README

PHP implementation of the Oblivious Pseudorandom Function (OPRF) protocol, base mode, as defined in RFC 9497 using the ristretto255-SHA-512 suite.

Compatible with liboprf.

Requirements

• PHP 8.2 or higher
• libsodium APIs provided by either:
  • ext-sodium (recommended, libsodium >= 1.0.18)
  • paragonie/sodium_compat

Installation

composer require noxlogic/oprf

If ext-sodium is unavailable, install the compatible polyfill:

composer require paragonie/sodium_compat

Usage

Client side

use Noxlogic\Oprf\OprfClient;

$client = new OprfClient();

// Step 1 - blind the input and send $result->blindedElement to the server
$result = $client->blind($input);

// Step 3 - unblind the server's response and compute the pseudonym
$pseudonym = $client->finalize($input, $result->blind, $evaluatedElement);

Server side

use Noxlogic\Oprf\OprfServer;

$server = new OprfServer();

// Generate and store a long-lived key
$key = $server->generateKey();

// Step 2 - evaluate the blinded element received from the client
$evaluatedElement = $server->evaluate($key, $blindedElement);

Full round-trip

$client = new OprfClient();
$server = new OprfServer();
$key    = $server->generateKey();

$blind     = $client->blind('my-input');
$evaluated = $server->evaluate($key, $blind->blindedElement);
$pseudonym = $client->finalize('my-input', $blind->blind, $evaluated);

The pseudonym is deterministic: the same input and server key always produce the same output, regardless of the random blind scalar chosen during blind().

Development

composer test      # run PHPUnit
composer cs        # check code style
composer cs:fix    # fix code style
composer stan      # run PHPStan (level 8)
composer ci        # run all of the above

License

MIT - see LICENSE.