -e793d82809f44ff05fbd1922a2cae789d700b5ef4310fb3 -EvaluationElement = 0361804cebcb1873cee5e51efd5257cd8b095521cc0089cf -4c1100b1d749e212a044eae6d4f3d852e379eeb1bb54047823 -Output = b7ccad41ed7f56be97621bbba8cc3a4f5e8a46a28d72b0fe089d12802f8 -6f080b20726e01a99390aba3437ac50c640d6 +BlindedElement = 02a36bc90e6db34096346eaf8b7bc40ee1113582155ad379700 +3ce614c835a874343701d3f2debbd80d97cbe45de6e5f1f +EvaluationElement = 03af2a4fc94770d7a7bf3187ca9cc4faf3732049eded2442 +ee50fbddda58b70ae2999366f72498cdbc43e6f2fc184afe30 +Output = ed84ad3f31a552f0456e58935fcc0a3039db42e7f356dcb32aa6d487b6b +815a07d5813641fb1398c03ddab5763874357 ~~~ #### Test Vector 2, Batch Size 1 @@ -2363,24 +2370,24 @@ Output = b7ccad41ed7f56be97621bbba8cc3a4f5e8a46a28d72b0fe089d12802f8 Input = 5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a Blind = 504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562 889d89dbfa691d1cde91517fa222ed7ad364 -BlindedElement = 0370b0b4649c0880d44c421a3ca7c915b1b6ffa61f5a1290aa2 -2258b006d148e5c105d47725e1ee1b2483b9c5666384038 -EvaluationElement = 036d0aaf31ec411ef8e11c68551434883468e56cbd5d615a -c8c52b9dc7af326889d52d7466c5eed47f8c89707976aadc64 -Output = ca7dc32dc6434101f35a790717dd591e5963acc86d20fda68011fe228fb -76be8da7f42c6a92284df88fb8e69480a3cb9 +BlindedElement = 02def6f418e3484f67a124a2ce1bfb19de7a4af568ede6a1ebb +2733882510ddd43d05f2b1ab5187936a55e50a847a8b900 +EvaluationElement = 034e9b9a2960b536f2ef47d8608b21597ba400d5abfa1825 +fd21c36b75f927f396bf3716c96129d1fa4a77fa1d479c8d7b +Output = dd4f29da869ab9355d60617b60da0991e22aaab243a3460601e48b07585 +9d1c526d36597326f1b985778f781a1682e75 ~~~ ### VOPRF Mode ~~~ Seed = a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a -3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3 +3a3 KeyInfo = 74657374206b6579 -skSm = 514fb6fe2e66af1383840759d56f71730331280f062930ee2a2f7ea42f935 -acf94087355699d788abfdf09d19a5c85ac -pkSm = 02f773b99e65ad26e8cd20614910ce7ad74c1baa5bdbfd9f124389dc8ef44 -b5989f5bf036f6802dc2242fd7068b73da29f +skSm = 051646b9e6e7a71ae27c1e1d0b87b4381db6d3595eeeb1adb41579adbf992 +f4278f9016eafc944edaa2b43183581779d +pkSm = 031d689686c611991b55f1a1d8f4305ccd6cb719446f660a30db61b7aa87b +46acf59b7c0d4a9077b3da21c25dd482229a0 ~~~ #### Test Vector 1, Batch Size 1 @@ -2389,17 +2396,17 @@ b5989f5bf036f6802dc2242fd7068b73da29f Input = 00 Blind = 504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562 889d89dbfa691d1cde91517fa222ed7ad364 -BlindedElement = 03022e23d8356d74d8f9a24ade759fb4e7cf050d1a770110878 -83d4db52f16751d8d987fa49764c157c1039c4cdfa5ef7a -EvaluationElement = 0202bdefbc2d55a37aa848df5efc561055235d9190da9ec3 -0ccfb84d93b033a29c4fb1968c55c63a0b90a205e1e9c4c19f -Proof = 929ee0254047350f580cdbd6fca706a9d110e4fc0aa1383af8d35a536795 -69c038d90900e8810eca177b9cfd6a2d0f1fb5ed7a2e0f3107719cbd9c74ab7d9502 -79869f67551b629c3706c8f9cee651d700453ca44e43b0a08c05502cd28f3960 +BlindedElement = 02d338c05cbecb82de13d6700f09cb61190543a7b7e2c6cd4fc +a56887e564ea82653b27fdad383995ea6d02cf26d0e24d9 +EvaluationElement = 02a7bba589b3e8672aa19e8fd258de2e6aae20101c8d7612 +46de97a6b5ee9cf105febce4327a326255a3c604f63f600ef6 +Proof = bfc6cf3859127f5fe25548859856d6b7fa1c7459f0ba5712a806fc091a30 +00c42d8ba34ff45f32a52e40533efd2a03bc87f3bf4f9f58028297ccb9ccb18ae718 +2bcd1ef239df77e3be65ef147f3acf8bc9cbfc5524b702263414f043e3b7ca2e ProofRandomScalar = 803d955f0e073a04aa5d92b3fb739f56f9db001266677f62 c095021db018cd8cbb55941d4073698ce45c405d1348b7b1 -Output = 7eb3cc88d920431c3a5ea3fb6e36b515b6d82c5ef537e285918fe7c741e -97819ce029657d6cced0f8850f47ff281c444 +Output = 3333230886b562ffb8329a8be08fea8025755372817ec969d114d1203d0 +26b4a622beab60220bf19078bca35a529b35c ~~~ #### Test Vector 2, Batch Size 1 @@ -2408,17 +2415,17 @@ Output = 7eb3cc88d920431c3a5ea3fb6e36b515b6d82c5ef537e285918fe7c741e Input = 5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a Blind = 504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562 889d89dbfa691d1cde91517fa222ed7ad364 -BlindedElement = 037ae30a62126a39ca791aadafb65769c812a559c7da92820e1 -43350b6bb8cefb543af2e0179664f9cd0d1499c018a0b18 -EvaluationElement = 0355f95a68e8c4f0d40910e9a85f09109e4e7fff84f75db1 -a4aa8e21c451ac2d872113b497bea6c0be1b535241557032a2 -Proof = f4ec262642fc9981fe5d1f0a3737f2d09ec9b056f577224013f5a3d09812 -fb22c6b45e17150d8fe3a8c7e63094cdf40a60ae1e50fc2e1678954c1ecbaed2f7d0 -7e6d597fffedc7aca450ed64164c46e62d1326ff1f6eaeba4b5dd151e953e060 +BlindedElement = 02f27469e059886f221be5f2cca03d2bdc61e55221721c3b3e5 +6fc012e36d31ae5f8dc058109591556a6dbd3a8c69c433b +EvaluationElement = 03f16f903947035400e96b7f531a38d4a07ac89a80f89d86 +a1bf089c525a92c7f4733729ca30c56ce78b1ab4f7d92db8b4 +Proof = d005d6daaad7571414c1e0c75f7e57f2113ca9f4604e84bc90f9be52da89 +6fff3bee496dcde2a578ae9df315032585f801fb21c6080ac05672b291e575a40295 +b306d967717b28e08fcc8ad1cab47845d16af73b3e643ddcc191208e71c64630 ProofRandomScalar = 803d955f0e073a04aa5d92b3fb739f56f9db001266677f62 c095021db018cd8cbb55941d4073698ce45c405d1348b7b1 -Output = fb538f84dae5f214c5adfcf529c6fe63bc46d6a4073d540cf0dabcc7c8e -0f3c1b43b606002a9aa52ae158a19d900c136 +Output = b91c70ea3d4d62ba922eb8a7d03809a441e1c3c7af915cbc2226f485213 +e895942cd0f8580e6d99f82221e66c40d274f ~~~ #### Test Vector 3, Batch Size 2 @@ -2428,34 +2435,34 @@ Input = 00,5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a Blind = 504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562 889d89dbfa691d1cde91517fa222ed7ad364,803d955f0e073a04aa5d92b3fb739f5 6f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b1 -BlindedElement = 03022e23d8356d74d8f9a24ade759fb4e7cf050d1a770110878 -83d4db52f16751d8d987fa49764c157c1039c4cdfa5ef7a,031ee43111a2406b09eb -4fb2a3a5fd7c690c0aa51158af766c9df1428bb18195f054c5f68ae1863e6ab3dd42 -98b3db712b -EvaluationElement = 0202bdefbc2d55a37aa848df5efc561055235d9190da9ec3 -0ccfb84d93b033a29c4fb1968c55c63a0b90a205e1e9c4c19f,021fdbb3b92cf4f8e -04534bc1a9f62596667c3ea49a6e89f1610b9f7f89708e8730df159827ea92e26fcf -db2063920c89c -Proof = 9cc7fe5a120cec6ef0d877260cf1af1861f281aa0015f371c8830f93f286 -8f5891ee6f32ec6fcbe130a50de24c93b131261eb4a242941c8d5ad9ad2f2be402d9 -386ac4afcf5e5498f35cc3db0442a77e139eb56a7b3435177e7bf1a48cef184a +BlindedElement = 02d338c05cbecb82de13d6700f09cb61190543a7b7e2c6cd4fc +a56887e564ea82653b27fdad383995ea6d02cf26d0e24d9,02fa02470d7f151018b4 +1e82223c32fad824de6ad4b5ce9f8e9f98083c9a726de9a1fc39d7a0cb6f4f188dd9 +cea01474cd +EvaluationElement = 02a7bba589b3e8672aa19e8fd258de2e6aae20101c8d7612 +46de97a6b5ee9cf105febce4327a326255a3c604f63f600ef6,028e9e115625ff4c2 +f07bf87ce3fd73fc77994a7a0c1df03d2a630a3d845930e2e63a165b114d98fe34e6 +1b68d23c0b50a +Proof = 6d8dcbd2fc95550a02211fb78afd013933f307d21e7d855b0b1ed0af7807 +6d8137ad8b0a1bfa05676d325249c1dbb9a52bd81b1c2b7b0efc77cf7b278e1c947f +6283f1d4c513053fc0ad19e026fb0c30654b53d9cea4b87b037271b5d2e2d0ea ProofRandomScalar = a097e722ed2427de86966910acba9f5c350e8040f828bf6c eca27405420cdf3d63cb3aef005f40ba51943c8026877963 -Output = 7eb3cc88d920431c3a5ea3fb6e36b515b6d82c5ef537e285918fe7c741e -97819ce029657d6cced0f8850f47ff281c444,fb538f84dae5f214c5adfcf529c6fe -63bc46d6a4073d540cf0dabcc7c8e0f3c1b43b606002a9aa52ae158a19d900c136 +Output = 3333230886b562ffb8329a8be08fea8025755372817ec969d114d1203d0 +26b4a622beab60220bf19078bca35a529b35c,b91c70ea3d4d62ba922eb8a7d03809 +a441e1c3c7af915cbc2226f485213e895942cd0f8580e6d99f82221e66c40d274f ~~~ ### POPRF Mode ~~~ Seed = a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a -3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3 +3a3 KeyInfo = 74657374206b6579 -skSm = 0fcba4a204f67d6c13f780e613915f755319aaa3cb03cd20a5a4a6c403a48 -12a4fff5d3223e2c309aa66b05cb7611fd4 -pkSm = 03a571100213c4356177af14a7039cfee270ad1f9abde42ac3418c501209e -d7b2fc0d4aa3373c12ba956fb555b02843fc8 +skSm = 5b2690d6954b8fbb159f19935d64133f12770c00b68422559c65431942d72 +1ff79d47d7a75906c30b7818ec0f38b7fb2 +pkSm = 02f00f0f1de81e5d6cf18140d4926ffdc9b1898c48dc49657ae36eb1e45de +b8b951aaf1f10c82d2eaa6d02aafa3f10d2b6 ~~~ #### Test Vector 1, Batch Size 1 @@ -2465,17 +2472,17 @@ Input = 00 Info = 7465737420696e666f Blind = 504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562 889d89dbfa691d1cde91517fa222ed7ad364 -BlindedElement = 03156aece0ce92e9eb8f7a9b7f6bd30230a048d41384f2fe49f -1f9f69e180c23390e3ba8d0ee66dde6d637f03c06385f76 -EvaluationElement = 02352ec7586660cc4257a9e78366727341db0825e431fc82 -4a70a91019b67be26d8b880b2d4d8e734207d4a21a23429d74 -Proof = 77bb1ca3ba4013b93ccb302db838839098eca743de542d3c79d189f2adf0 -01999583a01aead6c248a32ff13b7f1f3d6b2dd04f653a5beb0f0394ad83ce5e79ea -08ae029d669b918b6d62ed3b77b08a07f04bbc341fae06444d196746da4da884 +BlindedElement = 03859b36b95e6564faa85cd3801175eda2949707f6aa0640ad0 +93cbf8ad2f58e762f08b56b2a1b42a64953aaf49cbf1ae3 +EvaluationElement = 0220710e2e00306453f5b4f574cb6a512453f35c45080d09 +373e190c19ce5b185914fbf36582d7e0754bb7c8b683205b91 +Proof = 82a17ef41c8b57f1e3122311b4d5cd39a63df0f67443ef18d961f9b659c1 +601ced8d3c64b294f604319ca80230380d437a49c7af0d620e22116669c008ebb767 +d90283d573b49cdb49e3725889620924c2c4b047a2a6225a3ba27e640ebddd33 ProofRandomScalar = 803d955f0e073a04aa5d92b3fb739f56f9db001266677f62 c095021db018cd8cbb55941d4073698ce45c405d1348b7b1 -Output = fa15c0fe8706ac256dfd3c38d21ba0cd57b927cfcf3e4d6d5554ec1272e -670079b95cdbb2778e0df22baf50f33e12607 +Output = 0188653cfec38119a6c7dd7948b0f0720460b4310e40824e048bf82a165 +27303ed449a08caf84272c3bbc972ede797df ~~~ #### Test Vector 2, Batch Size 1 @@ -2485,17 +2492,17 @@ Input = 5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a Info = 7465737420696e666f Blind = 504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562 889d89dbfa691d1cde91517fa222ed7ad364 -BlindedElement = 02d46e0e2d27d8bb126e1201e881d0070b8807cb5635687b20d -d4a3a248e7a40c50a1ad3e905e43342771eb23bc8827a00 -EvaluationElement = 030879805ff65cb536293a1449c00824e55c4c1b25379f2e -c17d97923055169a6d97b46ed7b11bb661cc8cb9535abc3d66 -Proof = 9982a8501f45839213441d4ec501cf496d06fffab65f13ca3b3e66d21398 -fe9e0e04aafdf50eae214fa9cccad3c53d524d0f8c185ed60b11fcf5c7e82e10a8d3 -f3b2ce1e4a004d65e6ad596eeb5738453465d881f2770858cd46ac32f0e16121 +BlindedElement = 03f7efcb4aaf000263369d8a0621cb96b81b3206e99876de2a0 +0699ed4c45acf3969cd6e2319215395955d3f8d8cc1c712 +EvaluationElement = 034993c818369927e74b77c400376fd1ae29b6ac6c6ddb77 +6cf10e4fbc487826531b3cf0b7c8ca4d92c7af90c9def85ce6 +Proof = 693471b5dff0cd6a5c00ea34d7bf127b2795164e3bdb5f39a1e5edfbd13e +443bc516061cd5b8449a473c2ceeccada9f3e5b57302e3d7bc5e28d38d6e3a3056e1 +e73b6cc030f5180f8a1ffa45aa923ee66d2ad0a07b500f2acc7fb99b5506465c ProofRandomScalar = 803d955f0e073a04aa5d92b3fb739f56f9db001266677f62 c095021db018cd8cbb55941d4073698ce45c405d1348b7b1 -Output = 77cb533216c32cac017d706d5f0ee4630bcb0bfefbb980d95e98dc240ab -c70a944a44cde69b805aee3a39b2eb7d834be +Output = ff2a527a21cc43b251a567382677f078c6e356336aec069dea8ba369953 +43ca3b33bb5d6cf15be4d31a7e6d75b30d3f5 ~~~ #### Test Vector 3, Batch Size 2 @@ -2506,36 +2513,35 @@ Info = 7465737420696e666f Blind = 504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562 889d89dbfa691d1cde91517fa222ed7ad364,803d955f0e073a04aa5d92b3fb739f5 6f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b1 -BlindedElement = 03156aece0ce92e9eb8f7a9b7f6bd30230a048d41384f2fe49f -1f9f69e180c23390e3ba8d0ee66dde6d637f03c06385f76,025663d73e3418039fdd -ea1a212d254ec0103f28904e588b73c7da8298347706b2f69902a98e8d01c7aaa69a -297b14c7dc -EvaluationElement = 02352ec7586660cc4257a9e78366727341db0825e431fc82 -4a70a91019b67be26d8b880b2d4d8e734207d4a21a23429d74,02f8e532fabdd09bb -2a7391a2a80c14f265c0456009199b77eefac1013d4a4f449dfe46d5d6d2d4d74f8c -9fb1e2868b611 -Proof = f8c938b5d2aff7d1a05ecdcf4178d682fe7b35c375be5db88dfa59f488c6 -e4a68d4f99f16330a06f918e264ad68a78fdfad91446b72e1a3da2a65e531d520dd0 -4fd91dd49b09037648e04a44e83d0dfd2aab7627e7389818924ad9bff591d646 +BlindedElement = 03859b36b95e6564faa85cd3801175eda2949707f6aa0640ad0 +93cbf8ad2f58e762f08b56b2a1b42a64953aaf49cbf1ae3,021a65d618d645f1a20b +c33b06deaa7e73d6d634c8a56a3d02b53a732b69a5c53c5a207ea33d5afdcde9a22d +59726bce51 +EvaluationElement = 0220710e2e00306453f5b4f574cb6a512453f35c45080d09 +373e190c19ce5b185914fbf36582d7e0754bb7c8b683205b91,02017657b315ec65e +f861505e596c8645d94685dd7602cdd092a8f1c1c0194a5d0485fe47d071d972ab51 +4370174cc23f5 +Proof = 4a0b2fe96d5b2a046a0447fe079b77859ef11a39a3520d6ff7c626aad9b4 +73b724fb0cf188974ec961710a62162a83e97e0baa9eeada73397032d928b3e97b1e +a92ad9458208302be3681b8ba78bcc17745bac00f84e0fdc98a6a8cba009c080 ProofRandomScalar = a097e722ed2427de86966910acba9f5c350e8040f828bf6c eca27405420cdf3d63cb3aef005f40ba51943c8026877963 -Output = fa15c0fe8706ac256dfd3c38d21ba0cd57b927cfcf3e4d6d5554ec1272e -670079b95cdbb2778e0df22baf50f33e12607,77cb533216c32cac017d706d5f0ee4 -630bcb0bfefbb980d95e98dc240abc70a944a44cde69b805aee3a39b2eb7d834be +Output = 0188653cfec38119a6c7dd7948b0f0720460b4310e40824e048bf82a165 +27303ed449a08caf84272c3bbc972ede797df,ff2a527a21cc43b251a567382677f0 +78c6e356336aec069dea8ba36995343ca3b33bb5d6cf15be4d31a7e6d75b30d3f5 ~~~ -## OPRF(P-521, SHA-512) +## P521-SHA512 ### OPRF Mode ~~~ Seed = a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a -3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a 3a3 KeyInfo = 74657374206b6579 -skSm = 0152e55f3a5d836ab6c2091a904ba4b4f92e51ba59ecc211b4fc771f7c6c8 -b17fcbbb2bed8a65afd7811ceeec3eac83df6a58515b6d3c71ee0ffc349e28c3fb78 -d83 +skSm = 0153441b8faedb0340439036d6aed06d1217b34c42f17f8db4c5cc610a4a9 +55d698a688831b16d0dc7713a1aa3611ec60703bffc7dc9c84e3ed673b3dbe1d5fcc +ea6 ~~~ #### Test Vector 1, Batch