On 11/11/2017 05:52 PM, Trevor Perrin wrote:
The underlying crypto looks to me like a "blinded" VRF ("blinded" in the sense of "blind signatures", since VRFs can be viewed as a type of signature). It's being called a "verifiable oblivious PRF", perhaps because it was arrived at by adding the "verifiable" property to an "oblivious PRF" rather than vice versa?
FWIW it reminded me of Mathias Hall-Andersen's implementation [1] of a scheme [2] by Masayuki ABE and Tatsuaki OKAMOTO that proposes a "partially blinded" ECC scheme, something like "blind signatures with additional data"
I found it interesting. [1] https://medium.com/@alxdavids/privacy-pass-6f0acf075288 [2] https://www.iacr.org/archive/crypto2000/18800272/18800272.pdf _______________________________________________ Curves mailing list Curves@moderncrypto.org https://moderncrypto.org/mailman/listinfo/curves