OPRF Applications to Key Management

[4meta5]

https://eprint.iacr.org/2018/733.pdf

An Oblivious PRF (OPRF) is a protocol between a server holding a key to a PRF and a user holding an input. At the end of the interaction, the user learns the output of the OPRF on its input and nothing else. The server learns nothing, including nothing about the user’s input or the function’s output...

We apply these schemes to build Oblivious Key Management Systems (KMS) as a much more secure alternative to traditional wrapping-based KMS. The new system hides keys and object identifiers from the KMS,offers unconditional security for key transport, enables forward security,provides key verifiability, reduces storage, and more...

we extend the scheme to a threshold Oblivious KMS with updatable encryption so that upon the periodic change of OPRF keys by the server, an efficient update procedure allows a client of the KMS service to non-interactively update all its encrypted data to be decryptable only by the new key.

[4meta5]

TOPPS

To address the threat of offline dictionary attacks on the server, Mackenzie et al. [26] introduced (t,n)-Threshold PAKE (T-PAKE),which replaces a single authentication server with a group of n servers and leaks no information on passwords even if up to t servers are corrupted. Bagherzandi etal. [4] proposed a related notion of Password-Protected Secret Sharing (PPSS)which simplifies the notion of T-PAKE by reducing the goal of key exchange between user and servers to that of the user retrieving a single secret previously shared with the servers.

This paper adds a threshold for reconstructing a single secret from t + 1 shares split among n servers.

[4meta5]

https://github.com/hdevalence/cpace

[4meta5]

This feels somehow related to (2) in https://github.com/web3garden/sunshine-grants/issues/7 but PAKE might be overkill.

I'm still a bit confused about the difference between PAKE and the use of shared symmetric key primitives to encrypt information. There is overlap it seems...