Size 1 @@ -2545,15 +2551,15 @@ Input = 00 Blind = 00d1dccf7a51bafaf75d4a866d53d8cafe4d504650f53df8f16f68616333 88936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7a d364 -BlindedElement = 03016480f33f005c8a8eb1003e48ebc22e082d0b86678f8460e -df21cc1518a13bfc0001fa143d474b18214188d93a7b3124b1b385db4cd4e356ad24 -923ae55d70ce8a7 -EvaluationElement = 03005fdb56bf49fcd073b1c4cfb42ceef5666c709785ae82 -d659e4d75c0f5591cbf812ca9ffd992ac67c1877b63978f417687a2a6c17697e858c -f715843f9e4235566a -Output = ddcaaceceec790f4858a09f3e06e74e8b0841681a3d45ab1393d0948379 -43f782d9ed22ae716a642d4ee428ddf1dae9ff631047864b99a305412aceb7efafa3 -2 +BlindedElement = 0300e78bf846b0e1e1a3c320e353d758583cd876df56100a3a1 +e62bacba470fa6e0991be1be80b721c50c5fd0c672ba764457acc18c6200704e9294 +fbf28859d916351 +EvaluationElement = 030166371cf827cb2fb9b581f97907121a16e2dc5d8b10ce +9f0ede7f7d76a0d047657735e8ad07bcda824907b3e5479bd72cdef6b839b967ba5c +58b118b84d26f2ba07 +Output = 26232de6fff83f812adadadb6cc05d7bbeee5dca043dbb16b03488abb99 +81d0a1ef4351fad52dbd7e759649af393348f7b9717566c19a6b8856284d69375c80 +9 ~~~ #### Test Vector 2, Batch Size 1 @@ -2563,30 +2569,29 @@ Input = 5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a Blind = 00d1dccf7a51bafaf75d4a866d53d8cafe4d504650f53df8f16f68616333 88936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7a d364 -BlindedElement = 02000e860d3b8205e0cb4f289771c8e6189b47c60cbff24459e -12a60317ac242e9cb36ab033a620cdee5628ecae4a81303e7464d52194d801756911 -fd7ddfa5430e69c -EvaluationElement = 0300e2663f17144682b25de378531abd6d065b770eec073a -42494719f27748f75b4ab11aecb06bf8815bcc9eeb3ce54978605bd8a54c22a1dea6 -2da1ae5f9f5e5e90f4 -Output = 287712c6dbed773f39925fec0ad686dfda4a679cc7e88fa60ba9d3a7d71 -2a11d4a0445995391ba56cfb018922e0d4bb4b25ec0965a33170c9b00f45c361b021 -5 +BlindedElement = 0300c28e57e74361d87e0c1874e5f7cc1cc796d61f9cad50427 +cf54655cdb455613368d42b27f94bf66f59f53c816db3e95e68e1b113443d66a99b3 +693bab88afb556b +EvaluationElement = 0301ad453607e12d0cc11a3359332a40c3a254eaa1afc642 +96528d55bed07ba322e72e22cf3bcb50570fd913cb54f7f09c17aff8787af75f6a7f +af5640cbb2d9620a6e +Output = ad1f76ef939042175e007738906ac0336bbd1d51e287ebaa66901abdd32 +4ea3ffa40bfc5a68e7939c2845e0fd37a5a6e76dadb9907c6cc8579629757fd4d04b +a ~~~ ### VOPRF Mode ~~~ Seed = a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a -3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a 3a3 KeyInfo = 74657374206b6579 -skSm = 00fb5507f94782c5b72acc16b9eb21064f86b4aa525b9865258d157b0431a -b5c3515fc975fa19ddb28129c969992b31d8946c4e354bc49458bb25fae58f10ac3f -678 -pkSm = 0301322c63ad53e079791739169e011f362f4396a8e93fceeee9cd814d471 -80e75ffd717820fe9e9c763fa595340cd80989c31fbd0200572080752c73b80b7532 -2f300 +skSm = 015c7fc1b4a0b1390925bae915bd9f3d72009d44d9241b962428aad5d13f2 +2803311e7102632a39addc61ea440810222715c9d2f61f03ea424ec9ab1fe5e31cf9 +238 +pkSm = 0301505d646f6e4c9102451eb39730c4ba1c4087618641edbdba4a60896b0 +7fd0c9414ce553cbf25b81dfcca50a8f6724ab7a2bc4d0cf736967a287bb6084cc06 +78ac0 ~~~ #### Test Vector 1, Batch Size 1 @@ -2596,22 +2601,22 @@ Input = 00 Blind = 00d1dccf7a51bafaf75d4a866d53d8cafe4d504650f53df8f16f68616333 88936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7a d364 -BlindedElement = 02016dafe8eee47b591592705ce4d5231563b637e5a51b425b8 -81f1cc576c53caae4ec59fd6e3a918d5c35e6db77cf3a5862b71a8b6c7eaded3ebdf -0c6e14778c03a8c -EvaluationElement = 020124a0ee09ade261bbf67e1e3d296655c97e6c5c14c71a -386e636d8f55d29f5f6dcec954ff28bfc7e6e63240a52bf278ae94b312be3d8bf850 -55d2a1dbab687905b0 -Proof = 00156561564a9128de6e2fb92d0ee065bb19192ff86549c37fab777f2d57 -a951ff94b3832162cf02ad73287a0f0906045878105d8ab54a7cc9a1a0039d0cb241 -ebd10197e5cef77e8fbe0414f86b86fe2e823e0d8dbdcf2ccac54d273e814da062ba -941a27d1e7e28c44cdbdaffe392cc915bf8b9add15d51b68afd6e88a52d07ff8b3d1 +BlindedElement = 0301d6e4fb545e043ddb6aee5d5ceeee1b44102615ab04430c2 +7dd0f56988dedcb1df32ef384f160e0e76e718605f14f3f582f9357553d153b99679 +5b4b3628a4f6380 +EvaluationElement = 03013fdeaf887f3d3d283a79e696a54b66ff0edcb559265e +204a958acf840e0930cc147e2a6835148d8199eebc26c03e9394c9762a1c991dde40 +bca0f8ca003eefb045 +Proof = 0077fcc8ec6d059d7759b0a61f871e7c1dadc65333502e09a51994328f79 +e5bda3357b9a4f410a1760a3612c2f8f27cb7cb032951c047cc66da60da583df7b24 +7edd0188e5eb99c71799af1d80d643af16ffa1545acd9e9233fbb370455b10eb257e +a12a1667c1b4ee5b0ab7c93d50ae89602006960f083ca9adc4f6276c0ad60440393c ProofRandomScalar = 015e80ae32363b32cb76ad4b95a5a34e46bb803d955f0e07 3a04aa5d92b3fb739f56f9db001266677f62c095021db018cd8cbb55941d4073698c e45c405d1348b7b1 -Output = 16a9387153bf7fa2c733d42f299877324cfce3b39093e72067c3d59948b -f745d77b2fe9180ffb442ec45b575eb4108d2b6f207cbfabd7bc540ad2a087cfabca -2 +Output = 5e003d9b2fb540b3d4bab5fedd154912246da1ee5e557afd8f56415faa1 +a0fadff6517da802ee254437e4f60907b4cda146e7ba19e249eef7be405549f62954 +b ~~~ #### Test Vector 2, Batch Size 1 @@ -2621,22 +2626,22 @@ Input = 5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a Blind = 00d1dccf7a51bafaf75d4a866d53d8cafe4d504650f53df8f16f68616333 88936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7a d364 -BlindedElement = 02008f585341e32244d67033ddcf4c1cc30f7661c4cfc177f09 -82c69bf9c90e1da02d86a26ece60b8c42b278a1dc85afcc9cbc6aedff15cc092af03 -5100b915c2bb4df -EvaluationElement = 03006cfeb22e141859e6a2050a714bde8ab8109abb2b42bc -8f18ace67121c1811c9e95e7cf8ffd4f13f8cee80fc3c69318b0eb30ecdf6e7d7e84 -faefa6f0b8299217fe -Proof = 01db7070ab756e8c2b12cb81c40daac6ef1d5137be3626a10ee867b0b736 -ae5ab05aadbc3ee3d1d0202b7687e1614765893cba67b307c67a8a4ce7b3eaf3ba64 -204901ce6f8dc9234d27373b1027982d7e3bb196d157403f50c2f1bf0fa701753ef6 -3d7265c0b1016e662456d4bdea55b3d983350b2c2ce80e192897161a1b780046b952 +BlindedElement = 03005b05e656cb609ce5ff5faf063bb746d662d67bbd07c0626 +38396f52f0392180cf2365cabb0ece8e19048961d35eeae5d5fa872328dce98df076 +ee154dd191c615e +EvaluationElement = 0301b19fcf482b1fff04754e282292ed736c5f0aa080d4f4 +2663cd3a416c6596f03129e8e096d8671fe5b0d19838312c511d2ce08d431e43e3ef +06199d8cab7426238d +Proof = 01ec9fece444caa6a57032e8963df0e945286f88fbdf233fb5101f0924f7 +ea89c47023f5f72f240e61991fd33a299b5b38c45a5e2dd1a67b072e59dfe86708a3 +59c701e38d383c60cf6969463bcf13251bedad47b7941f52e409a3591398e2792441 +0b18a301c0e19f527cad504fa08388050ac634e1b05c5216d337742f2754e1fc502f ProofRandomScalar = 015e80ae32363b32cb76ad4b95a5a34e46bb803d955f0e07 3a04aa5d92b3fb739f56f9db001266677f62c095021db018cd8cbb55941d4073698c e45c405d1348b7b1 -Output = 0163635204be5347419796f3564b36d6e89c9170e4fcca5b6df79d3f676 -f641b2ae3ae1a64cc49f3d788e276abe14e3c38bb2f92fdba0b45ed122a6930e7d96 -1 +Output = fa15eebba81ecf40954f7135cb76f69ef22c6bae394d1a4362f9b03066b +54b6604d39f2e53369ca6762a3d9787e230e832aa85955af40ecb8deebb009a8cf47 +4 ~~~ #### Test Vector 3, Batch Size 2 @@ -2648,42 +2653,41 @@ Blind = 00d1dccf7a51bafaf75d4a866d53d8cafe4d504650f53df8f16f68616333 d364,015e80ae32363b32cb76ad4b95a5a34e46bb803d955f0e073a04aa5d92b3fb7 39f56f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b 1 -BlindedElement = 02016dafe8eee47b591592705ce4d5231563b637e5a51b425b8 -81f1cc576c53caae4ec59fd6e3a918d5c35e6db77cf3a5862b71a8b6c7eaded3ebdf -0c6e14778c03a8c,03005467c05309dd2b9ef584dd33ae30e93ae5508f2ceda71497 -63b4b44fe797f7d0f4c7441298a0ed821ede9ebdc8c0215f96db57c64feb734a145f -00d00f0f222db1 -EvaluationElement = 020124a0ee09ade261bbf67e1e3d296655c97e6c5c14c71a -386e636d8f55d29f5f6dcec954ff28bfc7e6e63240a52bf278ae94b312be3d8bf850 -55d2a1dbab687905b0,0300fdf99a9eb28097074daf75ba9fe16868690b16165f58f -9c4fa266d5fffa5a87026a98ac3b0ca6dc7e42f49140a004c325646aec5ddc778db7 -08748cc2f632ed937 -Proof = 01935896f4c03ea5257d6471677f191ea7dfc777cc1e15f82e423cf1948c -440ee56a1c5a8627aad8da8e507a7f382b45255e55a1f1afc99c6b14237ce7cf0855 -40fa000fe413be351bd11ac910b1d4af34d2c97c7b7a53438340dd659272f3d86470 -35b13cd8072903b9a3adf8e89bfb1f77d732fa224f32674506e3e88e29ce182186e3 +BlindedElement = 0301d6e4fb545e043ddb6aee5d5ceeee1b44102615ab04430c2 +7dd0f56988dedcb1df32ef384f160e0e76e718605f14f3f582f9357553d153b99679 +5b4b3628a4f6380,0301403b597538b939b450c93586ba275f9711ba07e42364bac1 +d5769c6824a8b55be6f9a536df46d952b11ab2188363b3d6737635d9543d4dba14a6 +e19421b9245bf5 +EvaluationElement = 03013fdeaf887f3d3d283a79e696a54b66ff0edcb559265e +204a958acf840e0930cc147e2a6835148d8199eebc26c03e9394c9762a1c991dde40 +bca0f8ca003eefb045,03001f96424497e38c46c904978c2fa1636c5c3dd2e634a85 +d8a7265977c5dce1f02c7e6c118479f0751767b91a39cce6561998258591b5d7c1bb +02445a9e08e4f3e8d +Proof = 00b4d215c8405e57c7a4b53398caf55f1f1623aaeb22408ddb9ea2913090 +9b3f95dbb1ff366e81e86e918f9f2fd8b80dbb344cd498c9499d112905e585417e00 +68c600fe5dea18b389ef6c4cc062935607b8ccbbb9a84fba3143868a3e8a58efa0bf +6ca642804d09dc06e980f64837811227c4267b217f1099a4e28b0854f4e5ee659796 ProofRandomScalar = 01ec21c7bb69b0734cb48dfd68433dd93b0fa097e722ed24 27de86966910acba9f5c350e8040f828bf6ceca27405420cdf3d63cb3aef005f40ba 51943c8026877963 -Output = 16a9387153bf7fa2c733d42f299877324cfce3b39093e72067c3d59948b -f745d77b2fe9180ffb442ec45b575eb4108d2b6f207cbfabd7bc540ad2a087cfabca -2,0163635204be5347419796f3564b36d6e89c9170e4fcca5b6df79d3f676f641b2a -e3ae1a64cc49f3d788e276abe14e3c38bb2f92fdba0b45ed122a6930e7d961 +Output = 5e003d9b2fb540b3d4bab5fedd154912246da1ee5e557afd8f56415faa1 +a0fadff6517da802ee254437e4f60907b4cda146e7ba19e249eef7be405549f62954 +b,fa15eebba81ecf40954f7135cb76f69ef22c6bae394d1a4362f9b03066b54b6604 +d39f2e53369ca6762a3d9787e230e832aa85955af40ecb8deebb009a8cf474 ~~~ ### POPRF Mode ~~~ Seed = a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a -3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a 3a3 KeyInfo = 74657374206b6579 -skSm = 01e0993daeb97f8fc8176089e4e6adb4c03dc9b18daf7e976ed7fa6f3cb89 -c40c6a84156f20371ef23bfe6e049423244d7d746c79ad380ac7fe285aba162419e9 -012 -pkSm = 0301264d23f5d1d615f9747d2a7177a419dabde6ca0f5a047979dbe9bce33 -7241b7d2959025476f354c4f57017363d667b83b691fad8c172959963e6000de9533 -f187a +skSm = 014893130030ce69cf714f536498a02ff6b396888f9bb507985c32928c442 +7d6d39de10ef509aca4240e8569e3a88debc0d392e3361bcd934cb9bdd59e339dff7 +b27 +pkSm = 0301de8ceb9ffe9237b1bba87c320ea0bebcfc3447fe6f278065c6c69886d +692d1126b79b6844f829940ace9b52a5e26882cf7cbc9e57503d4cca3cd834584729 +f812a ~~~ #### Test Vector 1, Batch Size 1 @@ -2694,22 +2698,22 @@ Info = 7465737420696e666f Blind = 00d1dccf7a51bafaf75d4a866d53d8cafe4d504650f53df8f16f68616333 88936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7a d364 -BlindedElement = 0200e36b187060fef4f4cfef21cdb4ef8b5793a1bf44da95229 -062303688d4cf6a50c16b7c943c79d91357223b56866351a17a9c7f49730fd28add9 -301d399c0cf206c -EvaluationElement = 03014e216c05cf1d108829946891cc44693b0a411851a03f -c439130054d920eb8ad596a4dfa5314f68d298a094777855aa55c98480575a3816cf -ac52f838693e0e7fe5 -Proof = 00c5a46ff1e7d8cd2711daf8ec8752451c4c7ed815f3e8d51db64f1eed83 -a7cc33f0f99ce067676c478bd616a9ef6377994e4bd69051424a576a4e26f0ec7ed8 -1fd000b7ae1eaee9e5b6991afdbb2c9c29a04e2ab3a2066df89308410a59267a60a2 -2a47666de009646c78e9094c9f4de177a620e97f63e35ada0c8b438b4605248c9087 +BlindedElement = 020095cff9d7ecf65bdfee4ea92d6e748d60b02de34ad98094f +82e25d33a8bf50138ccc2cc633556f1a97d7ea9438cbb394df612f041c485a515849 +d5ebb2238f2f0e2 +EvaluationElement = 0301408e9c5be3ffcc1c16e5ae8f8aa68446223b0804b119 +62e856af5a6d1c65ebbb5db7278c21db4e8cc06d89a35b6804fb1738a295b691638a +f77aa1327253f26d01 +Proof = 0106a89a61eee9dd2417d2849a8e2167bc5f56e3aed5a3ff23e22511fa1b +37a29ed44d1bbfd6907d99cfbc558a56aec709282415a864a281e49dc53792a4a638 +a0660034306d64be12a94dcea5a6d664cf76681911c8b9a84d49bf12d4893307ec14 +436bd05f791f82446c0de4be6c582d373627b51886f76c4788256e3da7ec8fa18a86 ProofRandomScalar = 015e80ae32363b32cb76ad4b95a5a34e46bb803d955f0e07 3a04aa5d92b3fb739f56f9db001266677f62c095021db018cd8cbb55941d4073698c e45c405d1348b7b1 -Output = 3be90ca19fbe2fc250de62792c7cf4b6b5555c8655fce1694fc7563d5d4 -c5001efd1e91fbbaea31d75e33dbdefe57420c395f1ac805cc0095c4d81a0beddcb0 -1 +Output = 808ae5b87662eaaf0b39151dd85991b94c96ef214cb14a68bf5c1439548 +82d330da8953a80eea20788e552bc8bbbfff3100e89f9d6e341197b122c46a208733 +b ~~~ #### Test Vector 2, Batch Size 1 @@ -2720,22 +2724,22 @@ Info = 7465737420696e666f Blind = 00d1dccf7a51bafaf75d4a866d53d8cafe4d504650f53df8f16f68616333 88936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7a d364 -BlindedElement = 0300357933cc17cdcce862b794a4161d8eb10d23009695639e3 -fdc8dffc235e19e92e0a3d3c7c6249dd9dcd02da0a8f061d89b6809d3292951ee0e9 -ead21a62d1335fe -EvaluationElement = 0300a5132ae9c429dd33b25c051f45451c6e54e154d698c3 -f3d8820bd9607e7a65762911c647b3460be166f37ba443bf000b23552298f14e0555 -b3f0ddf0e900e1d38c -Proof = 0004f0791cbe6ac6f4074834e172beedea19ecd3a2c504a71fd870b42314 -d3b072633a8265c774668274dcbcaebf1726768fab4edec69a33a7d37095ebef3e1b -b44900f0a175b56ceeae8a87bc5553405e0b030ebcf8303befc5890c8afa1e61fd41 -66480ff428eae4193f12bbf1fc31d5d7196ce8692e37bc9a63cdf4c9fafe10a2dc9a +BlindedElement = 030112ea89cf9cf589496189eafc5f9eb13c9f9e170d6ecde7c +5b940541cb1a9c5cfeec908b67efe16b81ca00d0ce216e34b3d5f46a658d3fd8573d +671bdb6515ed508 +EvaluationElement = 0200ebc49df1e6fa61f412e6c391e6f074400ecdd2f56c4a +8c03fe0f91d9b551f40d4b5258fd891952e8c9b28003bcfa365122e54a5714c8949d +5d202767b31b4bf1f6 +Proof = 0082162c71a7765005cae202d4bd14b84dae63c29067e886b82506992bd9 +94a1c3aac0c1c5309222fe1af8287b6443ed6df5c2e0b0991faddd3564c73c7597ae +cd9a003b1f1e3c65f28e58ab4e767cfb4adbcaf512441645f4c2aed8bf67d132d966 +006d35fa71a34145414bf3572c1de1a46c266a344dd9e22e7fb1e90ffba1caf556d9 ProofRandomScalar = 