Cole Leavitt
c034eb5be8
Combines NTRU-LWR-OPRF with Kyber key exchange to achieve: - Correctness: Same password always produces same OPRF output - Protocol-level unlinkability: Fresh ephemeral keys per session - Post-quantum security: NTRU Prime (OPRF) + ML-KEM-768 (key exchange) The OPRF itself is deterministic/linkable, but the encrypted channel hides OPRF queries from the server, preventing session correlation. Protocol flow: 1. Client/Server exchange Kyber ephemeral keys 2. Encrypted channel established 3. OPRF query/response sent over encrypted channel 4. Server sees different ciphertexts each session Tests verify: - Correctness: same password -> same output across sessions - Unlinkability: encrypted requests differ between sessions - Different passwords -> different outputs