enhancement request: implement KDF (SDHI and/or Naor-Reingold)

[udf2457]

By way of backround, this request is based on my reading about Meta Anonymous Credential Service which they recently open-sourced (unfortunately in C !) https://github.com/facebookresearch/acs.

Anyways ... TL;DR, the curious beast in me thought I might have a go at re-implementing it in Go so I can play around with it.

Obviously Go stdlib doesn't provide many of the necessary building crypto building blocks, but circl does:

• VOPRF ✅
• DLEQ ✅
• Ed25519 ✅

But unfortunately .....

"attribute-based key derivation function" ❌

Meta say in their blog post:

We recommend Strong Diffie–Hellman Inversion (SDHI) or Naor-Reingold for better key transparency.

Hence this request 😉
( espcially as my github searches seem to show nobody else has a Go implementation of either of those KDFs either)

Perhaps see also comments in the header files re: SDHI and Naor-Reingold:
kdf/kdf_sdhi.h
kdf/kdf_naor_reingold.h

[armfazh]

Implementing either algorithm can benefit from using CIRCL's group interface, as they only require conventional elliptic curve arithmetic.

We would like to hear other use cases. I leave this ticket open in case anyone wants to contribute with the implementation.