015e80ae32363b32cb76ad4b95a5a34e46bb803d955f0e07 3a04aa5d92b3fb739f56f9db001266677f62c095021db018cd8cbb55941d4073698c e45c405d1348b7b1 -Output = 1d90446522e3c131e90be2e4f372959ae5ab4f25ca98e83e5e62d6336c4 -8b5ec22fc6083d2b050cad2bbc22ae7115c2b934d965ffe74aaa43c905cd2af76728 -d +Output = 27032e24b1a52a82ab7f4646f3c5df0f070f499db98b9c5df33972bd5af +5762c3638afae7912a6c1acdb1ae2ab2fa670bd5486c645a0e55412e08d33a4a0d6e +3 ~~~ #### Test Vector 3, Batch Size 2 @@ -2748,25 +2752,26 @@ Blind = 00d1dccf7a51bafaf75d4a866d53d8cafe4d504650f53df8f16f68616333 d364,015e80ae32363b32cb76ad4b95a5a34e46bb803d955f0e073a04aa5d92b3fb7 39f56f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b 1 -BlindedElement = 0200e36b187060fef4f4cfef21cdb4ef8b5793a1bf44da95229 -062303688d4cf6a50c16b7c943c79d91357223b56866351a17a9c7f49730fd28add9 -301d399c0cf206c,03007530916e8ec76199429667a82ca4df65b913d8b1fb157319 -e73706f118b4f46047c01b7da024bdf5a06f2f4e879b1a1cd3fcb1ca2c37ce158cc8 -625e76b3bb1cc4 -EvaluationElement = 03014e216c05cf1d108829946891cc44693b0a411851a03f -c439130054d920eb8ad596a4dfa5314f68d298a094777855aa55c98480575a3816cf -ac52f838693e0e7fe5,0200005cf5e719b3066dcf0fbd6228bc921cebccc49feb1ac -be9d9c4c88f4169e1d0d5408f92ad9f599c2f5f6d7d4c6e575e86f64c4eead2bb9b3 -e8e04d141a90b7382 -Proof = 00d846f4a2a7722fe6a24e7257e43d88c3e01977282fba352c08fd38b69b -f1df64f90660b03b73abba50cb389af3d602da66411401d3c9f87bcb6363d6406e0a -cad3018a44bcda83524d4a48f0ed96ebca96d7626b634ba28fcba0c21956fc90c516 -859df8ba6edeb7a44daeeec51c3a56b79c1f9e211e9974e5f293ade221523953d12f +BlindedElement = 020095cff9d7ecf65bdfee4ea92d6e748d60b02de34ad98094f +82e25d33a8bf50138ccc2cc633556f1a97d7ea9438cbb394df612f041c485a515849 +d5ebb2238f2f0e2,0201a328cf9f3fdeb86b6db242dd4cbb436b3a488b70b72d2fbb +d1e5f50d7b0878b157d6f278c6a95c488f3ad52d6898a421658a82fe7ceb000b01ae +dea7967522d525 +EvaluationElement = 0301408e9c5be3ffcc1c16e5ae8f8aa68446223b0804b119 +62e856af5a6d1c65ebbb5db7278c21db4e8cc06d89a35b6804fb1738a295b691638a +f77aa1327253f26d01,020062ab51ac3aa829e0f5b7ae50688bcf5f63a18a83a6e0d +a538666b8d50c7ea2b4ef31f4ac669302318dbebe46660acdda695da30c22cee7ca2 +1f6984a720504502e +Proof = 00731738844f739bca0cca9d1c8bea204bed4fd00285785738b985763741 +de5cdfa275152d52b6a2fdf7792ef3779f39ba34581e56d62f78ecad5b7f8083f384 +961501cd4b43713253c022692669cf076b1d382ecd8293c1de69ea569737f37a2477 +2ab73517983c1e3db5818754ba1f008076267b8058b6481949ae346cdc17a8455fe2 ProofRandomScalar = 01ec21c7bb69b0734cb48dfd68433dd93b0fa097e722ed24 27de86966910acba9f5c350e8040f828bf6ceca27405420cdf3d63cb3aef005f40ba 51943c8026877963 -Output = 3be90ca19fbe2fc250de62792c7cf4b6b5555c8655fce1694fc7563d5d4 -c5001efd1e91fbbaea31d75e33dbdefe57420c395f1ac805cc0095c4d81a0beddcb0 -1,1d90446522e3c131e90be2e4f372959ae5ab4f25ca98e83e5e62d6336c48b5ec22 -fc6083d2b050cad2bbc22ae7115c2b934d965ffe74aaa43c905cd2af76728d +Output = 808ae5b87662eaaf0b39151dd85991b94c96ef214cb14a68bf5c1439548 +82d330da8953a80eea20788e552bc8bbbfff3100e89f9d6e341197b122c46a208733 +b,27032e24b1a52a82ab7f4646f3c5df0f070f499db98b9c5df33972bd5af5762c36 +38afae7912a6c1acdb1ae2ab2fa670bd5486c645a0e55412e08d33a4a0d6e3 ~~~ + diff --git a/poc/h2c b/poc/h2c index 22620573..6d40f989 160000 --- a/poc/h2c +++ b/poc/h2c @@ -1 +1 @@ -Subproject commit 22620573aae2395ce6f335d4b217a83d2f3511b1 +Subproject commit 6d40f9890a5eb63ebfa0da9e49678e140e11f755 diff --git a/poc/oprf.sage b/poc/oprf.sage index 1c5c2bb4..6ceba76d 100644 --- a/poc/oprf.sage +++ b/poc/oprf.sage @@ -14,11 +14,33 @@ except ImportError as e: _as_bytes = lambda x: x if isinstance(x, bytes) else bytes(x, "utf-8") +Ciphersuite = namedtuple("Ciphersuite", ["name", "identifier", "group", "H", "hash"]) + +ciphersuite_ristretto255_sha512 = "ristretto255-SHA512" +ciphersuite_decaf448_shake256 = "decaf448-SHAKE256" +ciphersuite_p256_sha256 = "P256-SHA256" +ciphersuite_p384_sha384 = "P384-SHA384" +ciphersuite_p521_sha512 = "P521-SHA512" + +oprf_ciphersuites = { + ciphersuite_ristretto255_sha512: Ciphersuite("OPRF(ristretto255, SHA-512)", ciphersuite_ristretto255_sha512, GroupRistretto255(), hashlib.sha512, lambda x : hashlib.sha512(x).digest()), + ciphersuite_decaf448_shake256: Ciphersuite("OPRF(decaf448, SHAKE256)", ciphersuite_decaf448_shake256, GroupDecaf448(), hashlib.shake_256, lambda x : hashlib.shake_256(x).digest(int(64))), + ciphersuite_p256_sha256: Ciphersuite("OPRF(P-256, SHA-256)", ciphersuite_p256_sha256, GroupP256(), hashlib.sha256, lambda x : hashlib.sha256(x).digest()), + ciphersuite_p384_sha384: Ciphersuite("OPRF(P-384, SHA-384)", ciphersuite_p384_sha384, GroupP384(), hashlib.sha384, lambda x : hashlib.sha384(x).digest()), + ciphersuite_p521_sha512: Ciphersuite("OPRF(P-521, SHA-512)", ciphersuite_p521_sha512, GroupP521(), hashlib.sha512, lambda x : hashlib.sha512(x).digest()), +} + +def identifer_to_suite(identifier): + if identifier not in oprf_ciphersuites: + raise Exception("Unknown ciphersuite") + return oprf_ciphersuites[identifier] + class Context(object): - def __init__(self, version, mode, suite): + def __init__(self, version, mode, identifier): + self.suite = identifer_to_suite(identifier) self.mode = mode - self.suite = suite - self.context_string = _as_bytes(version) + I2OSP(self.mode, 1) + I2OSP(self.suite.identifier, 2) + self.identifier = identifier + self.context_string = _as_bytes(version) + I2OSP(self.mode, 1) + _as_bytes("-") + _as_bytes(identifier) def group_domain_separation_tag(self): return _as_bytes("HashToGroup-") + self.context_string @@ -38,9 +60,6 @@ class OPRFClientContext(Context): def __init__(self, version, mode, suite): Context.__init__(self, version, mode, suite) - def identifier(self): - return self.identifier - def blind(self, x, rng): blind = ZZ(self.suite.group.random_scalar(rng)) input_element = self.suite.group.hash_to_group(x, self.group_domain_separation_tag()) @@ -401,11 +420,11 @@ class POPRFServerContext(VOPRFServerContext): MODE_OPRF = 0x00 MODE_VOPRF = 0x01 MODE_POPRF = 0x02 +VERSION = "OPRFV1-" -VERSION = "VOPRF10-" - -def DeriveKeyPair(mode, suite, seed, info): - ctx = Context(VERSION, mode, suite) +def DeriveKeyPair(mode, identifier, seed, info): + ctx = Context(VERSION, mode, identifier) + suite = identifer_to_suite(identifier) deriveInput = seed + I2OSP(len(info), 2) + info counter = 0 skS = ZZ(0) @@ -418,36 +437,20 @@ def DeriveKeyPair(mode, suite, seed, info): pkS = skS * suite.group.generator() return skS, pkS -def SetupOPRFServer(suite, skS): - return OPRFServerContext(VERSION, MODE_OPRF, suite, skS, None) +def SetupOPRFServer(identifier, skS): + return OPRFServerContext(VERSION, MODE_OPRF, identifier, skS, None) -def SetupOPRFClient(suite): - return OPRFClientContext(VERSION, MODE_OPRF, suite) +def SetupOPRFClient(identifier): + return OPRFClientContext(VERSION, MODE_OPRF, identifier) -def SetupVOPRFServer(suite, skS, pkS): - return VOPRFServerContext(VERSION, MODE_VOPRF, suite, skS, pkS) +def SetupVOPRFServer(identifier, skS, pkS): + return VOPRFServerContext(VERSION, MODE_VOPRF, identifier, skS, pkS) -def SetupVOPRFClient(suite, pkS): - return VOPRFClientContext(VERSION, MODE_VOPRF, suite, pkS) +def SetupVOPRFClient(identifier, pkS): + return VOPRFClientContext(VERSION, MODE_VOPRF, identifier, pkS) -def SetupPOPRFServer(suite, skS, pkS): - return POPRFServerContext(VERSION, MODE_POPRF, suite, skS, pkS) +def SetupPOPRFServer(identifier, skS, pkS): + return POPRFServerContext(VERSION, MODE_POPRF, identifier, skS, pkS) -def SetupPOPRFClient(suite, pkS): - return POPRFClientContext(VERSION, MODE_POPRF, suite, pkS) - -Ciphersuite = namedtuple("Ciphersuite", ["name", "identifier", "group", "H", "hash"]) - -ciphersuite_ristretto255_sha512 = 0x0001 -ciphersuite_decaf448_shake256 = 0x0002 -ciphersuite_p256_sha256 = 0x0003 -ciphersuite_p384_sha384 = 0x0004 -ciphersuite_p521_sha512 = 0x0005 - -oprf_ciphersuites = { - ciphersuite_ristretto255_sha512: Ciphersuite("OPRF(ristretto255, SHA-512)", ciphersuite_ristretto255_sha512, GroupRistretto255(), hashlib.sha512, lambda x : hashlib.sha512(x).digest()), - ciphersuite_decaf448_shake256: Ciphersuite("OPRF(decaf448, SHAKE256)", ciphersuite_decaf448_shake256, GroupDecaf448(), hashlib.shake_256, lambda x : hashlib.shake_256(x).digest(int(64))), - ciphersuite_p256_sha256: Ciphersuite("OPRF(P-256, SHA-256)", ciphersuite_p256_sha256, GroupP256(), hashlib.sha256, lambda x : hashlib.sha256(x).digest()), - ciphersuite_p384_sha384: Ciphersuite("OPRF(P-384, SHA-384)", ciphersuite_p384_sha384, GroupP384(), hashlib.sha384, lambda x : hashlib.sha384(x).digest()), - ciphersuite_p521_sha512: Ciphersuite("OPRF(P-521, SHA-512)", ciphersuite_p521_sha512, GroupP521(), hashlib.sha512, lambda x : hashlib.sha512(x).digest()), -} +def SetupPOPRFClient(identifier, pkS): + return POPRFClientContext(VERSION, MODE_POPRF, identifier, pkS) diff --git a/poc/test_oprf.sage b/poc/test_oprf.sage index ebc627f3..69c465c1 100644 --- a/poc/test_oprf.sage +++ b/poc/test_oprf.sage @@ -11,7 +11,7 @@ try: SetupOPRFServer, SetupOPRFClient, MODE_OPRF, \ SetupVOPRFServer, SetupVOPRFClient, MODE_VOPRF, \ SetupPOPRFServer, SetupPOPRFClient, MODE_POPRF, \ - oprf_ciphersuites, _as_bytes, \ + _as_bytes, \ ciphersuite_ristretto255_sha512, \ ciphersuite_decaf448_shake256, \ ciphersuite_p256_sha256, \ @@ -40,26 +40,27 @@ test_suites = [ ] class Protocol(object): - def __init__(self, suite, mode, info): + def __init__(self, identifier, mode, info): self.inputs = [b'\x00', b'\x5A'*17] - self.suite = suite + self.identifier = identifier self.mode = mode self.info = info self.key_info = _as_bytes("test key") - self.seed = b'\xA3' * suite.group.scalar_byte_length() - skS, pkS = DeriveKeyPair(self.mode, self.suite, self.seed, self.key_info) + self.seed = b'\xA3' * 32 + skS, pkS = DeriveKeyPair(self.mode, self.identifier, self.seed, self.key_info) if mode == MODE_OPRF: - self.server = SetupOPRFServer(suite, skS) - self.client = SetupOPRFClient(suite) + self.server = SetupOPRFServer(identifier, skS) + self.client = SetupOPRFClient(identifier) elif mode == MODE_VOPRF: - self.server = SetupVOPRFServer(suite, skS, pkS) - self.client = SetupVOPRFClient(suite, pkS) + self.server = SetupVOPRFServer(identifier, skS, pkS) + self.client = SetupVOPRFClient(identifier, pkS) elif mode == MODE_POPRF: - self.server = SetupPOPRFServer(suite, skS, pkS) - self.client = SetupPOPRFClient(suite, pkS) + self.server = SetupPOPRFServer(identifier, skS, pkS) + self.client = SetupPOPRFClient(identifier, pkS) else: raise Exception("bad mode") + self.suite = self.client.suite def run(self): group = self.client.suite.group @@ -147,8 +148,7 @@ class Protocol(object): vectors.append(create_batched_test_vector_for_inputs(self.inputs, self.info)) vecSuite = {} - vecSuite["suiteName"] = self.suite.name - vecSuite["suiteID"] = int(self.suite.identifier) + vecSuite["identifier"] = self.identifier vecSuite["mode"] = int(self.mode) vecSuite["hash"] = self.suite.H().name.upper() vecSuite["keyInfo"] = to_hex(self.key_info) @@ -246,13 +246,12 @@ mode_map = { def main(path="vectors"): allVectors = {} - for suite_id in test_suites: - suite = oprf_ciphersuites[suite_id] + for identifier in test_suites: suiteVectors = {} for mode in [MODE_OPRF, MODE_VOPRF, MODE_POPRF]: - protocol = Protocol(suite, mode, _as_bytes("test info")) + protocol = Protocol(identifier, mode, _as_bytes("test info")) suiteVectors[str(mode)] = protocol.run() - allVectors[suite.name] = suiteVectors + allVectors[identifier] = suiteVectors flatVectors = [] for suite in allVectors: diff --git a/poc/vectors/allVectors.json b/poc/vectors/allVectors.json index d68159ae..4b215426 100644 --- a/poc/vectors/allVectors.json +++ b/poc/vectors/allVectors.json @@ -1,644 +1,629 @@ [ { - "groupDST": "48617368546f47726f75702d564f50524631302d000001", + "groupDST": "48617368546f47726f75702d4f50524656312d002d72697374726574746f3235352d534841353132", "hash": "SHA512", + "identifier": "ristretto255-SHA512", "keyInfo": "74657374206b6579", "mode": 0, "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", - "skSm": "e617ae6f2d10de61e16cab73023c5a2df74335d13f89470957214664468d2e0b", - "suiteID": 1, - "suiteName": "OPRF(ristretto255, SHA-512)", + "skSm": "5ebcea5ee37023ccb9fc2d2019f9d7737be85591ae8652ffa9ef0f4d37063b0e", "vectors": [ { "Batch": 1, "Blind": "64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec4c1f6706", - "BlindedElement": "c83d0d8a3e80be2ced8bf35c5f3e24d42260ca8fa9a0403ca83033588c26614d", - "EvaluationElement": "b29ca44d6dfafc77a50b72abc53cfb7abcbe9cf6714afc76893ee8dcaf053b59", + "BlindedElement": "609a0ae68c15a3cf6903766461307e5c8bb2f95e7e6550e1ffa2dc99e412803c", + "EvaluationElement": "7ec6578ae5120958eb2db1745758ff379e77cb64fe77b0b2d8cc917ea0869c7e", "Input": "00", - "Output": "8a19c9b8f4459d541ebbfff4e29f36620e44e825a27b0f2e3a3c0d8e963588ee04348312dc8b43a48c41d4e7d904f95c91813a6b4f624392433f0568409da628" + "Output": "527759c3d9366f277d8c6020418d96bb393ba2afb20ff90df23fb7708264e2f3ab9135e3bd69955851de4b1f9fe8a0973396719b7912ba9ee8aa7d0b5e24bcf6" }, { "Batch": 1, "Blind": "64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec4c1f6706", - "BlindedElement": "8673ffd2f26b2579922fc485c77e106def00982e0abb233b4c6e54841d43ba29", - "EvaluationElement": "68ed7037846f48a1b4073a0d110f6e4de8f53ab845365c0f3d7f1b67caa39126", + "BlindedElement": "da27ef466870f5f15296299850aa088629945a17d1f5b7f5ff043f76b3c06418", + "EvaluationElement": "b4cbf5a4f1eeda5a63ce7b77c7d23f461db3fcab0dd28e4e17cecb5c90d02c25", "Input": "5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "bcdbd421c0863495d63d81a868858f34f5215437c5777072a92703f36b36c4a2d3e7e54a5762e70b06223527c211e2d4364481270f72971a2db8b7ab8fad84ee" + "Output": "f4a74c9c592497375e796aa837e907b1a045d34306a749db9f34221f7e750cb4f2a6413a6bf6fa5e19ba6348eb673934a722a7ede2e7621306d18951e7cf2c73" } ] }, { - "groupDST": "48617368546f47726f75702d564f50524631302d010001", + "groupDST": "48617368546f47726f75702d4f50524656312d012d72697374726574746f3235352d534841353132", "hash": "SHA512", + "identifier": "ristretto255-SHA512", "keyInfo": "74657374206b6579", "mode": 