# Oblivious Pseudo Random Function

An oblivious pseudo random function (OPRF) is a two-party protocol between sender S and receiver R for securely computing `F(x)`

of a pseudorandom function `F`

in such a way that the receiver R learns the value of `F(x)`

without the sender S learning anything from the interaction (`x`

nor `F(x)`

).

One way to construct an OPRF is to rely on two interesting mathematical observations as we did before.

That is:

`(g ^ a) ^ b`

=`(g ^ b) ^ a`

- given
`g`

[1] and`g ^ a`

[2], it is really hard to compute`a`

[3].

[1] special kinds of g, [2] a is a natural number and [3] this is known as the discrete logarithm problem

The protocol works in the following order:

- The
`Receiver`

starts by selecting an input`x`

= . - The
`Receiver`

computes a random number`r`

=`.`

- The
`Receiver`

computes a hash of the input value`H(x)`

=`,`

- computes
`a`

=`H(x) ^ r`

=`^`

`=`

- and sends it to the
`Sender`

- The
`Sender`

selects its secret key`k`

= - computes
`b`

=`a ^ k`

=`and`

- sends it to the
`Receiver`

- The
`Receiver`

computes the final result with`b ^ (1/r)`

=`^(1 /`

`) =`

This is guaranteed to compute `H(x) ^ k`

because:

` = `

`b ^ (1/r)`

= `(a ^ k) ^ (1 / r)`

= `(((H(x) ^ r) ^ k) ^ (1/r))`

= `(((H(x) ^ k) ^ r) ^ (1/r))`

= `H(x) ^ k`

= `.`

There is a rounding number error here calculating 1/r.

The hashing function is kept deliberately small for readability, so there are collisions.