Inferensys

Glossary

Oblivious Pseudorandom Function (OPRF)

An Oblivious Pseudorandom Function (OPRF) is a cryptographic protocol where a client evaluates a pseudorandom function keyed by a server on the client's private input, such that the server remains oblivious to the input and the client learns nothing about the server's secret key.
Stylish WeWork-like workspace with hot desks and document wall, professional searching through enterprise knowledge base on a mounted ultrawide display, warm industrial pendants overhead.
CRYPTOGRAPHIC PRIMITIVE

What is Oblivious Pseudorandom Function (OPRF)?

An Oblivious Pseudorandom Function (OPRF) is a two-party protocol where a client learns the output of a pseudorandom function keyed by a server on the client's input, without the server learning the input or the client learning the server's key.

An Oblivious Pseudorandom Function (OPRF) is a cryptographic protocol between a client holding an input x and a server holding a secret key k. The client learns the deterministic output F(k, x) without discovering k, while the server remains oblivious to x. This asymmetry provides a fundamental building block for privacy-preserving applications where a party needs a secret-derived value without exposing the query itself.

OPRFs are foundational to modern Private Set Intersection (PSI) protocols, enabling efficient contact discovery and private record linkage. They are typically constructed from Oblivious Transfer (OT) primitives or Diffie-Hellman-style assumptions. The security guarantee ensures the server cannot distinguish between client inputs, making OPRFs essential for password-authenticated key exchange and anonymous token systems.

CRYPTOGRAPHIC PRIMITIVES

Key Properties of OPRFs

Oblivious Pseudorandom Functions (OPRFs) are a foundational building block for privacy-preserving protocols. They enable a client to receive a deterministic, pseudorandom output based on its private input and a server's secret key, without either party learning the other's secret.

01

Client-Side Input Privacy

The core guarantee of an OPRF is that the server learns nothing about the client's input value x. The protocol execution reveals zero information about x beyond what could be inferred from the output itself. This is achieved through blinding techniques where the client masks its input before sending it to the server.

  • The client's input is hidden information-theoretically or computationally.
  • This property is critical for Contact Discovery and Private Set Intersection (PSI) , where the client's query must remain confidential.
  • Even a malicious server cannot extract the raw input from the protocol transcript.
02

Server-Side Key Secrecy

The server's secret key k is the critical private parameter that defines the pseudorandom function. The OPRF protocol ensures the client learns nothing about k beyond what is trivially learnable from the output F(k, x).

  • The client cannot compute F(k, x') for any x' ≠ x without engaging in a new protocol execution.
  • This prevents the client from evaluating the PRF on arbitrary inputs, which is essential for rate-limiting and security in protocols like OPAQUE (asymmetric password-authenticated key exchange).
  • The key remains confidential even against a malicious client mounting an active attack.
03

Deterministic Output Consistency

For a fixed server key k and client input x, the OPRF output y = F(k, x) is always the same. This determinism is what makes OPRFs useful as building blocks for private set intersection.

  • If two clients query the same input x, they receive identical outputs.
  • This allows a server to compare encrypted sets without seeing the raw elements.
  • The output is pseudorandom, meaning it is computationally indistinguishable from a truly random string to anyone who does not know k or x.
04

Verifiability (VOPRF)

A standard OPRF does not prevent a malicious server from using a different key for each query, breaking output consistency. A Verifiable OPRF (VOPRF) extends the protocol with a zero-knowledge proof that binds the server to a single, committed key.

  • The server publishes a public key pk corresponding to its secret key k.
  • During the protocol, the server provides a proof that the evaluation was performed correctly using the committed key.
  • This is essential for Privacy Pass and anonymous token redemption systems where unlinkability must be guaranteed.
05

Partially Oblivious Variant

A Partially Oblivious PRF (POPRF) allows the server to bind a public, non-secret metadata string t to the evaluation. The client learns F(k, x, t), but the server still learns nothing about x.

  • The metadata t can encode an expiration date, a rate-limiting epoch, or a context tag.
  • This prevents a client from using an output from one context in another.
  • POPRFs are a key component in the OPAQUE protocol for password-authenticated key exchange, where t binds the evaluation to a specific user session.
06

Threshold OPRF for Distributed Trust

A Threshold OPRF (TOPRF) distributes the server's secret key k across multiple independent servers using secret sharing. The client must interact with a threshold number of servers to reconstruct the final output.

  • No single server ever holds the full key, eliminating a single point of compromise.
  • The client's input x remains hidden from all servers as long as fewer than the threshold collude.
  • This architecture is used in production password managers and privacy-preserving authentication systems to ensure that a breach of any single server does not expose user secrets.
OPRF EXPLAINED

Frequently Asked Questions

Clear, technical answers to the most common questions about Oblivious Pseudorandom Functions and their role in modern cryptography.

An Oblivious Pseudorandom Function (OPRF) is a two-party cryptographic protocol where a client learns the output of a pseudorandom function (PRF) keyed by a server on the client's private input, without the server learning the input and without the client learning the server's secret key. In essence, the client receives F(key, x) for its input x, while the server learns nothing about x, and the client learns nothing about key beyond what is revealed by the single output. This primitive is a fundamental building block for private set intersection (PSI), password-authenticated key exchange, and privacy-preserving contact discovery. The term 'oblivious' refers to the server's obliviousness to the client's input, a property achieved through cryptographic techniques such as oblivious transfer (OT) or Diffie-Hellman key exchange variants.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.