1, - "pkSm": "c00fbee6832a8e5d6cc1d1a23315daf6a6018f19e29ba37b05499259da854b48", + "pkSm": "c803e2cc6b05fc15064549b5920659ca4a77b2cca6f04f6b357009335476ad4e", "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", - "skSm": "a3b8dea4a99be2469da7f7d2d93fe5f2867317d6705350475d47739c7214da07", - "suiteID": 1, - "suiteName": "OPRF(ristretto255, SHA-512)", + "skSm": "e6f73f344b79b379f1a0dd37e07ff62e38d9f71345ce62ae3a9bc60b04ccd909", "vectors": [ { "Batch": 1, "Blind": "64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec4c1f6706", - "BlindedElement": "6cce2c7913f4c8c0ac44ec149a1544b0e711e1630753d4efc7c5fe36a4d50638", - "EvaluationElement": "826f2f3e553a039bcd69c9df6cb166e7943fd207089ae7041f6041322ce7033a", + "BlindedElement": "863f330cc1a1259ed5a5998a23acfd37fb4351a793a5b3c090b642ddc439b945", + "EvaluationElement": "aa8fa048764d5623868679402ff6108d2521884fa138cd7f9c7669a9a014267e", "Input": "00", - "Output": "4d5dd83db5bfd850e3e0c17519f1013aab904e7b131dc1ded31f7a76aacf040f6b344b0e635cf6df30771a35157e0e3d9539f7a891b48cd8521692b15c51538d", + "Output": "b58cfbe118e0cb94d79b5fd6a6dafb98764dff49c14e1770b566e42402da1a7da4d8527693914139caee5bd03903af43a491351d23b430948dd50cde10d32b3c", "Proof": { - "proof": "2e541a6962e783d2f42d5f4fb1364e51c368e95e83a962614714e9dfe21a720cd8c8eb8106131b4a758b5a0987d3870adb348f5eae7b4a2bc26735928cc4b90c", + "proof": "ddef93772692e535d1a53903db24367355cc2cc78de93b3be5a8ffcc6985dd066d4346421d17bf5117a2a1ff0fcb2a759f58a539dfbe857a40bce4cf49ec600d", "r": "222a5e897cf59db8145db8d16e597e8facb80ae7d4e26d9881aa6f61d645fc0e" } }, { "Batch": 1, "Blind": "64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec4c1f6706", - "BlindedElement": "6a4e632b76a2cfcb0295ee74098a15a3e858f6006fd9fa8576a5813e051ac134", - "EvaluationElement": "2cb879d933a1af46c77e89f3f39a38f80347bf4716da3dc307c8aa1282179823", + "BlindedElement": "cc0b2a350101881d8a4cba4c80241d74fb7dcbfde4a61fde2f91443c2bf9ef0c", + "EvaluationElement": "60a59a57208d48aca71e9e850d22674b611f752bed48b36f7a91b372bd7ad468", "Input": "5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "5c3fe06ef39905710a124df0727c6c938f48234b35ccc4548c0736d7f6f36e6b7333a9aefc93d6b1ee20151a40bce453866b62cf5d41799982fee61006809159", + "Output": "8a9a2f3c7f085b65933594309041fc1898d42d0858e59f90814ae90571a6df60356f4610bf816f27afdd84f47719e480906d27ecd994985890e5f539e7ea74b6", "Proof": { - "proof": "eabae3489c46b9e9a8da0cc921d2bc2960ef5fb0b38c8f067cc5c21f62f4eb0ff5472009aec126f543b6051b5d62ccbf2625aab6684076c26cfdf0904257090c", + "proof": "401a0da6264f8cf45bb2f5264bc31e109155600babb3cd4e5af7d181a2c9dc0a67154fabf031fd936051dec80b0b6ae29c9503493dde7393b722eafdf5a50b02", "r": "222a5e897cf59db8145db8d16e597e8facb80ae7d4e26d9881aa6f61d645fc0e" } }, { "Batch": 2, "Blind": "64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec4c1f6706,222a5e897cf59db8145db8d16e597e8facb80ae7d4e26d9881aa6f61d645fc0e", - "BlindedElement": "6cce2c7913f4c8c0ac44ec149a1544b0e711e1630753d4efc7c5fe36a4d50638,aa9908e4c40b7fe5f091cf0f7fb8ec75ffdaaf2d19512b7b9939f0ffaaa0654f", - "EvaluationElement": "826f2f3e553a039bcd69c9df6cb166e7943fd207089ae7041f6041322ce7033a,902ef95488cc3c47fe569bc96c922a4ae3f9ebd8ccbc71bfefa5f1e7da9ab953", + "BlindedElement": "863f330cc1a1259ed5a5998a23acfd37fb4351a793a5b3c090b642ddc439b945,90a0145ea9da29254c3a56be4fe185465ebb3bf2a1801f7124bbbadac751e654", + "EvaluationElement": "aa8fa048764d5623868679402ff6108d2521884fa138cd7f9c7669a9a014267e,cc5ac221950a49ceaa73c8db41b82c20372a4c8d63e5dded2db920b7eee36a2a", "Input": "00,5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "4d5dd83db5bfd850e3e0c17519f1013aab904e7b131dc1ded31f7a76aacf040f6b344b0e635cf6df30771a35157e0e3d9539f7a891b48cd8521692b15c51538d,5c3fe06ef39905710a124df0727c6c938f48234b35ccc4548c0736d7f6f36e6b7333a9aefc93d6b1ee20151a40bce453866b62cf5d41799982fee61006809159", + "Output": "b58cfbe118e0cb94d79b5fd6a6dafb98764dff49c14e1770b566e42402da1a7da4d8527693914139caee5bd03903af43a491351d23b430948dd50cde10d32b3c,8a9a2f3c7f085b65933594309041fc1898d42d0858e59f90814ae90571a6df60356f4610bf816f27afdd84f47719e480906d27ecd994985890e5f539e7ea74b6", "Proof": { - "proof": "d9bfee92cd7496cdf469947b534549ceb79ebd7b5695d20437b3e14758cfde0998eaa13a480cc35b562cbfb1412b1677650cd901b5fb4d6805581a95b440320f", + "proof": "cc203910175d786927eeb44ea847328047892ddf8590e723c37205cb74600b0a5ab5337c8eb4ceae0494c2cf89529dcf94572ed267473d567aeed6ab873dee08", "r": "419c4f4f5052c53c45f3da494d2b67b220d02118e0857cdbcf037f9ea84bbe0c" } } ] }, { - "groupDST": "48617368546f47726f75702d564f50524631302d020001", + "groupDST": "48617368546f47726f75702d4f50524656312d022d72697374726574746f3235352d534841353132", "hash": "SHA512", + "identifier": "ristretto255-SHA512", "keyInfo": "74657374206b6579", "mode": 2, - "pkSm": "e001954ccd18ec5aa89bcbf26c03d84dc4d9c9b973d9f06b1e0ceb7b79f41d65", + "pkSm": "c647bef38497bc6ec077c22af65b696efa43bff3b4a1975a3e8e0a1c5a79d631", "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", - "skSm": "024eaeb72e5b3729d7f19d90aa44e3d2f4c445fb29011ffd755655636f2b100a", - "suiteID": 1, - "suiteName": "OPRF(ristretto255, SHA-512)", + "skSm": "145c79c108538421ac164ecbe131942136d5570b16d8bf41a24d4337da981e07", "vectors": [ { "Batch": 1, "Blind": "64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec4c1f6706", - "BlindedElement": "009ffa1ffc529e4f1d3d8de1c06d22fbb15e39920a72ad4efed6c39af9438a2d", - "EvaluationElement": "aa9af25bf4edead5e2e0a4b8f93db9b497017f93cf68c75045f02172bfc5d304", + "BlindedElement": "c8713aa89241d6989ac142f22dba30596db635c772cbf25021fdd8f3d461f715", + "EvaluationElement": "1a4b860d808ff19624731e67b5eff20ceb2df3c3c03b906f5693e2078450d874", "Info": "7465737420696e666f", "Input": "00", - "Output": "e7ed59e3f808c369598961ebfd9af74272894e0904d1c11653a21b08204dba1a5fb5c3dd6be6c419190a84b576d91eb3d8d920d450fee0427fd24524950d72d6", + "Output": "ca688351e88afb1d841fde4401c79efebb2eb75e7998fa9737bd5a82a152406d38bd29f680504e54fd4587eddcf2f37a2617ac2fbd2993f7bdf45442ace7d221", "Proof": { - "proof": "bb893ccce54685a871185bb056cb5e0594d09d3b53f2f879de06a650b8aeff08371f2ff9f3d5cac7f393cc37b2c71c2a6fbb80f35fe36b8e5cbddf11469c8e03", + "proof": "41ad1a291aa02c80b0915fbfbb0c0afa15a57e2970067a602ddb9e8fd6b7100de32e1ecff943a36f0b10e3dae6bd266cdeb8adf825d86ef27dbc6c0e30c52206", "r": "222a5e897cf59db8145db8d16e597e8facb80ae7d4e26d9881aa6f61d645fc0e" } }, { "Batch": 1, "Blind": "64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec4c1f6706", - "BlindedElement": "5e009e08e228f95ee3703cff60a1d54225bb282bdb6d7dc9a78e287f8418315a", - "EvaluationElement": "2e528236481eb6d87b07ef5f8c17910323d04b3bf0cb2f2d23d5a7ad9f069b22", + "BlindedElement": "f0f0b209dd4d5f1844dac679acc7761b91a2e704879656cb7c201e82a99ab07d", + "EvaluationElement": "8c3c9d064c334c6991e99f286ea2301d1bde170b54003fb9c44c6d7bd6fc1540", "Info": "7465737420696e666f", "Input": "5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "9a0d8c55e2fef4bada9fb5877a0e739496e539a0d835722911dab9ec112397e763a605acbc072619e8b8acefb8ee704a357556edc802648089d684baa763ce14", + "Output": "7c6557b276a137922a0bcfc2aa2b35dd78322bd500235eb6d6b6f91bc5b56a52de2d65612d503236b321f5d0bebcbc52b64b92e426f29c9b8b69f52de98ae507", "Proof": { - "proof": "3796381ab287189839288bbaffc971eb87c3a28226fa99dc83b363adb2f4b20e4ae81fb675ebcd43d13918f71846cb488d0ce7d473bfca68450a5a5472564500", + "proof": "4c39992d55ffba38232cdac88fe583af8a85441fefd7d1d4a8d0394cd1de77018bf135c174f20281b3341ab1f453fe72b0293a7398703384bed822bfdeec8908", "r": "222a5e897cf59db8145db8d16e597e8facb80ae7d4e26d9881aa6f61d645fc0e" } }, { "Batch": 2, "Blind": "64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec4c1f6706,222a5e897cf59db8145db8d16e597e8facb80ae7d4e26d9881aa6f61d645fc0e", - "BlindedElement": "009ffa1ffc529e4f1d3d8de1c06d22fbb15e39920a72ad4efed6c39af9438a2d,1ee64b9e5148987ca6647ccddc11ef506231e986d5ce08ef9b8230871f840b3a", - "EvaluationElement": "aa9af25bf4edead5e2e0a4b8f93db9b497017f93cf68c75045f02172bfc5d304,3073794fd68f64432b4d1f24752c4398f0e81e00b5b5842e4635dd381331091b", + "BlindedElement": "c8713aa89241d6989ac142f22dba30596db635c772cbf25021fdd8f3d461f715,423a01c072e06eb1cce96d23acce06e1ea64a609d7ec9e9023f3049f2d64e50c", + "EvaluationElement": "1a4b860d808ff19624731e67b5eff20ceb2df3c3c03b906f5693e2078450d874,aa1f16e903841036e38075da8a46655c94fc92341887eb5819f46312adfc0504", "Info": "7465737420696e666f", "Input": "00,5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "e7ed59e3f808c369598961ebfd9af74272894e0904d1c11653a21b08204dba1a5fb5c3dd6be6c419190a84b576d91eb3d8d920d450fee0427fd24524950d72d6,9a0d8c55e2fef4bada9fb5877a0e739496e539a0d835722911dab9ec112397e763a605acbc072619e8b8acefb8ee704a357556edc802648089d684baa763ce14", + "Output": "ca688351e88afb1d841fde4401c79efebb2eb75e7998fa9737bd5a82a152406d38bd29f680504e54fd4587eddcf2f37a2617ac2fbd2993f7bdf45442ace7d221,7c6557b276a137922a0bcfc2aa2b35dd78322bd500235eb6d6b6f91bc5b56a52de2d65612d503236b321f5d0bebcbc52b64b92e426f29c9b8b69f52de98ae507", "Proof": { - "proof": "7d59db67715a9030d46ab50a614fb55927961c8d9322cb6973ef36775309810b9f4a670ba4b9321f5cf753be2a58dee0730cfabd12b8f25a8a342e158ae2b608", + "proof": "43fdb53be399cbd3561186ae480320caa2b9f36cca0e5b160c4a677b8bbf4301b28f12c36aa8e11e5a7ef551da0781e863a6dc8c0b2bf5a149c9e00621f02006", "r": "419c4f4f5052c53c45f3da494d2b67b220d02118e0857cdbcf037f9ea84bbe0c" } } ] }, { - "groupDST": "48617368546f47726f75702d564f50524631302d000002", + "groupDST": "48617368546f47726f75702d4f50524656312d002d64656361663434382d5348414b45323536", "hash": "SHAKE_256", + "identifier": "decaf448-SHAKE256", "keyInfo": "74657374206b6579", "mode": 0, - "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", - "skSm": "30f71e5b5be9c91dd54c5a48e82be8d47eeb2cb2c45d7874a45dddc85af8d3f95b1ce73a99c47edc26ac9ddd936bd9b6b73728995bf1d213", - "suiteID": 2, - "suiteName": "OPRF(decaf448, SHAKE-256)", + "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", + "skSm": "e8b1375371fd11ebeb224f832dcc16d371b4188951c438f751425699ed29ecc80c6c13e558ccd67634fd82eac94aa8d1f0d7fee990695d1e", "vectors": [ { "Batch": 1, "Blind": "64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec65fa3833a26e9388336361686ff1f83df55046504dfecad8549ba112", - "BlindedElement": "a4205d2af0410dccbd4464629ba1b835456d04d994cf93988cf2c3b9d45d3c4671c7625f52c66c760a069e2c3c367826debb13da089d735c", - "EvaluationElement": "e8d78cf5212fddf940f9f6fe02250ed83cc0595e3f0e74811cdb9f62c0fa7fea94c45795637dc5c3ac31ee1cff18d0d675396ae09b302f76", + "BlindedElement": "e0ae01c4095f08e03b19baf47ffdc19cb7d98e583160522a3c7d6a0b2111cd93a126a46b7b41b730cd7fc943d4e28e590ed33ae475885f6c", + "EvaluationElement": "50ce4e60eed006e22e7027454b5a4b8319eb2bc8ced609eb19eb3ad42fb19e06ba12d382cbe7ae342a0cad6ead0ef8f91f00bb7f0cd9c0a2", "Input": "00", - "Output": "1c1a9df7d0616e0f5fdfb6479acec73a4f5562da8f9488f3b6112ef11c67c5900e0abc3a169486ac7230a306c8796562a045c66305ed7cb2a3fae658e45eae4c" + "Output": "37d3f7922d9388a15b561de5829bbf654c4089ede89c0ce0f3f85bcdba09e382ce0ab3507e021f9e79706a1798ffeac68ebd5cf62e5eb9838c7068351d97ae37" }, { "Batch": 1, "Blind": "64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec65fa3833a26e9388336361686ff1f83df55046504dfecad8549ba112", - "BlindedElement": "ec5b609e5d3c0bb024c35256194694ea6e42aa24d13cf6b059749cb36911ccba0923cb73136acdf4bcecf23b6025f7b9b93d2eb0c09d964d", - "EvaluationElement": "524c3a644e381b4ae416724247f94b996f655167e0d4e1bad93cbc731c3beb36e3822e9dcbdc3600966226387a2306ba70eb68db5a64f92f", + "BlindedElement": "86a88dc5c6331ecfcb1d9aacb50a68213803c462e377577cacc00af28e15f0ddbc2e3d716f2f39ef95f3ec1314a2c64d940a9f295d8f13bb", + "EvaluationElement": "162e9fa6e9d527c3cd734a31bf122a34dbd5bcb7bb23651f1768a7a9274cc116c03b58afa6f0dede3994a60066c76370e7328e7062fd5819", "Input": "5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "95f519e8ff2b54d8d596da2c54829ae3dd900f5c18eef48efa03ef6694c505bea17b7982246c862d081b9fdcf295debc60abec8b0ddbfdf48bd302a3fe61b21e" + "Output": "a2a652290055cb0f6f8637a249ee45e32ef4667db0b4c80c0a70d2a64164d01525cfdad5d870a694ec77972b9b6ec5d2596a5223e5336913f945101f0137f55e" } ] }, { - "groupDST": "48617368546f47726f75702d564f50524631302d010002", + "groupDST": "48617368546f47726f75702d4f50524656312d012d64656361663434382d5348414b45323536", "hash": "SHAKE_256", + "identifier": "decaf448-SHAKE256", "keyInfo": "74657374206b6579", "mode": 1, - "pkSm": "78f4233110896fd41531fce182094c3bc4cf65f97b23078476b3b68118736617172d3735c5832081864e7c75cd3ddb449e93068b34ba863e", - "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", - "skSm": "44c46e78aa6386cee57a46c75d124b13ced3e5f055caa3baaad61501330a424463400453c97245a8f7b4c65f2c4c3dabd09a049c034f9e20", - "suiteID": 2, - "suiteName": "OPRF(decaf448, SHAKE-256)", + "pkSm": "945fc518c47695cf65217ace04b86ac5e4cbe26ca649d52854bb16c494ce09069d6add96b20d4b0ae311a87c9a73e3a146b525763ab2f955", + "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", + "skSm": "e3c01519a076a326a0eb566343e9b21c115fa18e6e85577ddbe890b33104fcc2835ddfb14a928dc3f5d79b936e17c76b99e0bf6a1680930e", "vectors": [ { "Batch": 