coleleavitt/opaque-lattice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(oprf): add production-grade Silent VOLE authentication protocol

Browse Source 
Implements complete registration + login flow:
- Registration: Client/Server exchange PCG seeds (once)
- Login: Single-round (pcg_index + masked_input → evaluation)

New types:
- VoleRegistrationRequest/Response - PCG seed exchange
- VoleUserRecord - Server's stored user data
- VoleClientCredential - Client's stored credential
- VoleLoginRequest/Response - Single-round login messages

Key properties:
- Single-round online phase after registration
- Perfect privacy (server cannot fingerprint users)
- ~4KB round-trip (vs ~8KB for Ring-LPR)
- Deterministic OPRF output (LWR guaranteed)
- Wrong password correctly rejected

All 211 tests passing.
This commit is contained in:
Cole Leavitt
2026-01-07 13:04:14 -07:00
parent d8b4ed9c2d
commit 9c4a3a30b6
2 changed files with 461 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/oprf/mod.rs
View File

@@ -41,7 +41,10 @@ pub use leap_oprf::{
};
pub use vole_oprf::{
PcgSeed, VoleClientMessage, VoleClientState, VoleCorrelation, VoleOprfOutput, VoleRingElement,
VoleServerKey, VoleServerResponse, evaluate_vole_oprf, vole_client_blind, vole_client_finalize,
vole_server_evaluate, vole_setup,
PcgSeed, VoleClientCredential, VoleClientMessage, VoleClientState, VoleCorrelation,
VoleLoginRequest, VoleLoginResponse, VoleOprfOutput, VoleRegistrationRequest,
VoleRegistrationResponse, VoleRingElement, VoleServerKey, VoleServerResponse, VoleUserRecord,
evaluate_vole_oprf, vole_client_blind, vole_client_finalize, vole_client_finish_registration,
vole_client_login, vole_client_start_registration, vole_client_verify_login,
vole_server_evaluate, vole_server_login, vole_server_register, vole_setup,
};