An Oblivious Pseudorandom Function (OPRF) is a cryptographic protocol between a client holding an input x and a server holding a secret key k. The client learns the deterministic output F(k, x) without discovering k, while the server remains oblivious to x. This asymmetry provides a fundamental building block for privacy-preserving applications where a party needs a secret-derived value without exposing the query itself.
Glossary
Oblivious Pseudorandom Function (OPRF)

What is Oblivious Pseudorandom Function (OPRF)?
An Oblivious Pseudorandom Function (OPRF) is a two-party protocol where a client learns the output of a pseudorandom function keyed by a server on the client's input, without the server learning the input or the client learning the server's key.
OPRFs are foundational to modern Private Set Intersection (PSI) protocols, enabling efficient contact discovery and private record linkage. They are typically constructed from Oblivious Transfer (OT) primitives or Diffie-Hellman-style assumptions. The security guarantee ensures the server cannot distinguish between client inputs, making OPRFs essential for password-authenticated key exchange and anonymous token systems.
Key Properties of OPRFs
Oblivious Pseudorandom Functions (OPRFs) are a foundational building block for privacy-preserving protocols. They enable a client to receive a deterministic, pseudorandom output based on its private input and a server's secret key, without either party learning the other's secret.
Client-Side Input Privacy
The core guarantee of an OPRF is that the server learns nothing about the client's input value x. The protocol execution reveals zero information about x beyond what could be inferred from the output itself. This is achieved through blinding techniques where the client masks its input before sending it to the server.
- The client's input is hidden information-theoretically or computationally.
- This property is critical for Contact Discovery and Private Set Intersection (PSI) , where the client's query must remain confidential.
- Even a malicious server cannot extract the raw input from the protocol transcript.
Server-Side Key Secrecy
The server's secret key k is the critical private parameter that defines the pseudorandom function. The OPRF protocol ensures the client learns nothing about k beyond what is trivially learnable from the output F(k, x).
- The client cannot compute
F(k, x')for anyx' ≠ xwithout engaging in a new protocol execution. - This prevents the client from evaluating the PRF on arbitrary inputs, which is essential for rate-limiting and security in protocols like OPAQUE (asymmetric password-authenticated key exchange).
- The key remains confidential even against a malicious client mounting an active attack.
Deterministic Output Consistency
For a fixed server key k and client input x, the OPRF output y = F(k, x) is always the same. This determinism is what makes OPRFs useful as building blocks for private set intersection.
- If two clients query the same input
x, they receive identical outputs. - This allows a server to compare encrypted sets without seeing the raw elements.
- The output is pseudorandom, meaning it is computationally indistinguishable from a truly random string to anyone who does not know
korx.
Verifiability (VOPRF)
A standard OPRF does not prevent a malicious server from using a different key for each query, breaking output consistency. A Verifiable OPRF (VOPRF) extends the protocol with a zero-knowledge proof that binds the server to a single, committed key.
- The server publishes a public key
pkcorresponding to its secret keyk. - During the protocol, the server provides a proof that the evaluation was performed correctly using the committed key.
- This is essential for Privacy Pass and anonymous token redemption systems where unlinkability must be guaranteed.
Partially Oblivious Variant
A Partially Oblivious PRF (POPRF) allows the server to bind a public, non-secret metadata string t to the evaluation. The client learns F(k, x, t), but the server still learns nothing about x.
- The metadata
tcan encode an expiration date, a rate-limiting epoch, or a context tag. - This prevents a client from using an output from one context in another.
- POPRFs are a key component in the OPAQUE protocol for password-authenticated key exchange, where
tbinds the evaluation to a specific user session.
Threshold OPRF for Distributed Trust
A Threshold OPRF (TOPRF) distributes the server's secret key k across multiple independent servers using secret sharing. The client must interact with a threshold number of servers to reconstruct the final output.
- No single server ever holds the full key, eliminating a single point of compromise.
- The client's input
xremains hidden from all servers as long as fewer than the threshold collude. - This architecture is used in production password managers and privacy-preserving authentication systems to ensure that a breach of any single server does not expose user secrets.
Frequently Asked Questions
Clear, technical answers to the most common questions about Oblivious Pseudorandom Functions and their role in modern cryptography.
An Oblivious Pseudorandom Function (OPRF) is a two-party cryptographic protocol where a client learns the output of a pseudorandom function (PRF) keyed by a server on the client's private input, without the server learning the input and without the client learning the server's secret key. In essence, the client receives F(key, x) for its input x, while the server learns nothing about x, and the client learns nothing about key beyond what is revealed by the single output. This primitive is a fundamental building block for private set intersection (PSI), password-authenticated key exchange, and privacy-preserving contact discovery. The term 'oblivious' refers to the server's obliviousness to the client's input, a property achieved through cryptographic techniques such as oblivious transfer (OT) or Diffie-Hellman key exchange variants.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Oblivious Pseudorandom Functions are a fundamental building block for modern privacy-preserving protocols. The following concepts are essential for understanding how OPRFs are constructed, optimized, and deployed in real-world systems.
Oblivious Transfer (OT)
A foundational cryptographic protocol where a sender holds multiple messages and a receiver selects one. The sender remains oblivious to which message was chosen, and the receiver learns nothing about the unselected messages. OPRFs are often constructed directly from OT, making this the most critical primitive to understand. 1-out-of-2 OT is the standard variant, where the sender inputs two strings and the receiver's choice bit determines which one is delivered.
OT Extension
A cryptographic technique that efficiently generates millions of oblivious transfers from a small number (typically 128) of base OTs using only fast symmetric-key operations. This is the engine that makes OPRFs practical at scale. Without OT extension, each OT would require expensive public-key operations. The IKNP protocol is the seminal construction, with modern variants like Ferret OT achieving throughput exceeding 10 million OTs per second on commodity hardware.
Vector OLE (VOLE)
A cryptographic primitive where two parties generate a long vector of correlated oblivious linear evaluations. The sender learns a random vector and a scalar key; the receiver learns a vector that is the sender's vector multiplied by a scalar of their choice, plus an offset. VOLE enables extremely fast, low-communication OPRFs and forms the backbone of state-of-the-art PSI protocols. It can be instantiated from OT extension or lattice-based assumptions for post-quantum security.
Diffie-Hellman OPRF
The classic OPRF construction based on the computational Diffie-Hellman assumption in prime-order groups. The server holds a secret key k; the client blinds their input x as H(x)^r for a random r. The server applies its key to return H(x)^{rk}, and the client removes the blinding factor r to obtain H(x)^k. This construction is simple, round-efficient, and widely deployed in systems like Privacy Pass for anonymous authentication tokens.
Verifiable OPRF (VOPRF)
An extension of the standard OPRF where the server can prove to the client that the output is correct with respect to a committed key, without revealing the key itself. This prevents a malicious server from substituting different keys per query to learn the client's input. VOPRFs are standardized in RFC 9497 and are critical for applications like password-authenticated key exchange and privacy-preserving token redemption where server misbehavior must be detectable.
Partially Oblivious PRF
A variant where the server learns a public metadata tag associated with the client's query, while the private input remains hidden. This enables rate-limiting and abuse prevention without sacrificing privacy. For example, a server can enforce per-domain token quotas while remaining oblivious to the specific URLs a client accesses. This construction bridges the gap between fully oblivious evaluation and practical deployment constraints requiring some server-side policy enforcement.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us