1, "Blind": "64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec65fa3833a26e9388336361686ff1f83df55046504dfecad8549ba112", - "BlindedElement": "38b758b69dfaaff8576eaaabfe70801813d95eb098f85516bcd46a0f68d1ea8cc1dea3bc7c8d340ee77c5bbca6e7d723e51d77e0807acd0d", - "EvaluationElement": "7a8374bbae55dfc91e10a9d8042015419c505a6a8ac54e5b93867747eb04252aba316d9f750fa0c54458aa8c90e963a60af5ae6f141af8d2", + "BlindedElement": "7261bbc335c664ba788f1b1a1a4cd5190cc30e787ef277665ac1d314f8861e3ec11854ce3ddd42035d9e0f5cddde324c332d8c880abc00eb", + "EvaluationElement": "ca1491a526c28d880806cf0fb0122222392cf495657be6e4c9d203bceffa46c86406caf8217859d3fb259077af68e5d41b3699410781f467", "Input": "00", - "Output": "3db64b6f803391e7c9803135457da250eb29778480c30f29d53e9ff46c3ce5ba9555418fc28af347c18b77a990eb904d0043a3411837b6d316f749428a9a3704", + "Output": "e2ac40b634f36cccd8262b285adff7c9dcc19cd308564a5f4e581d1a8535773b86fa4fc9f2203c370763695c5093aea4a7aedec4488b1340ba3bf663a23098c1", "Proof": { - "proof": "2fd38cf9829c5f3fd294a5eb114356cd67cc5839cf797dc060273e07cf570dbabea029f0bf4675d84866865d1d146bfa38eff8195b59cf3c180bab30509061b9d02e70f709f085dc8c98c0924259c9a3463ef5ceb97105989941155b98bd7b03b1e1e538850139dc1a56beff1bb9401f", + "proof": "f84bbeee47aedf43558dae4b95b3853635a9fc1a9ea7eac9b454c64c66c4f49cd1c72711c7ac2e06c681e16ea693d5500bbd7b56455df52f69e00b76b4126961e1562fdbaaac40b7701065cbeece3febbfe09e00160f81775d36daed99d8a2a10be0759e01b7ee81217203416c9db208", "r": "b1b748135d405ce48c6973401d9455bb8ccd18b01d0295c0627f67661200dbf9569f73fbb3925daa043a070e5f953d80bb464ea369e5522b" } }, { "Batch": 1, "Blind": "64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec65fa3833a26e9388336361686ff1f83df55046504dfecad8549ba112", - "BlindedElement": "ea9b2d51579f5c07c5c511cf3bba888f5fc76d6ce29075a0b025adb3daf4b568045c28e6bd00442251597ba6264e59beaf46220d8405fff6", - "EvaluationElement": "f6d23094a82e33e231003a1ecdd4659029d613932b767451c607ec428315283fe0b121bf09d7c88cf2ed50910463e38383fb52e5562a87f0", + "BlindedElement": "88287e553939090b888ddc15913e1807dc4757215555e1c3a79488ef311594729c7fa74c772a732b78440b7d66d0aa35f3bb316f1d93e1b2", + "EvaluationElement": "c00978c73e8e4ee1d447ab0d3ad1754055e72cc85c08e3a0db170909a9c61cbff1f1e7015f289e3038b0f341faea5d7780c130106065c231", "Input": "5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "4dc9ec52b6aa7f1f38a320d10cb58e0d86b040f6376d2f178f42c99986fe932aca7162cb72dd94056724617979c0f7ea652b1492bbad1d82748a38ff4daf1298", + "Output": "862952380e07ec840d9f6e6f909c5a25d16c3dacb586d89a181b4aa7380c959baa8c480fe8e6c64e089d68ea7aeeb5817bd524d7577905b5bab487690048c941", "Proof": { - "proof": "104e45c171bd7ca9119af1091e3175c8af4e9efdbd4704b3d5a8dfc994659842ea021da27a9c1e0fbac369627eb5e9cf9e82964b7412081f15f6bfc5c68425f64f1a4dae420a03d582a6cfffc0fc4da71a145bb5305ae28985e15e067d28523578ea696205cea28cf5831abed3e40f37", + "proof": "7a2831a6b237e11ac1657d440df93bc5ce00f552e6020a99d5c956ffc4d07b5ade3e82ecdc257fd53d76239e733e0a1313e84ce16cc0d82734806092a693d7e8d3c420c2cb6ccd5d0ca32514fb78e9ad0973ebdcb52eba438fc73948d76339ee710121d83e2fe6f001cfdf551aff9f36", "r": "b1b748135d405ce48c6973401d9455bb8ccd18b01d0295c0627f67661200dbf9569f73fbb3925daa043a070e5f953d80bb464ea369e5522b" } }, { "Batch": 2, "Blind": "64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec65fa3833a26e9388336361686ff1f83df55046504dfecad8549ba112,b1b748135d405ce48c6973401d9455bb8ccd18b01d0295c0627f67661200dbf9569f73fbb3925daa043a070e5f953d80bb464ea369e5522b", - "BlindedElement": "38b758b69dfaaff8576eaaabfe70801813d95eb098f85516bcd46a0f68d1ea8cc1dea3bc7c8d340ee77c5bbca6e7d723e51d77e0807acd0d,5a788ef7949021b22da4a4e89b2443458c96fcbec8b66b08df885eec8fb4070fefe8b50e085e043c368cc05a9339b5ae31eb6482efc0d933", - "EvaluationElement": "7a8374bbae55dfc91e10a9d8042015419c505a6a8ac54e5b93867747eb04252aba316d9f750fa0c54458aa8c90e963a60af5ae6f141af8d2,0ac81e0e5b9fa6d90be58a6fc3fb4fde57e0efacbe210cebc2c85a6e934114b5e0e5ba4cc202bde7cd7708415cdcc2312a51fca6ad6f06bf", + "BlindedElement": "7261bbc335c664ba788f1b1a1a4cd5190cc30e787ef277665ac1d314f8861e3ec11854ce3ddd42035d9e0f5cddde324c332d8c880abc00eb,2e15f393c035492a1573627a3606e528c6294c767c8d43b8c691ef70a52cc7dc7d1b53fe458350a270abb7c231b87ba58266f89164f714d9", + "EvaluationElement": "ca1491a526c28d880806cf0fb0122222392cf495657be6e4c9d203bceffa46c86406caf8217859d3fb259077af68e5d41b3699410781f467,8ec68e9871b296e81c55647ce64a04fe75d19932f1400544cd601468c60f998408bbb546601d4a636e8be279e558d70b95c8d4a4f61892be", "Input": "00,5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "3db64b6f803391e7c9803135457da250eb29778480c30f29d53e9ff46c3ce5ba9555418fc28af347c18b77a990eb904d0043a3411837b6d316f749428a9a3704,4dc9ec52b6aa7f1f38a320d10cb58e0d86b040f6376d2f178f42c99986fe932aca7162cb72dd94056724617979c0f7ea652b1492bbad1d82748a38ff4daf1298", + "Output": "e2ac40b634f36cccd8262b285adff7c9dcc19cd308564a5f4e581d1a8535773b86fa4fc9f2203c370763695c5093aea4a7aedec4488b1340ba3bf663a23098c1,862952380e07ec840d9f6e6f909c5a25d16c3dacb586d89a181b4aa7380c959baa8c480fe8e6c64e089d68ea7aeeb5817bd524d7577905b5bab487690048c941", "Proof": { - "proof": "a221b134d99ba97cad98bf45341eeacd8a402a6e4c5ea5f93cee54ad0f2bee544f67d2859a5253cb9def403bfee9420a5224fad35e3f9a3fbb5f28f6b8abcb34130beaa158a41d1497aacc2f073b2da5471067bb832ec8044f417f528e2e6ccb897f992424220d608b5e7bbfd4257e1f", + "proof": "167d922f0a6ffa845eed07f8aa97b6ac746d902ecbeb18f49c009adc0521eab1e4d275b74a2dc266b7a194c854e85e7eb54a9a36376dfc04ec7f3bd55fc9618c3970cb548e064f8a2f06183a5702933dbc3e4c25a73438f2108ee1981c306181003c7ea92fce963ec7b4ba4f270e6d38", "r": "63798726803c9451ba405f00ef3acb633ddf0c420574a2ec6cbf28f840800e355c9fbaac10699686de2724ed22e797a00f3bd93d105a7f23" } } ] }, { - "groupDST": "48617368546f47726f75702d564f50524631302d020002", + "groupDST": "48617368546f47726f75702d4f50524656312d022d64656361663434382d5348414b45323536", "hash": "SHAKE_256", + "identifier": "decaf448-SHAKE256", "keyInfo": "74657374206b6579", "mode": 2, - "pkSm": "1223e0aec4ee5bc19181078be380cc745d1896e1369aed3cc8a45b40ba3f9aa1f79e23d542d6529e17465d1954d75e336910c6417de99200", - "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", - "skSm": "fdd59cb218c7fbdcd48b18ef21ab647a6c210110c765bc3da6c11e563671a48402c23129ce2ffd021d99da5a2d04158883c65d7f74a4901b", - "suiteID": 2, - "suiteName": "OPRF(decaf448, SHAKE-256)", + "pkSm": "6c9d12723a5bbcf305522cc04b4a34d9ced2e12831826018ea7b5dcf5452647ad262113059bf0f6e4354319951b9d513c74f29cb0eec38c1", + "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", + "skSm": "792a10dcbd3ba4a52a054f6f39186623208695301e7adb9634b74709ab22de402990eb143fd7c67ac66be75e0609705ecea800992aac8e19", "vectors": [ { "Batch": 1, "Blind": "64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec65fa3833a26e9388336361686ff1f83df55046504dfecad8549ba112", - "BlindedElement": "f86104fcefec6bdca7767bc3e6a2ac9de2b00546579fd50ff66687df531f7a2dfa8689a6cfdf91efc32d6fff490e722990752b7bc4bda28f", - "EvaluationElement": "76f27e6fa79cd38638e35f5caa5d641e41526fbfd9272c19be22dfc8cdd962e6d5d4e0c605c9bd6588eb9698a2bbf792a0827bb1116c8812", + "BlindedElement": "161183c13c6cb33b0e4f9b7365f8c5c12d13c72f8b62d276ca09368d093dce9b42198276b9e9d870ac392dda53efd28d1b7e6e8c060cdc42", + "EvaluationElement": "06ec89dfde25bb2a6f0145ac84b91ac277b35de39ad1d6f402a8e46414952ce0d9ea1311a4ece283e2b01558c7078b040cfaa40dd63b3e6c", "Info": "7465737420696e666f", "Input": "00", - "Output": "2a08f81bf204eb43a57dbc011946861ed715a2fd3d39a3b35e43c74d07d4734149ba163389a02f6cd33fbb5b84e167d35dca7a7dc00b89418398c255c8293ac6", + "Output": "4423f6dcc1740688ea201de57d76824d59cd6b859e1f9884b7eebc49b0b971358cf9cb075df1536a8ea31bcf55c3e31c2ba9cfa8efe54448d17091daeb9924ed", "Proof": { - "proof": "3a1b3400ad16e1562e731c64520fa5a3664c1487ffe6537e85029842904d3e01f9e7435b881ab9346847cc3470a2b37e6a10a4ef7bd36b2d06c602086a33252f39c562aab5820a66c3bdf9d72583587e93ea893725be535cdeca1094d5b4dae119b49456162f60034a904f521f7cd818", + "proof": "66caee75bf2460429f620f6ad3e811d524cb8ddd848a435fc5d89af48877abf6506ee341a0b6f67c2d76cd021e5f3d1c9abe5aa9f0dce016da746135fedba2af41ed1d01659bfd6180d96bc1b7f320c0cb6926011ce392ecca748662564892bae66516acaac6ca39aadf6fcca95af406", "r": "b1b748135d405ce48c6973401d9455bb8ccd18b01d0295c0627f67661200dbf9569f73fbb3925daa043a070e5f953d80bb464ea369e5522b" } }, { "Batch": 1, "Blind": "64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec65fa3833a26e9388336361686ff1f83df55046504dfecad8549ba112", - "BlindedElement": "e6f508abea28cbb0242f0dae1c0a92e017127edb7c8d8e0ec98a5ea25c6bc9bb86bfc0bf9b8a086302e29a2a4b0a1d9d80f2d439cfba3ec1", - "EvaluationElement": "1ea637b039e0ab12c6959c74e275471e33655007a7fa23af97ec578bcfc8c3381d4929ebf51433b76460d583f16b7cf1e75b9708f5d9d2f7", + "BlindedElement": "12082b6a381c6c51e85d00f2a3d828cdeab3f5cb19a10b9c014c33826764ab7e7cfb8b4ff6f411bddb2d64e62a472af1cd816e5b712790c6", + "EvaluationElement": "f2919b7eedc05ab807c221fce2b12c4ae9e19e6909c4784564b690d1972d2994ca623f273afc67444d84ea40cbc58fcdab7945f321a52848", "Info": "7465737420696e666f", "Input": "5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "80ac73a09fbf8cbd329ff1b7f42d8d14e46ae5b732f776f3203f0680daf265254360da0afcd9dc1d0cd3858ab21ce8e7a19f0426d7e701cfda34fb8238c9e434", + "Output": "8691905500510843902c44bdd9730ab9dc3925aa58ff9dd42765a2baf633126de0c3adb93bef5652f38e5827b6396e87643960163a560fc4ac9738c8de4e4a8d", "Proof": { - "proof": "d53a1bfeafc5b47fc86406fba080e57434a7004a0739399ccb356f790b13585da9d69a25c526e039fa06ad6a5781283ea7997eced063fd32e58bc95d57fd771cad4a7e23633ae2049eec5ad86ade6a5e98d44f78fd86b5f55ab3c7a03025d6aec1f4f50a2bd7b9b554841f6b4cd23d14", + "proof": "a295677c54d1bc4286330907fc2490a7de163da26f9ce03a462a452fea422b19ade296ba031359b3b6841e48455d20519ad01b4ac4f0b92e76d3cf16fbef0a3f72791a8401ef2d7081d361e502e96b2c60608b9fa566f43d4611c2f161d83aabef7f8017332b26ed1daaf80440772022", "r": "b1b748135d405ce48c6973401d9455bb8ccd18b01d0295c0627f67661200dbf9569f73fbb3925daa043a070e5f953d80bb464ea369e5522b" } }, { "Batch": 2, "Blind": "64d37aed22a27f5191de1c1d69fadb899d8862b58eb4220029e036ec65fa3833a26e9388336361686ff1f83df55046504dfecad8549ba112,b1b748135d405ce48c6973401d9455bb8ccd18b01d0295c0627f67661200dbf9569f73fbb3925daa043a070e5f953d80bb464ea369e5522b", - "BlindedElement": "f86104fcefec6bdca7767bc3e6a2ac9de2b00546579fd50ff66687df531f7a2dfa8689a6cfdf91efc32d6fff490e722990752b7bc4bda28f,50c6849c8f6355687bbc9d4675bcea953cb913c5447c9c8400062ae37f808ce8a75d592c56f3393d4ea12ec72f9f84402002eb497201089a", - "EvaluationElement": "76f27e6fa79cd38638e35f5caa5d641e41526fbfd9272c19be22dfc8cdd962e6d5d4e0c605c9bd6588eb9698a2bbf792a0827bb1116c8812,7caa4dd83ecae98fc3e282a0e7df1887393a3fc1e17935dfe355da394756fbfcad65386eeedf1ba8498411645448c7027753cd9090198c02", + "BlindedElement": "161183c13c6cb33b0e4f9b7365f8c5c12d13c72f8b62d276ca09368d093dce9b42198276b9e9d870ac392dda53efd28d1b7e6e8c060cdc42,fc8847d43fb4cea4e408f585661a8f2867533fa91d22155d3127a22f18d3b007add480f7d300bca93fa47fe87ae06a57b7d0f0d4c30b12f0", + "EvaluationElement": "06ec89dfde25bb2a6f0145ac84b91ac277b35de39ad1d6f402a8e46414952ce0d9ea1311a4ece283e2b01558c7078b040cfaa40dd63b3e6c,2e74c626d07de49b1c8c21d87120fd78105f485e36816af9bde3e3efbeef76815326062fd333925b66c5ce5a20f100bf01770c16609f990a", "Info": "7465737420696e666f", "Input": "00,5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "2a08f81bf204eb43a57dbc011946861ed715a2fd3d39a3b35e43c74d07d4734149ba163389a02f6cd33fbb5b84e167d35dca7a7dc00b89418398c255c8293ac6,80ac73a09fbf8cbd329ff1b7f42d8d14e46ae5b732f776f3203f0680daf265254360da0afcd9dc1d0cd3858ab21ce8e7a19f0426d7e701cfda34fb8238c9e434", + "Output": "4423f6dcc1740688ea201de57d76824d59cd6b859e1f9884b7eebc49b0b971358cf9cb075df1536a8ea31bcf55c3e31c2ba9cfa8efe54448d17091daeb9924ed,8691905500510843902c44bdd9730ab9dc3925aa58ff9dd42765a2baf633126de0c3adb93bef5652f38e5827b6396e87643960163a560fc4ac9738c8de4e4a8d", "Proof": { - "proof": "b4f869bf5ec65e0152af5bd29f9fa32c3dfc00355e4e019feda07a281547fb2f0c559c600bf6cb52a92753264d1c1367e0134b132880732ec70a8c741d60370e5c22c4aca0e4564732b0157858f3c968bda06aab34c71386ec88afe76ec2c14bf56f0adf7b05bab826e4aa034cc78837", + "proof": "fd94db736f97ea4efe9d0d4ad2933072697a6bbeb32834057b23edf7c7009f011dfa72157f05d2a507c2bbf0b54cad99ab99de05921c021fda7d70e65bcecdb05f9a30154127ace983c74d10fd910b554c5e95f6bd1565fd1f3dbbe3c523ece5c72d57a559b7be1368c4786db4a3c910", "r": "63798726803c9451ba405f00ef3acb633ddf0c420574a2ec6cbf28f840800e355c9fbaac10699686de2724ed22e797a00f3bd93d105a7f23" } } ] }, { - "groupDST": "48617368546f47726f75702d564f50524631302d000003", + "groupDST": "48617368546f47726f75702d4f50524656312d002d503235362d534841323536", "hash": "SHA256", + "identifier": "P256-SHA256", "keyInfo": "74657374206b6579", "mode": 0, "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", - "skSm": "274d7747cf2e26352ecea6bd768c426087da3dfcd466b6841b441ada8412fb33", - "suiteID": 3, - "suiteName": "OPRF(P-256, SHA-256)", + "skSm": "159749d750713afe245d2d39ccfaae8381c53ce92d098a9375ee70739c7ac0bf", "vectors": [ { "Batch": 1, "Blind": "3338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364", - "BlindedElement": "02ff9dc7d4350ab6fe1f41299ec5fa8283b6ef37fc62682ea696142e13aad4ae9c", - "EvaluationElement": "023a5facf92477164f10cc6bf35b4d9272bfadf98dbabbe7b7a137efa1af6546fb", + "BlindedElement": "03723a1e5c09b8b9c18d1dcbca29e8007e95f14f4732d9346d490ffc195110368d", + "EvaluationElement": "030de02ffec47a1fd53efcdd1c6faf5bdc270912b8749e783c7ca75bb412958832", "Input": "00", - "Output": "488d693c0d43ab75703901fa1398907cf7dc7a90978d1c2f0def63c88e81b8b0" + "Output": "a0b34de5fa4c5b6da07e72af73cc507cceeb48981b97b7285fc375345fe495dd" }, { "Batch": 