-
Notifications
You must be signed in to change notification settings - Fork 6
Configuration
OPAQUE-3DH is currently parameterized with a tuple (OPRF, KDF, MAC, Hash, KSF, Group)
A shorter representation could be (OPRF, Hash, MHF, KSF), given that some parameters are the same.
| Prime-order Groups | Hashing | Key-Stretching Functions | Envelope Mode |
|---|---|---|---|
|
|
|
|
|
designates an OPRF ciphersuite (a group + hashing to curve algorithm) used in the base mode. Default is Ristretto255-SHA512.
identifies the prime-order group to be used for the 3DH-AKE. It's usually the same as the one in the OPRF ciphersuite. Default is Ristretto255.
KDF, MAC, and Hash
are hash function identifiers. These are defined separately for finer tunability, but they are usually all the same. Defaults are HKDF for KDF, and HMAC for MAC, and all three over SHA-512.
The key-stretching function that will be executed on the client. Default is Scrypt(32768,8,1).
Applications should use only one set of parameters throughout the application lifecycle, but the EnvelopeMode must absolutely stay the same, or the client enumeration protection may get compromised.
The best way is still to use the default configuration, which is optimal in terms of performance and offers a great security level.
import "github.com/bytemare/opaque"
conf := opaque.DefaultConfiguration()Or you can brew your own configuration like the following:
import (
"github.com/bytemare/cryptotools/group/ciphersuite"
"github.com/bytemare/cryptotools/hash"
"github.com/bytemare/cryptotools/mhf"
"github.com/bytemare/opaque"
)
conf := &opaque.Configuration{
OprfCiphersuite: opaque.P256Sha256,
KDF: hash.SHA512,
MAC: hash.SHA512,
Hash: hash.SHA512,
MHF: mhf.Scrypt,
AKEGroup: ciphersuite.P256Sha256,
NonceLen: 32,
}