{"id":46993769,"url":"https://github.com/multiparty/oprf","last_synced_at":"2026-03-11T14:39:09.643Z","repository":{"id":49023943,"uuid":"137909008","full_name":"multiparty/oprf","owner":"multiparty","description":"Oblivious pseudorandom function over an elliptic curve","archived":false,"fork":false,"pushed_at":"2023-10-26T22:21:21.000Z","size":1428,"stargazers_count":20,"open_issues_count":0,"forks_count":9,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-10-25T16:49:49.103Z","etag":null,"topics":["cryptography","oblivious-hashing","privacy-enhancing-technologies"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/multiparty.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-06-19T15:14:33.000Z","updated_at":"2023-10-26T22:21:24.000Z","dependencies_parsed_at":"2022-08-30T04:50:45.971Z","dependency_job_id":null,"html_url":"https://github.com/multiparty/oprf","commit_stats":{"total_commits":95,"total_committers":6,"mean_commits":"15.833333333333334","dds":0.2210526315789474,"last_synced_commit":"39d1d75f5c0c218a779bf5381651a0799582cff6"},"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/multiparty/oprf","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/multiparty%2Foprf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/multiparty%2Foprf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/multiparty%2Foprf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/multiparty%2Foprf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/multiparty","download_url":"https://codeload.github.com/multiparty/oprf/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/multiparty%2Foprf/sbom","scorecard":{"id":667952,"data":{"date":"2025-08-18","repo":{"name":"github.com/multiparty/oprf","commit":"9bd2176e6098ab345d4cf49b4217c8d2b1d16847"},"scorecard":{"version":"v5.2.1-41-g40576783","commit":"40576783fda6698350fcbbeaea760ff827433034"},"score":1.9,"checks":[{"name":"Code-Review","score":1,"reason":"Found 4/24 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#security-policy"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#branch-protection"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#fuzzing"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 11 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"52 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-r9p9-mrjm-926w","Warn: Project is vulnerable to: GHSA-434g-2637-qmqr","Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m","Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw","Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p","Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747","Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh","Warn: Project is vulnerable to: GHSA-2j2x-2gpw-g8fm","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5","Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6","Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44","Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988","Warn: Project is vulnerable to: GHSA-7wwv-vh3v-89cq","Warn: Project is vulnerable to: GHSA-qqgx-2p2h-9c37","Warn: Project is vulnerable to: GHSA-896r-f27r-55mw","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq","Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488","Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-4r62-v4vq-hr96","Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj","Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9","Warn: Project is vulnerable to: GHSA-g6ww-v8xp-vmwg","Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6","Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6","Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj","Warn: Project is vulnerable to: GHSA-vx3p-948g-6vhq","Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T18:48:04.259Z","repository_id":49023943,"created_at":"2025-08-21T18:48:04.259Z","updated_at":"2025-08-21T18:48:04.259Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30384146,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-11T14:10:17.325Z","status":"ssl_error","status_checked_at":"2026-03-11T14:09:37.934Z","response_time":84,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","oblivious-hashing","privacy-enhancing-technologies"],"created_at":"2026-03-11T14:39:08.961Z","updated_at":"2026-03-11T14:39:09.631Z","avatar_url":"https://github.com/multiparty.png","language":"TypeScript","readme":"# OPRF\n[![npm version](https://badge.fury.io/js/oprf.svg)](https://badge.fury.io/js/oprf)\n[![Build Status](https://travis-ci.org/multiparty/oprf.svg?branch=master)](https://travis-ci.org/multiparty/oprf)\n[![Coverage Status](https://coveralls.io/repos/github/multiparty/oprf/badge.svg?branch=master)](https://coveralls.io/github/multiparty/oprf?branch=master)\n\n#### Oblivious pseudo-random function over an elliptic curve (Ristretto255)\n\n## Installation\nFor node.js, use:\n\n```bash\nnpm install oprf\n```\n\nFor the browser, include a script tag targeting either `dist/oprf.js` or `dist/oprf.slim.js`.