1, "Blind": "3338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364", - "BlindedElement": "03b3cd723330e42975e6e18a6157ecf9455894c18a0189e3e624a46d705f790fcc", - "EvaluationElement": "03f1ea590f2cc4afd45a841285c6be4d88825a9c6c04eb55a1ca996583dd3e2e9f", + "BlindedElement": "03cc1df781f1c2240a64d1c297b3f3d16262ef5d4cf102734882675c26231b0838", + "EvaluationElement": "03a0395fe3828f2476ffcd1f4fe540e5a8489322d398be3c4e5a869db7fcb7c52c", "Input": "5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "dacd8400f6fae62beabead9bc27869b5109fb5d87da338ae2488712ec25f1be9" + "Output": "c748ca6dd327f0ce85f4ae3a8cd6d4d5390bbb804c9e12dcf94f853fece3dcce" } ] }, { - "groupDST": "48617368546f47726f75702d564f50524631302d010003", + "groupDST": "48617368546f47726f75702d4f50524656312d012d503235362d534841323536", "hash": "SHA256", + "identifier": "P256-SHA256", "keyInfo": "74657374206b6579", "mode": 1, - "pkSm": "03f9fc787c9a4dda44a4b811a961d1fd60f87be7465b8a1b9058dc534dae70624c", + "pkSm": "03e17e70604bcabe198882c0a1f27a92441e774224ed9c702e51dd17038b102462", "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", - "skSm": "b3d12edba73e40401fdc27c0094a56337feb3646d1633345af7e7142a6b1559d", - "suiteID": 3, - "suiteName": "OPRF(P-256, SHA-256)", + "skSm": "ca5d94c8807817669a51b196c34c1b7f8442fde4334a7121ae4736364312fca6", "vectors": [ { "Batch": 1, "Blind": "3338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364", - "BlindedElement": "02bf13d60f3e39e2018c7be9876d88b52e56c0fc2847c8550e3cee152c51cf72ec", - "EvaluationElement": "0253e64b5251607348f2b46064805275a849e44db465f649267c54bd7a774d670f", + "BlindedElement": "02dd05901038bb31a6fae01828fd8d0e49e35a486b5c5d4b4994013648c01277da", + "EvaluationElement": "0209f33cab60cf8fe69239b0afbcfcd261af4c1c5632624f2e9ba29b90ae83e4a2", "Input": "00", - "Output": "9df5d51a9149a86c3660396feabaf790b8c838fc96012adba5acbd913f2a4016", + "Output": "0412e8f78b02c415ab3a288e228978376f99927767ff37c5718d420010a645a1", "Proof": { - "proof": "d0bff8c87ee38f2b2e9e28161fb0f3bc7e4c3bee7329276487d4fd98d4f474fff793a846ffcb44d48f9545e321d89e4e6bccea858089732abf10bf19a220a936", + "proof": "e7c2b3c5c954c035949f1f74e6bce2ed539a3be267d1481e9ddb178533df4c2664f69d065c604a4fd953e100b856ad83804eb3845189babfa5a702090d6fc5fa", "r": "f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b1" } }, { "Batch": 1, "Blind": "3338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364", - "BlindedElement": "02a13e263fd9df5aa0078f8d5d6cbe8763e5bee69ee06841a66dad0db8701480cf", - "EvaluationElement": "02d9f54fcb97bdab47e6664376a75911f1c3e447f575455089d926fbd032cb6e53", + "BlindedElement": "03cd0f033e791c4d79dfa9c6ed750f2ac009ec46cd4195ca6fd3800d1e9b887dbd", + "EvaluationElement": "030d2985865c693bf7af47ba4d3a3813176576383d19aff003ef7b0784a0d83cf1", "Input": "5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "beef8ec835625f610d616d32b1d13f2f899f07c0b8089fa48a1f0ecbc5a91b8b", + "Output": "771e10dcd6bcd3664e23b8f2a710cfaaa8357747c4a8cbba03133967b5c24f18", "Proof": { - "proof": "e3ccd78a2f2428d04599c90d4b45e3de49b38a3ba0c80a224b8125747648718319238dd349cdeb533a6d24333b56aafbb202bec1831511717b231b89b8b36853", + "proof": "2787d729c57e3d9512d3aa9e8708ad226bc48e0f1750b0767aaff73482c44b8d2873d74ec88aebd3504961acea16790a05c542d9fbff4fe269a77510db00abab", "r": "f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b1" } }, { "Batch": 2, "Blind": "3338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364,f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b1", - "BlindedElement": "02bf13d60f3e39e2018c7be9876d88b52e56c0fc2847c8550e3cee152c51cf72ec,0322b89e261428d77367cba2aa78fdfa2b21c2919150cafe802e9020c7f95ec180", - "EvaluationElement": "0253e64b5251607348f2b46064805275a849e44db465f649267c54bd7a774d670f,02182b225cfab1d2e25da200549d8b5e2c4581aa7b7bd85bef9b61a14549f58230", + "BlindedElement": "02dd05901038bb31a6fae01828fd8d0e49e35a486b5c5d4b4994013648c01277da,03462e9ae64cae5b83ba98a6b360d942266389ac369b923eb3d557213b1922f8ab", + "EvaluationElement": "0209f33cab60cf8fe69239b0afbcfcd261af4c1c5632624f2e9ba29b90ae83e4a2,02bb24f4d838414aef052a8f044a6771230ca69c0a5677540fff738dd31bb69771", "Input": "00,5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "9df5d51a9149a86c3660396feabaf790b8c838fc96012adba5acbd913f2a4016,beef8ec835625f610d616d32b1d13f2f899f07c0b8089fa48a1f0ecbc5a91b8b", + "Output": "0412e8f78b02c415ab3a288e228978376f99927767ff37c5718d420010a645a1,771e10dcd6bcd3664e23b8f2a710cfaaa8357747c4a8cbba03133967b5c24f18", "Proof": { - "proof": "900fd64d21320b6059a2810f7046066c4c91a5f4e4f6063c7b51316a48622de8f3a28e5f1d0ebe8ae77fdaacbcb1ae92685243e9ceb813bb749dee6c7123270e", + "proof": "bdcc351707d02a72ce49511c7db990566d29d6153ad6f8982fad2b435d6ce4d60da1e6b3fa740811bde34dd4fe0aa1b5fe6600d0440c9ddee95ea7fad7a60cf2", "r": "350e8040f828bf6ceca27405420cdf3d63cb3aef005f40ba51943c8026877963" } } ] }, { - "groupDST": "48617368546f47726f75702d564f50524631302d020003", + "groupDST": "48617368546f47726f75702d4f50524656312d022d503235362d534841323536", "hash": "SHA256", + "identifier": "P256-SHA256", "keyInfo": "74657374206b6579", "mode": 2, - "pkSm": "0335065d006a3db4fb09154024dff38c3188a1027e19ce6932e6824c1276447766", + "pkSm": "030d7ff077fddeec965db14b794f0cc1ba9019b04a2f4fcc1fa525dedf72e2a3e3", "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", - "skSm": "59519f6c7da344f340ad35ad895a5b97437673cc3ac8b964b823cdb52c932f86", - "suiteID": 3, - "suiteName": "OPRF(P-256, SHA-256)", + "skSm": "6ad2173efa689ef2c27772566ad7ff6e2d59b3b196f00219451fb2c89ee4dae2", "vectors": [ { "Batch": 1, "Blind": "3338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364", - "BlindedElement": "02811b5218bd2bb8361f990efb6062f1201241bcd6f053a5c35c34dcd7292e7730", - "EvaluationElement": "02555fc8577c4f88eeb13bc6ac53994f8fb287a33a70459205ddff91bc19b6a2da", + "BlindedElement": "031563e127099a8f61ed51eeede05d747a8da2be329b40ba1f0db0b2bd9dd4e2c0", + "EvaluationElement": "02c5e5300c2d9e6ba7f3f4ad60500ad93a0157e6288eb04b67e125db024a2c74d2", "Info": "7465737420696e666f", "Input": "00", - "Output": "af6525716fe5dd844076bb5cb118ceda08c02c2d1a02368922ddad63f40f8b44", + "Output": "193a92520bd8fd1f37accb918040a57108daa110dc4f659abe212636d245c592", "Proof": { - "proof": "d87b112dfa11b77f226b85693ab1b5f63adfa491b6e051e570a12392a926c4816778b527526ba6212c4b0597f13e05f5f9b2223429aab82cd2596625ab1cad0b", + "proof": "f8a33690b87736c854eadfcaab58a59b8d9c03b569110b6f31f8bf7577f3fbb85a8a0c38468ccde1ba942be501654adb106167c8eb178703ccb42bccffb9231a", "r": "f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b1" } }, { "Batch": 1, "Blind": "3338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364", - "BlindedElement": "03e9ddbb1fa70461119afcf0ffbfe3fcd105690c14cf0e07872e72d4f63aa0e197", - "EvaluationElement": "03156037ca1ab2166e924e6197344a9885256de2cd7d9432ae36e3f94049e94bbb", + "BlindedElement": "021a440ace8ca667f261c10ac7686adc66a12be31e3520fca317643a1eee9dcd4d", + "EvaluationElement": "0208ca109cbae44f4774fc0bdd2783efdcb868cb4523d52196f700210e777c5de3", "Info": "7465737420696e666f", "Input": "5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "192f4e5d4f89ffe4b9cea5c1c9619ffe32443a5c04fc35f98c3821420cf1890c", + "Output": "1e6d164cfd835d88a31401623549bf6b9b306628ef03a7962921d62bc5ffce8c", "Proof": { - "proof": "d087b632e2aa4a67e0bc8b7cf012646217a2dfdbf49c60f236a43c66c72b7f2767b85dc93b96a11e3286ef1ff1864b544a68c2c2d8c2bc35ef7cf7dd34189d3e", + "proof": "043a8fb7fc7fd31e35770cabda4753c5bf0ecc1e88c68d7d35a62bf2631e875af4613641be2d1875c31d1319d191c4bbc0d04875f4fd03c31d3d17dd8e069b69", "r": "f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b1" } }, { "Batch": 2, "Blind": "3338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364,f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b1", - "BlindedElement": "02811b5218bd2bb8361f990efb6062f1201241bcd6f053a5c35c34dcd7292e7730,0366ff91265bb4a9d24130b9e8cd3ecc523084b512b6b0722de44049616b8c374f", - "EvaluationElement": "02555fc8577c4f88eeb13bc6ac53994f8fb287a33a70459205ddff91bc19b6a2da,032bdb191ef5604cf43d0c37faead30c4b2b21e3f61c0d47ccc84850fc5656e500", + "BlindedElement": "031563e127099a8f61ed51eeede05d747a8da2be329b40ba1f0db0b2bd9dd4e2c0,03ca4ff41c12fadd7a0bc92cf856732b21df652e01a3abdf0fa8847da053db213c", + "EvaluationElement": "02c5e5300c2d9e6ba7f3f4ad60500ad93a0157e6288eb04b67e125db024a2c74d2,02f0b6bcd467343a8d8555a99dc2eed0215c71898c5edb77a3d97ddd0dbad478e8", "Info": "7465737420696e666f", "Input": "00,5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "af6525716fe5dd844076bb5cb118ceda08c02c2d1a02368922ddad63f40f8b44,192f4e5d4f89ffe4b9cea5c1c9619ffe32443a5c04fc35f98c3821420cf1890c", + "Output": "193a92520bd8fd1f37accb918040a57108daa110dc4f659abe212636d245c592,1e6d164cfd835d88a31401623549bf6b9b306628ef03a7962921d62bc5ffce8c", "Proof": { - "proof": "1bd5f64dffa2ab8d6532122887ed55ad17d114020901a7a01cf2412d568e22b6d0536fd6dbefe9f417060468ee3cc451a8f3750f4d8d4acf1e98437248cc7fa2", + "proof": "8fbd85a32c13aba79db4b42e762c00687d6dbf9c8cb97b2a225645ccb00d9d7580b383c885cdfd07df448d55e06f50f6173405eee5506c0ed0851ff718d13e68", "r": "350e8040f828bf6ceca27405420cdf3d63cb3aef005f40ba51943c8026877963" } } ] }, { - "groupDST": "48617368546f47726f75702d564f50524631302d000004", + "groupDST": "48617368546f47726f75702d4f50524656312d002d503338342d534841333834", "hash": "SHA384", + "identifier": "P384-SHA384", "keyInfo": "74657374206b6579", "mode": 0, - "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", - "skSm": "c0503759ddd1e31d8c7eae9304c9b1c16f83d1f6d962e3e7b789cd85fd581800e96c5c4256131aafcff9a76919abbd55", - "suiteID": 4, - "suiteName": "OPRF(P-384, SHA-384)", + "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", + "skSm": "dfe7ddc41a4646901184f2b432616c8ba6d452f9bcd0c4f75a5150ef2b2ed02ef40b8b92f60ae591bcabd72a6518f188", "vectors": [ { "Batch": 1, "Blind": "504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364", - "BlindedElement": "0396a1584fedc4d91ddb753a0c49e0aa2298c1936dbc935d60fe793d82809f44ff05fbd1922a2cae789d700b5ef4310fb3", - "EvaluationElement": "0361804cebcb1873cee5e51efd5257cd8b095521cc0089cf4c1100b1d749e212a044eae6d4f3d852e379eeb1bb54047823", + "BlindedElement": "02a36bc90e6db34096346eaf8b7bc40ee1113582155ad3797003ce614c835a874343701d3f2debbd80d97cbe45de6e5f1f", + "EvaluationElement": "03af2a4fc94770d7a7bf3187ca9cc4faf3732049eded2442ee50fbddda58b70ae2999366f72498cdbc43e6f2fc184afe30", "Input": "00", - "Output": "b7ccad41ed7f56be97621bbba8cc3a4f5e8a46a28d72b0fe089d12802f86f080b20726e01a99390aba3437ac50c640d6" + "Output": "ed84ad3f31a552f0456e58935fcc0a3039db42e7f356dcb32aa6d487b6b815a07d5813641fb1398c03ddab5763874357" }, { "Batch": 1, "Blind": "504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364", - "BlindedElement": "0370b0b4649c0880d44c421a3ca7c915b1b6ffa61f5a1290aa22258b006d148e5c105d47725e1ee1b2483b9c5666384038", - "EvaluationElement": "036d0aaf31ec411ef8e11c68551434883468e56cbd5d615ac8c52b9dc7af326889d52d7466c5eed47f8c89707976aadc64", + "BlindedElement": "02def6f418e3484f67a124a2ce1bfb19de7a4af568ede6a1ebb2733882510ddd43d05f2b1ab5187936a55e50a847a8b900", + "EvaluationElement": "034e9b9a2960b536f2ef47d8608b21597ba400d5abfa1825fd21c36b75f927f396bf3716c96129d1fa4a77fa1d479c8d7b", "Input": "5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "ca7dc32dc6434101f35a790717dd591e5963acc86d20fda68011fe228fb76be8da7f42c6a92284df88fb8e69480a3cb9" + "Output": "dd4f29da869ab9355d60617b60da0991e22aaab243a3460601e48b075859d1c526d36597326f1b985778f781a1682e75" } ] }, { - "groupDST": "48617368546f47726f75702d564f50524631302d010004", + "groupDST": "48617368546f47726f75702d4f50524656312d012d503338342d534841333834", "hash": "SHA384", + "identifier": "P384-SHA384", "keyInfo": "74657374206b6579", "mode": 1, - "pkSm": "02f773b99e65ad26e8cd20614910ce7ad74c1baa5bdbfd9f124389dc8ef44b5989f5bf036f6802dc2242fd7068b73da29f", - "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", - "skSm": "514fb6fe2e66af1383840759d56f71730331280f062930ee2a2f7ea42f935acf94087355699d788abfdf09d19a5c85ac", - "suiteID": 4, - "suiteName": "OPRF(P-384, SHA-384)", + "pkSm": "031d689686c611991b55f1a1d8f4305ccd6cb719446f660a30db61b7aa87b46acf59b7c0d4a9077b3da21c25dd482229a0", + "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", + "skSm": "051646b9e6e7a71ae27c1e1d0b87b4381db6d3595eeeb1adb41579adbf992f4278f9016eafc944edaa2b43183581779d", "vectors": [ { "Batch": 1, "Blind": "504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364", - "BlindedElement": "03022e23d8356d74d8f9a24ade759fb4e7cf050d1a77011087883d4db52f16751d8d987fa49764c157c1039c4cdfa5ef7a", - "EvaluationElement": "0202bdefbc2d55a37aa848df5efc561055235d9190da9ec30ccfb84d93b033a29c4fb1968c55c63a0b90a205e1e9c4c19f", + "BlindedElement": "02d338c05cbecb82de13d6700f09cb61190543a7b7e2c6cd4fca56887e564ea82653b27fdad383995ea6d02cf26d0e24d9", + "EvaluationElement": "02a7bba589b3e8672aa19e8fd258de2e6aae20101c8d761246de97a6b5ee9cf105febce4327a326255a3c604f63f600ef6", "Input": "00", - "Output": "7eb3cc88d920431c3a5ea3fb6e36b515b6d82c5ef537e285918fe7c741e97819ce029657d6cced0f8850f47ff281c444", + "Output": "3333230886b562ffb8329a8be08fea8025755372817ec969d114d1203d026b4a622beab60220bf19078bca35a529b35c", "Proof": { - "proof": "929ee0254047350f580cdbd6fca706a9d110e4fc0aa1383af8d35a53679569c038d90900e8810eca177b9cfd6a2d0f1fb5ed7a2e0f3107719cbd9c74ab7d950279869f67551b629c3706c8f9cee651d700453ca44e43b0a08c05502cd28f3960", + "proof": "bfc6cf3859127f5fe25548859856d6b7fa1c7459f0ba5712a806fc091a3000c42d8ba34ff45f32a52e40533efd2a03bc87f3bf4f9f58028297ccb9ccb18ae7182bcd1ef239df77e3be65ef147f3acf8bc9cbfc5524b702263414f043e3b7ca2e", "r": "803d955f0e073a04aa5d92b3fb739f56f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b1" } }, { "Batch": 