Oblivious pseudo-random function (OPRF) service for obtaining a persistent mask and applying that mask to private data.
Project description
Easy-to-deploy oblivious pseudo-random function (OPRF) service that allows other parties (typically participants in some secure multi-party computation protocol) to obtain a persistent mask which they cannot decrypt but which they can safely apply (via requests to the service) to private data values of their choice.
Purpose
This library makes it possible to deploy a service that allows other parties to request an encrypted mask (which they cannot decrypt themselves but the service can decrypt) for an oblivious pseudo-random function (OPRF) protocol. Those other parties can then ask the service to apply the mask to their own private, encrypted data values (which the service cannot decrypt). Thanks to the underlying oblivious library, users of this library have the option of relying either on pure Python implementations of cryptographic primitives or on wrappers for libsodium.
Package Installation and Usage
The package is available on PyPI:
python -m pip install oprfs
The library can be imported in the usual ways:
import oprfs from oprfs import *
Deployment Example: HTTP Server and Client
Below is in illustration of how an instance of the OPRF service might be deployed using Flask:
import oprfs
import flask
app = flask.Flask(__name__)
# Normally, a persistent key should be retrieved from secure storage.
# Here, a new key is created each time so older masks cannot be reused
# once the service is restarted.
key = oprfs.key()
@app.route('/', methods=['POST'])
def endpoint():
# Call the handler with the key and request, then return the response.
return flask.jsonify(oprfs.handler(key, flask.request.get_json()))
app.run()
Once an instance of the above service is running, a client might interact with it as illustrated in the example below. Note the use of the distinct oprf library to represent a data instance (which is itself a wrapper for an Ed25519 group element as represented by an instance of the point class in the oblivious library):
import json
import requests
import oprf
# Request an encrypted mask.
response = requests.post('http://localhost:5000', json={})
mask_encrypted = json.loads(response.text)['mask'][0]
# Mask some data.
data = oprf.data.hash('abc').to_base64()
response = requests.post(
'http://localhost:5000',
json={'mask': [mask_encrypted], 'data': [data]}
)
data_masked = oprf.data.from_base64(json.loads(response.text)['data'][0])
Testing and Conventions
All unit tests are executed and their coverage is measured when using nose (see setup.cfg for configution details):
nosetests
Alternatively, all unit tests are included in the module itself and can be executed using doctest:
python oprfs/oprfs.py -v
Style conventions are enforced using Pylint:
pylint oprfs
Contributions
In order to contribute to the source code, open an issue or submit a pull request on the GitHub page for this library.
Versioning
The version number format for this library and the changes to the library associated with version number increments conform with Semantic Versioning 2.0.0.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