\n\n## Bundle vs slim\n\nFor browsers, we provide two built files: `dist/oprf.js` and `dist/oprf.slim.js`.\n\nThe first includes both OPRF bundled with [libsodium-wrappers-sumo](https://github.com/jedisct1/libsodium.js) version 0.7.6. The second includes only OPRF.\n\nYou can use the slim version for cases where your browser-side code uses a more recent version of libsodium, or if you want\nto load libsodium asynchronously to reduce page load time.\n\nThe API for both versions is identical, except that the slim OPRF constructor expects a sodium instance to be passed in\nas a parameter, while the bundled constructor does not expect any parameters.\n\nIn node.js, the slim OPRF is not exposed.\n\n```javascript\nconst OPRF = require('oprf');\nconst oprf = new OPRF(); // will require('libsodium-wrappers-sumo');\n```\n\n## Initialization\nOPRF is not safe to use until sodium is done loading.\n\n```Typescript\nconst oprf = new OPRF();\nawait oprf.ready; // wait for dependencies to load\n```\n\n## Security Guarantees\nA client has input _x_ while a server holds key _k_. The client receives the output of *f\u003csub\u003ek\u003c/sub\u003e(x)* for some pseudorandom function family *f\u003csub\u003ek\u003c/sub\u003e*. The server learns nothing.\n\nThe implementation uses [Ristretto255](https://libsodium.gitbook.io/doc/advanced/point-arithmetic/ristretto), and does not suffer from small cofactor attacks.\n\n## Public Interface\nContains a masked point and the mask that was applied to it\n```Typescript\nexport interface IMaskedData {\n  readonly point: Uint8Array;\n  readonly mask: Uint8Array;\n}\n```\n\n## Public Functions\n\n**hashToPoint**: maps string input to a point on the elliptic curve\n```Typescript\npublic hashToPoint(input: string): Uint8Array\n```\n\n**isValidPoint**: returns whether the given point exists on the elliptic curve\n```Typescript\npublic isValidPoint(point: Uint8Array): boolean\n```\n\n**maskInput**: hashes string input as a point on an elliptic curve and applies a random mask to it\n```Typescript\npublic maskInput(input: string): IMaskedData\n```\n\n**maskPoint**: applies a random mask to an elliptic curve point\n```Typescript\npublic maskPoint(point: Uint8Array): IMaskedData\n```\n\n**unmaskPoint**: applies the multiplicative inverse of the mask to the masked point\n```Typescript\npublic unmaskPoint(maskedPoint: Uint8Array, mask: Uint8Array): Uint8Array\n```\n\n**generateRandomScalar**: generates a uniform random 32-byte number in [1, order of curve)\n```Typescript\npublic generateRandomScalar(): Uint8Array\n```\n\n**scalarMult**: salts a point using a key as a scalar\n```Typescript\npublic scalarMult(point: Uint8Array, key: Uint8Array): Uint8Array\n```\n\n**encodePoint**: encodes a point representation to a string with either 'ASCII' or 'UTF-8' encoding\n```Typescript\npublic encodePoint(point: Uint8Array, encoding: string): string\n```\n\n**decodePoint**: decode elliptic curve point from a string\n```Typescript\npublic decodePoint(code: string, encoding: string): Uint8Array\n```\n\n**addPoints**: add two points on an elliptic curve\n```Typescript\npublic addPoints(pointA: Uint8Array, pointB: Uint8Array): Uint8Array\n```\n\n**subtractPoints**: subtract two points on an elliptic curve\n```Typescript\npublic subtractPoints(pointA: Uint8Array, pointB: Uint8Array): Uint8Array\n```\n\n## OPRF Steps\n1.) **Client**: hash input and mask it using a randomly generated 32-byte number\n```Typescript\nconst input = 'hello world';\nconst masked = oprf.maskInput(input);\n\n// Send masked.point to server,\n// Do not send masked.mask to the server.\nsend(oprf.encodePoint(masked.point, 'UTF-8'));\n```\n\n2.) **Server**: salt the masked point using a secret key\n```Typescript\n// Note: your actual secret key should be fixed.\n// Do not generate a new scalar for each OPRF\n// application unless you have a specific use case for doing so.\nconst secretKey = oprf.generateRandomScalar();\n\nconst maskedPoint = oprf.decodePoint(receive(), 'UTF-8');\nconst salted = oprf.scalarMult(maskedPoint, secretKey);\n\n// Send salted back to the client\nsend(oprf.encodePoint(salted, 'UTF-8'));\n```\n\n3.) **Client**: unmask the salted point from the server to get a high-entropy output\n```Typescript\n// Make sure that masked.mask corresponds to the original mask used.\n// Otherwise, this will not give you the correct output.\nconst salted = oprf.decodePoint(receive(), 'UTF-8');\nconst unmasked = oprf.unmaskPoint(salted, masked.mask);\n```\n\n\n-----\nImplementation inspired by Burns et. al.\nhttps://pdfs.semanticscholar.org/5d33/ea1d3fda454875a6a6ee7c535c80c74af512.pdf\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmultiparty%2Foprf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmultiparty%2Foprf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmultiparty%2Foprf/lists"}