1, "Blind": "504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364", - "BlindedElement": "037ae30a62126a39ca791aadafb65769c812a559c7da92820e143350b6bb8cefb543af2e0179664f9cd0d1499c018a0b18", - "EvaluationElement": "0355f95a68e8c4f0d40910e9a85f09109e4e7fff84f75db1a4aa8e21c451ac2d872113b497bea6c0be1b535241557032a2", + "BlindedElement": "02f27469e059886f221be5f2cca03d2bdc61e55221721c3b3e56fc012e36d31ae5f8dc058109591556a6dbd3a8c69c433b", + "EvaluationElement": "03f16f903947035400e96b7f531a38d4a07ac89a80f89d86a1bf089c525a92c7f4733729ca30c56ce78b1ab4f7d92db8b4", "Input": "5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "fb538f84dae5f214c5adfcf529c6fe63bc46d6a4073d540cf0dabcc7c8e0f3c1b43b606002a9aa52ae158a19d900c136", + "Output": "b91c70ea3d4d62ba922eb8a7d03809a441e1c3c7af915cbc2226f485213e895942cd0f8580e6d99f82221e66c40d274f", "Proof": { - "proof": "f4ec262642fc9981fe5d1f0a3737f2d09ec9b056f577224013f5a3d09812fb22c6b45e17150d8fe3a8c7e63094cdf40a60ae1e50fc2e1678954c1ecbaed2f7d07e6d597fffedc7aca450ed64164c46e62d1326ff1f6eaeba4b5dd151e953e060", + "proof": "d005d6daaad7571414c1e0c75f7e57f2113ca9f4604e84bc90f9be52da896fff3bee496dcde2a578ae9df315032585f801fb21c6080ac05672b291e575a40295b306d967717b28e08fcc8ad1cab47845d16af73b3e643ddcc191208e71c64630", "r": "803d955f0e073a04aa5d92b3fb739f56f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b1" } }, { "Batch": 2, "Blind": "504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364,803d955f0e073a04aa5d92b3fb739f56f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b1", - "BlindedElement": "03022e23d8356d74d8f9a24ade759fb4e7cf050d1a77011087883d4db52f16751d8d987fa49764c157c1039c4cdfa5ef7a,031ee43111a2406b09eb4fb2a3a5fd7c690c0aa51158af766c9df1428bb18195f054c5f68ae1863e6ab3dd4298b3db712b", - "EvaluationElement": "0202bdefbc2d55a37aa848df5efc561055235d9190da9ec30ccfb84d93b033a29c4fb1968c55c63a0b90a205e1e9c4c19f,021fdbb3b92cf4f8e04534bc1a9f62596667c3ea49a6e89f1610b9f7f89708e8730df159827ea92e26fcfdb2063920c89c", + "BlindedElement": "02d338c05cbecb82de13d6700f09cb61190543a7b7e2c6cd4fca56887e564ea82653b27fdad383995ea6d02cf26d0e24d9,02fa02470d7f151018b41e82223c32fad824de6ad4b5ce9f8e9f98083c9a726de9a1fc39d7a0cb6f4f188dd9cea01474cd", + "EvaluationElement": "02a7bba589b3e8672aa19e8fd258de2e6aae20101c8d761246de97a6b5ee9cf105febce4327a326255a3c604f63f600ef6,028e9e115625ff4c2f07bf87ce3fd73fc77994a7a0c1df03d2a630a3d845930e2e63a165b114d98fe34e61b68d23c0b50a", "Input": "00,5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "7eb3cc88d920431c3a5ea3fb6e36b515b6d82c5ef537e285918fe7c741e97819ce029657d6cced0f8850f47ff281c444,fb538f84dae5f214c5adfcf529c6fe63bc46d6a4073d540cf0dabcc7c8e0f3c1b43b606002a9aa52ae158a19d900c136", + "Output": "3333230886b562ffb8329a8be08fea8025755372817ec969d114d1203d026b4a622beab60220bf19078bca35a529b35c,b91c70ea3d4d62ba922eb8a7d03809a441e1c3c7af915cbc2226f485213e895942cd0f8580e6d99f82221e66c40d274f", "Proof": { - "proof": "9cc7fe5a120cec6ef0d877260cf1af1861f281aa0015f371c8830f93f2868f5891ee6f32ec6fcbe130a50de24c93b131261eb4a242941c8d5ad9ad2f2be402d9386ac4afcf5e5498f35cc3db0442a77e139eb56a7b3435177e7bf1a48cef184a", + "proof": "6d8dcbd2fc95550a02211fb78afd013933f307d21e7d855b0b1ed0af78076d8137ad8b0a1bfa05676d325249c1dbb9a52bd81b1c2b7b0efc77cf7b278e1c947f6283f1d4c513053fc0ad19e026fb0c30654b53d9cea4b87b037271b5d2e2d0ea", "r": "a097e722ed2427de86966910acba9f5c350e8040f828bf6ceca27405420cdf3d63cb3aef005f40ba51943c8026877963" } } ] }, { - "groupDST": "48617368546f47726f75702d564f50524631302d020004", + "groupDST": "48617368546f47726f75702d4f50524656312d022d503338342d534841333834", "hash": "SHA384", + "identifier": "P384-SHA384", "keyInfo": "74657374206b6579", "mode": 2, - "pkSm": "03a571100213c4356177af14a7039cfee270ad1f9abde42ac3418c501209ed7b2fc0d4aa3373c12ba956fb555b02843fc8", - "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", - "skSm": "0fcba4a204f67d6c13f780e613915f755319aaa3cb03cd20a5a4a6c403a4812a4fff5d3223e2c309aa66b05cb7611fd4", - "suiteID": 4, - "suiteName": "OPRF(P-384, SHA-384)", + "pkSm": "02f00f0f1de81e5d6cf18140d4926ffdc9b1898c48dc49657ae36eb1e45deb8b951aaf1f10c82d2eaa6d02aafa3f10d2b6", + "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", + "skSm": "5b2690d6954b8fbb159f19935d64133f12770c00b68422559c65431942d721ff79d47d7a75906c30b7818ec0f38b7fb2", "vectors": [ { "Batch": 1, "Blind": "504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364", - "BlindedElement": "03156aece0ce92e9eb8f7a9b7f6bd30230a048d41384f2fe49f1f9f69e180c23390e3ba8d0ee66dde6d637f03c06385f76", - "EvaluationElement": "02352ec7586660cc4257a9e78366727341db0825e431fc824a70a91019b67be26d8b880b2d4d8e734207d4a21a23429d74", + "BlindedElement": "03859b36b95e6564faa85cd3801175eda2949707f6aa0640ad093cbf8ad2f58e762f08b56b2a1b42a64953aaf49cbf1ae3", + "EvaluationElement": "0220710e2e00306453f5b4f574cb6a512453f35c45080d09373e190c19ce5b185914fbf36582d7e0754bb7c8b683205b91", "Info": "7465737420696e666f", "Input": "00", - "Output": "fa15c0fe8706ac256dfd3c38d21ba0cd57b927cfcf3e4d6d5554ec1272e670079b95cdbb2778e0df22baf50f33e12607", + "Output": "0188653cfec38119a6c7dd7948b0f0720460b4310e40824e048bf82a16527303ed449a08caf84272c3bbc972ede797df", "Proof": { - "proof": "77bb1ca3ba4013b93ccb302db838839098eca743de542d3c79d189f2adf001999583a01aead6c248a32ff13b7f1f3d6b2dd04f653a5beb0f0394ad83ce5e79ea08ae029d669b918b6d62ed3b77b08a07f04bbc341fae06444d196746da4da884", + "proof": "82a17ef41c8b57f1e3122311b4d5cd39a63df0f67443ef18d961f9b659c1601ced8d3c64b294f604319ca80230380d437a49c7af0d620e22116669c008ebb767d90283d573b49cdb49e3725889620924c2c4b047a2a6225a3ba27e640ebddd33", "r": "803d955f0e073a04aa5d92b3fb739f56f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b1" } }, { "Batch": 1, "Blind": "504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364", - "BlindedElement": "02d46e0e2d27d8bb126e1201e881d0070b8807cb5635687b20dd4a3a248e7a40c50a1ad3e905e43342771eb23bc8827a00", - "EvaluationElement": "030879805ff65cb536293a1449c00824e55c4c1b25379f2ec17d97923055169a6d97b46ed7b11bb661cc8cb9535abc3d66", + "BlindedElement": "03f7efcb4aaf000263369d8a0621cb96b81b3206e99876de2a00699ed4c45acf3969cd6e2319215395955d3f8d8cc1c712", + "EvaluationElement": "034993c818369927e74b77c400376fd1ae29b6ac6c6ddb776cf10e4fbc487826531b3cf0b7c8ca4d92c7af90c9def85ce6", "Info": "7465737420696e666f", "Input": "5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "77cb533216c32cac017d706d5f0ee4630bcb0bfefbb980d95e98dc240abc70a944a44cde69b805aee3a39b2eb7d834be", + "Output": "ff2a527a21cc43b251a567382677f078c6e356336aec069dea8ba36995343ca3b33bb5d6cf15be4d31a7e6d75b30d3f5", "Proof": { - "proof": "9982a8501f45839213441d4ec501cf496d06fffab65f13ca3b3e66d21398fe9e0e04aafdf50eae214fa9cccad3c53d524d0f8c185ed60b11fcf5c7e82e10a8d3f3b2ce1e4a004d65e6ad596eeb5738453465d881f2770858cd46ac32f0e16121", + "proof": "693471b5dff0cd6a5c00ea34d7bf127b2795164e3bdb5f39a1e5edfbd13e443bc516061cd5b8449a473c2ceeccada9f3e5b57302e3d7bc5e28d38d6e3a3056e1e73b6cc030f5180f8a1ffa45aa923ee66d2ad0a07b500f2acc7fb99b5506465c", "r": "803d955f0e073a04aa5d92b3fb739f56f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b1" } }, { "Batch": 2, "Blind": "504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364,803d955f0e073a04aa5d92b3fb739f56f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b1", - "BlindedElement": "03156aece0ce92e9eb8f7a9b7f6bd30230a048d41384f2fe49f1f9f69e180c23390e3ba8d0ee66dde6d637f03c06385f76,025663d73e3418039fddea1a212d254ec0103f28904e588b73c7da8298347706b2f69902a98e8d01c7aaa69a297b14c7dc", - "EvaluationElement": "02352ec7586660cc4257a9e78366727341db0825e431fc824a70a91019b67be26d8b880b2d4d8e734207d4a21a23429d74,02f8e532fabdd09bb2a7391a2a80c14f265c0456009199b77eefac1013d4a4f449dfe46d5d6d2d4d74f8c9fb1e2868b611", + "BlindedElement": "03859b36b95e6564faa85cd3801175eda2949707f6aa0640ad093cbf8ad2f58e762f08b56b2a1b42a64953aaf49cbf1ae3,021a65d618d645f1a20bc33b06deaa7e73d6d634c8a56a3d02b53a732b69a5c53c5a207ea33d5afdcde9a22d59726bce51", + "EvaluationElement": "0220710e2e00306453f5b4f574cb6a512453f35c45080d09373e190c19ce5b185914fbf36582d7e0754bb7c8b683205b91,02017657b315ec65ef861505e596c8645d94685dd7602cdd092a8f1c1c0194a5d0485fe47d071d972ab514370174cc23f5", "Info": "7465737420696e666f", "Input": "00,5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "fa15c0fe8706ac256dfd3c38d21ba0cd57b927cfcf3e4d6d5554ec1272e670079b95cdbb2778e0df22baf50f33e12607,77cb533216c32cac017d706d5f0ee4630bcb0bfefbb980d95e98dc240abc70a944a44cde69b805aee3a39b2eb7d834be", + "Output": "0188653cfec38119a6c7dd7948b0f0720460b4310e40824e048bf82a16527303ed449a08caf84272c3bbc972ede797df,ff2a527a21cc43b251a567382677f078c6e356336aec069dea8ba36995343ca3b33bb5d6cf15be4d31a7e6d75b30d3f5", "Proof": { - "proof": "f8c938b5d2aff7d1a05ecdcf4178d682fe7b35c375be5db88dfa59f488c6e4a68d4f99f16330a06f918e264ad68a78fdfad91446b72e1a3da2a65e531d520dd04fd91dd49b09037648e04a44e83d0dfd2aab7627e7389818924ad9bff591d646", + "proof": "4a0b2fe96d5b2a046a0447fe079b77859ef11a39a3520d6ff7c626aad9b473b724fb0cf188974ec961710a62162a83e97e0baa9eeada73397032d928b3e97b1ea92ad9458208302be3681b8ba78bcc17745bac00f84e0fdc98a6a8cba009c080", "r": "a097e722ed2427de86966910acba9f5c350e8040f828bf6ceca27405420cdf3d63cb3aef005f40ba51943c8026877963" } } ] }, { - "groupDST": "48617368546f47726f75702d564f50524631302d000005", + "groupDST": "48617368546f47726f75702d4f50524656312d002d503532312d534841353132", "hash": "SHA512", + "identifier": "P521-SHA512", "keyInfo": "74657374206b6579", "mode": 0, - "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", - "skSm": "0152e55f3a5d836ab6c2091a904ba4b4f92e51ba59ecc211b4fc771f7c6c8b17fcbbb2bed8a65afd7811ceeec3eac83df6a58515b6d3c71ee0ffc349e28c3fb78d83", - "suiteID": 5, - "suiteName": "OPRF(P-521, SHA-512)", + "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", + "skSm": "0153441b8faedb0340439036d6aed06d1217b34c42f17f8db4c5cc610a4a955d698a688831b16d0dc7713a1aa3611ec60703bffc7dc9c84e3ed673b3dbe1d5fccea6", "vectors": [ { "Batch": 1, "Blind": "00d1dccf7a51bafaf75d4a866d53d8cafe4d504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364", - "BlindedElement": "03016480f33f005c8a8eb1003e48ebc22e082d0b86678f8460edf21cc1518a13bfc0001fa143d474b18214188d93a7b3124b1b385db4cd4e356ad24923ae55d70ce8a7", - "EvaluationElement": "03005fdb56bf49fcd073b1c4cfb42ceef5666c709785ae82d659e4d75c0f5591cbf812ca9ffd992ac67c1877b63978f417687a2a6c17697e858cf715843f9e4235566a", + "BlindedElement": "0300e78bf846b0e1e1a3c320e353d758583cd876df56100a3a1e62bacba470fa6e0991be1be80b721c50c5fd0c672ba764457acc18c6200704e9294fbf28859d916351", + "EvaluationElement": "030166371cf827cb2fb9b581f97907121a16e2dc5d8b10ce9f0ede7f7d76a0d047657735e8ad07bcda824907b3e5479bd72cdef6b839b967ba5c58b118b84d26f2ba07", "Input": "00", - "Output": "ddcaaceceec790f4858a09f3e06e74e8b0841681a3d45ab1393d094837943f782d9ed22ae716a642d4ee428ddf1dae9ff631047864b99a305412aceb7efafa32" + "Output": "26232de6fff83f812adadadb6cc05d7bbeee5dca043dbb16b03488abb9981d0a1ef4351fad52dbd7e759649af393348f7b9717566c19a6b8856284d69375c809" }, { "Batch": 1, "Blind": "00d1dccf7a51bafaf75d4a866d53d8cafe4d504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364", - "BlindedElement": "02000e860d3b8205e0cb4f289771c8e6189b47c60cbff24459e12a60317ac242e9cb36ab033a620cdee5628ecae4a81303e7464d52194d801756911fd7ddfa5430e69c", - "EvaluationElement": "0300e2663f17144682b25de378531abd6d065b770eec073a42494719f27748f75b4ab11aecb06bf8815bcc9eeb3ce54978605bd8a54c22a1dea62da1ae5f9f5e5e90f4", + "BlindedElement": "0300c28e57e74361d87e0c1874e5f7cc1cc796d61f9cad50427cf54655cdb455613368d42b27f94bf66f59f53c816db3e95e68e1b113443d66a99b3693bab88afb556b", + "EvaluationElement": "0301ad453607e12d0cc11a3359332a40c3a254eaa1afc64296528d55bed07ba322e72e22cf3bcb50570fd913cb54f7f09c17aff8787af75f6a7faf5640cbb2d9620a6e", "Input": "5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "287712c6dbed773f39925fec0ad686dfda4a679cc7e88fa60ba9d3a7d712a11d4a0445995391ba56cfb018922e0d4bb4b25ec0965a33170c9b00f45c361b0215" + "Output": "ad1f76ef939042175e007738906ac0336bbd1d51e287ebaa66901abdd324ea3ffa40bfc5a68e7939c2845e0fd37a5a6e76dadb9907c6cc8579629757fd4d04ba" } ] }, { - "groupDST": "48617368546f47726f75702d564f50524631302d010005", + "groupDST": "48617368546f47726f75702d4f50524656312d012d503532312d534841353132", "hash": "SHA512", + "identifier": "P521-SHA512", "keyInfo": "74657374206b6579", "mode": 1, - "pkSm": "0301322c63ad53e079791739169e011f362f4396a8e93fceeee9cd814d47180e75ffd717820fe9e9c763fa595340cd80989c31fbd0200572080752c73b80b75322f300", - "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", - "skSm": "00fb5507f94782c5b72acc16b9eb21064f86b4aa525b9865258d157b0431ab5c3515fc975fa19ddb28129c969992b31d8946c4e354bc49458bb25fae58f10ac3f678", - "suiteID": 5, - "suiteName": "OPRF(P-521, SHA-512)", + "pkSm": "0301505d646f6e4c9102451eb39730c4ba1c4087618641edbdba4a60896b07fd0c9414ce553cbf25b81dfcca50a8f6724ab7a2bc4d0cf736967a287bb6084cc0678ac0", + "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", + "skSm": "015c7fc1b4a0b1390925bae915bd9f3d72009d44d9241b962428aad5d13f22803311e7102632a39addc61ea440810222715c9d2f61f03ea424ec9ab1fe5e31cf9238", "vectors": [ { "Batch": 