Can We Generate a Secret Based on Bob and Alice’s Secret — And Prove It?
It has been a tough time for Bob and Alice. The demands of cybersecurity has meant that they just don’t trust anyone or anything anymore — even their must trusted of acquaintances: Trent. So, how can Bob have a secret, and Alice has a secret, and where they can pass these in a secure way, but for the other side to not know what their secret is, and for them both to end up with a shared secret?
Let’s say Bob has a password, and Alice has an identifier on Bob. Neither want to reveal their secret to the other, but both want proof that their secrets have been used to compute a shared secret. Well, with Verifiable Oblivious Pseudorandom Functions (VOPRF), we can generate a random secret based on a key generated on the server (Alice), and which is based on Bob’s secret:
Initially, Bob generates his secret (x), and the blinds it. This blind value is then sent to Alice, and who then uses her private key (k) to produce proof values to go back to Bob (r). Bob then finalises the PRF, by taking his secret value, and the proof. Overall, Alice does not learn anything about Bob’s secret, and Bob does not learn about Alice’s key.
