Add thresholdized OPRF/VOPRF

[udf2457]

As I understand it the present circl implementations of (V)OPRF are non-thresholdized.

Would it be possible to add a thresholdized implementation, e.g https://eprint.iacr.org/2018/733.pdf, https://eprint.iacr.org/2019/1275.pdf or similar ?

[armfazh]

There was some motivation as per recent NIST project on MPC/Threshold cryptography.

See Talk 3c3 at https://csrc.nist.gov/Events/2023/mpts2023

@udf2457 , could you comment more about your use case.

[udf2457]

@armfazh implementing a form of distributed/resilient KMS would be my primary use-case. At a minimum this needs a threshold OPRF, ideally with a DKG implementation being a nice addition on top.

Prior art in that area appears to be PROTECT (https://github.com/jasonkresch/protect) but (in no particular order):

• It has not been maintained for a few years
• It is a complex implementation with many moving parts (https://github.com/jasonkresch/protect#system-architecture)
• It is not written in Go

I would prefer to have access to a solid implemenation of the necessary high-level crypto, and then many of the moving parts in PROTECT can be farmed out to well-established external tools.

For example stuff like the "Byzantine Fault Tolerant atomic broadcast primitive" in PROTECT could (should ?) be farmed out externally, e.g. there are many distributed queue servers which could be used (e.g. NATS, RabbitMQ, AWS SQS etc. etc. etc.).

Similarly I'm sure it could be possible to deploy a concept much simpler than PROTECT for simpler environments that don't need all the bells and whistles.

As presently implemented, PROTECT basically wants to take care of the whole stack for you. Which has the side effect of ending up with a large and tough to maintain and tough to audit code base.