1, "Blind": "00d1dccf7a51bafaf75d4a866d53d8cafe4d504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364", - "BlindedElement": "02016dafe8eee47b591592705ce4d5231563b637e5a51b425b881f1cc576c53caae4ec59fd6e3a918d5c35e6db77cf3a5862b71a8b6c7eaded3ebdf0c6e14778c03a8c", - "EvaluationElement": "020124a0ee09ade261bbf67e1e3d296655c97e6c5c14c71a386e636d8f55d29f5f6dcec954ff28bfc7e6e63240a52bf278ae94b312be3d8bf85055d2a1dbab687905b0", + "BlindedElement": "0301d6e4fb545e043ddb6aee5d5ceeee1b44102615ab04430c27dd0f56988dedcb1df32ef384f160e0e76e718605f14f3f582f9357553d153b996795b4b3628a4f6380", + "EvaluationElement": "03013fdeaf887f3d3d283a79e696a54b66ff0edcb559265e204a958acf840e0930cc147e2a6835148d8199eebc26c03e9394c9762a1c991dde40bca0f8ca003eefb045", "Input": "00", - "Output": "16a9387153bf7fa2c733d42f299877324cfce3b39093e72067c3d59948bf745d77b2fe9180ffb442ec45b575eb4108d2b6f207cbfabd7bc540ad2a087cfabca2", + "Output": "5e003d9b2fb540b3d4bab5fedd154912246da1ee5e557afd8f56415faa1a0fadff6517da802ee254437e4f60907b4cda146e7ba19e249eef7be405549f62954b", "Proof": { - "proof": "00156561564a9128de6e2fb92d0ee065bb19192ff86549c37fab777f2d57a951ff94b3832162cf02ad73287a0f0906045878105d8ab54a7cc9a1a0039d0cb241ebd10197e5cef77e8fbe0414f86b86fe2e823e0d8dbdcf2ccac54d273e814da062ba941a27d1e7e28c44cdbdaffe392cc915bf8b9add15d51b68afd6e88a52d07ff8b3d1", + "proof": "0077fcc8ec6d059d7759b0a61f871e7c1dadc65333502e09a51994328f79e5bda3357b9a4f410a1760a3612c2f8f27cb7cb032951c047cc66da60da583df7b247edd0188e5eb99c71799af1d80d643af16ffa1545acd9e9233fbb370455b10eb257ea12a1667c1b4ee5b0ab7c93d50ae89602006960f083ca9adc4f6276c0ad60440393c", "r": "015e80ae32363b32cb76ad4b95a5a34e46bb803d955f0e073a04aa5d92b3fb739f56f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b1" } }, { "Batch": 1, "Blind": "00d1dccf7a51bafaf75d4a866d53d8cafe4d504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364", - "BlindedElement": "02008f585341e32244d67033ddcf4c1cc30f7661c4cfc177f0982c69bf9c90e1da02d86a26ece60b8c42b278a1dc85afcc9cbc6aedff15cc092af035100b915c2bb4df", - "EvaluationElement": "03006cfeb22e141859e6a2050a714bde8ab8109abb2b42bc8f18ace67121c1811c9e95e7cf8ffd4f13f8cee80fc3c69318b0eb30ecdf6e7d7e84faefa6f0b8299217fe", + "BlindedElement": "03005b05e656cb609ce5ff5faf063bb746d662d67bbd07c062638396f52f0392180cf2365cabb0ece8e19048961d35eeae5d5fa872328dce98df076ee154dd191c615e", + "EvaluationElement": "0301b19fcf482b1fff04754e282292ed736c5f0aa080d4f42663cd3a416c6596f03129e8e096d8671fe5b0d19838312c511d2ce08d431e43e3ef06199d8cab7426238d", "Input": "5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "0163635204be5347419796f3564b36d6e89c9170e4fcca5b6df79d3f676f641b2ae3ae1a64cc49f3d788e276abe14e3c38bb2f92fdba0b45ed122a6930e7d961", + "Output": "fa15eebba81ecf40954f7135cb76f69ef22c6bae394d1a4362f9b03066b54b6604d39f2e53369ca6762a3d9787e230e832aa85955af40ecb8deebb009a8cf474", "Proof": { - "proof": "01db7070ab756e8c2b12cb81c40daac6ef1d5137be3626a10ee867b0b736ae5ab05aadbc3ee3d1d0202b7687e1614765893cba67b307c67a8a4ce7b3eaf3ba64204901ce6f8dc9234d27373b1027982d7e3bb196d157403f50c2f1bf0fa701753ef63d7265c0b1016e662456d4bdea55b3d983350b2c2ce80e192897161a1b780046b952", + "proof": "01ec9fece444caa6a57032e8963df0e945286f88fbdf233fb5101f0924f7ea89c47023f5f72f240e61991fd33a299b5b38c45a5e2dd1a67b072e59dfe86708a359c701e38d383c60cf6969463bcf13251bedad47b7941f52e409a3591398e27924410b18a301c0e19f527cad504fa08388050ac634e1b05c5216d337742f2754e1fc502f", "r": "015e80ae32363b32cb76ad4b95a5a34e46bb803d955f0e073a04aa5d92b3fb739f56f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b1" } }, { "Batch": 2, "Blind": "00d1dccf7a51bafaf75d4a866d53d8cafe4d504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364,015e80ae32363b32cb76ad4b95a5a34e46bb803d955f0e073a04aa5d92b3fb739f56f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b1", - "BlindedElement": "02016dafe8eee47b591592705ce4d5231563b637e5a51b425b881f1cc576c53caae4ec59fd6e3a918d5c35e6db77cf3a5862b71a8b6c7eaded3ebdf0c6e14778c03a8c,03005467c05309dd2b9ef584dd33ae30e93ae5508f2ceda7149763b4b44fe797f7d0f4c7441298a0ed821ede9ebdc8c0215f96db57c64feb734a145f00d00f0f222db1", - "EvaluationElement": "020124a0ee09ade261bbf67e1e3d296655c97e6c5c14c71a386e636d8f55d29f5f6dcec954ff28bfc7e6e63240a52bf278ae94b312be3d8bf85055d2a1dbab687905b0,0300fdf99a9eb28097074daf75ba9fe16868690b16165f58f9c4fa266d5fffa5a87026a98ac3b0ca6dc7e42f49140a004c325646aec5ddc778db708748cc2f632ed937", + "BlindedElement": "0301d6e4fb545e043ddb6aee5d5ceeee1b44102615ab04430c27dd0f56988dedcb1df32ef384f160e0e76e718605f14f3f582f9357553d153b996795b4b3628a4f6380,0301403b597538b939b450c93586ba275f9711ba07e42364bac1d5769c6824a8b55be6f9a536df46d952b11ab2188363b3d6737635d9543d4dba14a6e19421b9245bf5", + "EvaluationElement": "03013fdeaf887f3d3d283a79e696a54b66ff0edcb559265e204a958acf840e0930cc147e2a6835148d8199eebc26c03e9394c9762a1c991dde40bca0f8ca003eefb045,03001f96424497e38c46c904978c2fa1636c5c3dd2e634a85d8a7265977c5dce1f02c7e6c118479f0751767b91a39cce6561998258591b5d7c1bb02445a9e08e4f3e8d", "Input": "00,5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "16a9387153bf7fa2c733d42f299877324cfce3b39093e72067c3d59948bf745d77b2fe9180ffb442ec45b575eb4108d2b6f207cbfabd7bc540ad2a087cfabca2,0163635204be5347419796f3564b36d6e89c9170e4fcca5b6df79d3f676f641b2ae3ae1a64cc49f3d788e276abe14e3c38bb2f92fdba0b45ed122a6930e7d961", + "Output": "5e003d9b2fb540b3d4bab5fedd154912246da1ee5e557afd8f56415faa1a0fadff6517da802ee254437e4f60907b4cda146e7ba19e249eef7be405549f62954b,fa15eebba81ecf40954f7135cb76f69ef22c6bae394d1a4362f9b03066b54b6604d39f2e53369ca6762a3d9787e230e832aa85955af40ecb8deebb009a8cf474", "Proof": { - "proof": "01935896f4c03ea5257d6471677f191ea7dfc777cc1e15f82e423cf1948c440ee56a1c5a8627aad8da8e507a7f382b45255e55a1f1afc99c6b14237ce7cf085540fa000fe413be351bd11ac910b1d4af34d2c97c7b7a53438340dd659272f3d8647035b13cd8072903b9a3adf8e89bfb1f77d732fa224f32674506e3e88e29ce182186e3", + "proof": "00b4d215c8405e57c7a4b53398caf55f1f1623aaeb22408ddb9ea29130909b3f95dbb1ff366e81e86e918f9f2fd8b80dbb344cd498c9499d112905e585417e0068c600fe5dea18b389ef6c4cc062935607b8ccbbb9a84fba3143868a3e8a58efa0bf6ca642804d09dc06e980f64837811227c4267b217f1099a4e28b0854f4e5ee659796", "r": "01ec21c7bb69b0734cb48dfd68433dd93b0fa097e722ed2427de86966910acba9f5c350e8040f828bf6ceca27405420cdf3d63cb3aef005f40ba51943c8026877963" } } ] }, { - "groupDST": "48617368546f47726f75702d564f50524631302d020005", + "groupDST": "48617368546f47726f75702d4f50524656312d022d503532312d534841353132", "hash": "SHA512", + "identifier": "P521-SHA512", "keyInfo": "74657374206b6579", "mode": 2, - "pkSm": "0301264d23f5d1d615f9747d2a7177a419dabde6ca0f5a047979dbe9bce337241b7d2959025476f354c4f57017363d667b83b691fad8c172959963e6000de9533f187a", - "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", - "skSm": "01e0993daeb97f8fc8176089e4e6adb4c03dc9b18daf7e976ed7fa6f3cb89c40c6a84156f20371ef23bfe6e049423244d7d746c79ad380ac7fe285aba162419e9012", - "suiteID": 5, - "suiteName": "OPRF(P-521, SHA-512)", + "pkSm": "0301de8ceb9ffe9237b1bba87c320ea0bebcfc3447fe6f278065c6c69886d692d1126b79b6844f829940ace9b52a5e26882cf7cbc9e57503d4cca3cd834584729f812a", + "seed": "a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3", + "skSm": "014893130030ce69cf714f536498a02ff6b396888f9bb507985c32928c4427d6d39de10ef509aca4240e8569e3a88debc0d392e3361bcd934cb9bdd59e339dff7b27", "vectors": [ { "Batch": 1, "Blind": "00d1dccf7a51bafaf75d4a866d53d8cafe4d504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364", - "BlindedElement": "0200e36b187060fef4f4cfef21cdb4ef8b5793a1bf44da95229062303688d4cf6a50c16b7c943c79d91357223b56866351a17a9c7f49730fd28add9301d399c0cf206c", - "EvaluationElement": "03014e216c05cf1d108829946891cc44693b0a411851a03fc439130054d920eb8ad596a4dfa5314f68d298a094777855aa55c98480575a3816cfac52f838693e0e7fe5", + "BlindedElement": "020095cff9d7ecf65bdfee4ea92d6e748d60b02de34ad98094f82e25d33a8bf50138ccc2cc633556f1a97d7ea9438cbb394df612f041c485a515849d5ebb2238f2f0e2", + "EvaluationElement": "0301408e9c5be3ffcc1c16e5ae8f8aa68446223b0804b11962e856af5a6d1c65ebbb5db7278c21db4e8cc06d89a35b6804fb1738a295b691638af77aa1327253f26d01", "Info": "7465737420696e666f", "Input": "00", - "Output": "3be90ca19fbe2fc250de62792c7cf4b6b5555c8655fce1694fc7563d5d4c5001efd1e91fbbaea31d75e33dbdefe57420c395f1ac805cc0095c4d81a0beddcb01", + "Output": "808ae5b87662eaaf0b39151dd85991b94c96ef214cb14a68bf5c143954882d330da8953a80eea20788e552bc8bbbfff3100e89f9d6e341197b122c46a208733b", "Proof": { - "proof": "00c5a46ff1e7d8cd2711daf8ec8752451c4c7ed815f3e8d51db64f1eed83a7cc33f0f99ce067676c478bd616a9ef6377994e4bd69051424a576a4e26f0ec7ed81fd000b7ae1eaee9e5b6991afdbb2c9c29a04e2ab3a2066df89308410a59267a60a22a47666de009646c78e9094c9f4de177a620e97f63e35ada0c8b438b4605248c9087", + "proof": "0106a89a61eee9dd2417d2849a8e2167bc5f56e3aed5a3ff23e22511fa1b37a29ed44d1bbfd6907d99cfbc558a56aec709282415a864a281e49dc53792a4a638a0660034306d64be12a94dcea5a6d664cf76681911c8b9a84d49bf12d4893307ec14436bd05f791f82446c0de4be6c582d373627b51886f76c4788256e3da7ec8fa18a86", "r": "015e80ae32363b32cb76ad4b95a5a34e46bb803d955f0e073a04aa5d92b3fb739f56f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b1" } }, { "Batch": 1, "Blind": "00d1dccf7a51bafaf75d4a866d53d8cafe4d504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364", - "BlindedElement": "0300357933cc17cdcce862b794a4161d8eb10d23009695639e3fdc8dffc235e19e92e0a3d3c7c6249dd9dcd02da0a8f061d89b6809d3292951ee0e9ead21a62d1335fe", - "EvaluationElement": "0300a5132ae9c429dd33b25c051f45451c6e54e154d698c3f3d8820bd9607e7a65762911c647b3460be166f37ba443bf000b23552298f14e0555b3f0ddf0e900e1d38c", + "BlindedElement": "030112ea89cf9cf589496189eafc5f9eb13c9f9e170d6ecde7c5b940541cb1a9c5cfeec908b67efe16b81ca00d0ce216e34b3d5f46a658d3fd8573d671bdb6515ed508", + "EvaluationElement": "0200ebc49df1e6fa61f412e6c391e6f074400ecdd2f56c4a8c03fe0f91d9b551f40d4b5258fd891952e8c9b28003bcfa365122e54a5714c8949d5d202767b31b4bf1f6", "Info": "7465737420696e666f", "Input": "5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "1d90446522e3c131e90be2e4f372959ae5ab4f25ca98e83e5e62d6336c48b5ec22fc6083d2b050cad2bbc22ae7115c2b934d965ffe74aaa43c905cd2af76728d", + "Output": "27032e24b1a52a82ab7f4646f3c5df0f070f499db98b9c5df33972bd5af5762c3638afae7912a6c1acdb1ae2ab2fa670bd5486c645a0e55412e08d33a4a0d6e3", "Proof": { - "proof": "0004f0791cbe6ac6f4074834e172beedea19ecd3a2c504a71fd870b42314d3b072633a8265c774668274dcbcaebf1726768fab4edec69a33a7d37095ebef3e1bb44900f0a175b56ceeae8a87bc5553405e0b030ebcf8303befc5890c8afa1e61fd4166480ff428eae4193f12bbf1fc31d5d7196ce8692e37bc9a63cdf4c9fafe10a2dc9a", + "proof": "0082162c71a7765005cae202d4bd14b84dae63c29067e886b82506992bd994a1c3aac0c1c5309222fe1af8287b6443ed6df5c2e0b0991faddd3564c73c7597aecd9a003b1f1e3c65f28e58ab4e767cfb4adbcaf512441645f4c2aed8bf67d132d966006d35fa71a34145414bf3572c1de1a46c266a344dd9e22e7fb1e90ffba1caf556d9", "r": "015e80ae32363b32cb76ad4b95a5a34e46bb803d955f0e073a04aa5d92b3fb739f56f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b1" } }, { "Batch": 2, "Blind": "00d1dccf7a51bafaf75d4a866d53d8cafe4d504650f53df8f16f6861633388936ea23338fa65ec36e0290022b48eb562889d89dbfa691d1cde91517fa222ed7ad364,015e80ae32363b32cb76ad4b95a5a34e46bb803d955f0e073a04aa5d92b3fb739f56f9db001266677f62c095021db018cd8cbb55941d4073698ce45c405d1348b7b1", - "BlindedElement": "0200e36b187060fef4f4cfef21cdb4ef8b5793a1bf44da95229062303688d4cf6a50c16b7c943c79d91357223b56866351a17a9c7f49730fd28add9301d399c0cf206c,03007530916e8ec76199429667a82ca4df65b913d8b1fb157319e73706f118b4f46047c01b7da024bdf5a06f2f4e879b1a1cd3fcb1ca2c37ce158cc8625e76b3bb1cc4", - "EvaluationElement": "03014e216c05cf1d108829946891cc44693b0a411851a03fc439130054d920eb8ad596a4dfa5314f68d298a094777855aa55c98480575a3816cfac52f838693e0e7fe5,0200005cf5e719b3066dcf0fbd6228bc921cebccc49feb1acbe9d9c4c88f4169e1d0d5408f92ad9f599c2f5f6d7d4c6e575e86f64c4eead2bb9b3e8e04d141a90b7382", + "BlindedElement": "020095cff9d7ecf65bdfee4ea92d6e748d60b02de34ad98094f82e25d33a8bf50138ccc2cc633556f1a97d7ea9438cbb394df612f041c485a515849d5ebb2238f2f0e2,0201a328cf9f3fdeb86b6db242dd4cbb436b3a488b70b72d2fbbd1e5f50d7b0878b157d6f278c6a95c488f3ad52d6898a421658a82fe7ceb000b01aedea7967522d525", + "EvaluationElement": "0301408e9c5be3ffcc1c16e5ae8f8aa68446223b0804b11962e856af5a6d1c65ebbb5db7278c21db4e8cc06d89a35b6804fb1738a295b691638af77aa1327253f26d01,020062ab51ac3aa829e0f5b7ae50688bcf5f63a18a83a6e0da538666b8d50c7ea2b4ef31f4ac669302318dbebe46660acdda695da30c22cee7ca21f6984a720504502e", "Info": "7465737420696e666f", "Input": "00,5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a5a", - "Output": "3be90ca19fbe2fc250de62792c7cf4b6b5555c8655fce1694fc7563d5d4c5001efd1e91fbbaea31d75e33dbdefe57420c395f1ac805cc0095c4d81a0beddcb01,1d90446522e3c131e90be2e4f372959ae5ab4f25ca98e83e5e62d6336c48b5ec22fc6083d2b050cad2bbc22ae7115c2b934d965ffe74aaa43c905cd2af76728d", + "Output": "808ae5b87662eaaf0b39151dd85991b94c96ef214cb14a68bf5c143954882d330da8953a80eea20788e552bc8bbbfff3100e89f9d6e341197b122c46a208733b,27032e24b1a52a82ab7f4646f3c5df0f070f499db98b9c5df33972bd5af5762c3638afae7912a6c1acdb1ae2ab2fa670bd5486c645a0e55412e08d33a4a0d6e3", "Proof": { - "proof": "00d846f4a2a7722fe6a24e7257e43d88c3e01977282fba352c08fd38b69bf1df64f90660b03b73abba50cb389af3d602da66411401d3c9f87bcb6363d6406e0acad3018a44bcda83524d4a48f0ed96ebca96d7626b634ba28fcba0c21956fc90c516859df8ba6edeb7a44daeeec51c3a56b79c1f9e211e9974e5f293ade221523953d12f", + "proof": "00731738844f739bca0cca9d1c8bea204bed4fd00285785738b985763741de5cdfa275152d52b6a2fdf7792ef3779f39ba34581e56d62f78ecad5b7f8083f384961501cd4b43713253c022692669cf076b1d382ecd8293c1de69ea569737f37a24772ab73517983c1e3db5818754ba1f008076267b8058b6481949ae346cdc17a8455fe2", "r": "01ec21c7bb69b0734cb48dfd68433dd93b0fa097e722ed2427de86966910acba9f5c350e8040f828bf6ceca27405420cdf3d63cb3aef005f40ba51943c8026877963" } }