Fantastic OPRFs and where to find them
08-17, 14:00–14:45 (Europe/Berlin), Milliways
Language: English

An Oblivious Pseudo-Random Function (OPRF) is versatile cryptographic primitive which is the basis for a wide range of protocols and tools. They enable one to outsource randomness computations to another party without having to trust them or make any compromises in confidentiality of the inputs. The most common benefit of using an OPRF, is that it adds strong privacy guarantees to protocols. A well-placed OPRF can also provide confidentiality without needing a PKI infrastructure. In some cases an OPRF can provide strong security guarantees that traditional systems cannot provide. OPRFs are truly one of the most exciting and underappreciated cryptographic building blocks of the last decade.

In this talk I am will explain how OPRFs work, properties can achieve, and how OPRFs are used in various protocols. I am going to show some examples of existing free software tools which use or provide OPRFs and how these tools compare to alternative solutions.

The talk is structured in two parts, a theoretic part which explains various types of OPRFs, their properties and where and how these are beneficial. And in the second part I will show concrete free software implementations: liboprf, libopaque, sphinx (a password storage that could be run by the NSA) and klutshnik, a threshold key management system, all authored by Yours Truly. I will also touch briefly on standardisation efforts of OPAQUE and OPRF by the IRTF CFRG, to which I contribute.

Other examples I will bring will include private set intersection (used for contact discovery or haveibeenpwned-style privacy- respecting compromised account checks), private information retrieval, single-sign-on with privacy, deduplication and secure pattern matching.

Content Notes

cryptography, privacy, mathematics, latex formulas, theory

See also: Slides of the talk (1.4 MB)

Stefan works for RadicallyOpenSecurity as a pentester and code-auditor for 7 years, there he mainly focuses on cryptographic issues, C/C++, Python, embedded systems.

In his spare time he develops free software and sometimes even free hardware, he maintains the most comprehensive free database on the European Parliament, and he tries to break more crypto stuff. Two years ago he reverse-engineered, proved the existence and catastrophically broke an NSA crypto backdoor. Currently he is quietly working on reverse-engineering and breaking another NSA backdoor. Sometimes he does pro-bono audits, like for the attribute-based credential system IRMA by the

He is very much dedicated to digital policy, like copyright, privacy and all the other related topics, the culmination of his activities in Brussels is his database available at, which has helped the advocacy of such groups as EDRi, Corporate Europe Observatory, Transparency International.

Stefan initiated the founding of the hackerspace in Budapest, Hungary, he likes to think he also had some influence on the founding of the Bratislava and Prague hackerspaces, but that might be disputed. He is also one of the initial organisers of Camp++ a small hackercamp in Hungary, which was started after a alcohol-heated argument with one of the orga of the dutch OHM camp in 2013, and has been successfully organized 11 times so far.

Decades ago, when he was young and totally irresponsible, he worked for Siemens, doing reverse engineering, c++ development, security engineering, and innovation managment.