{"id":19742534,"url":"https://github.com/nyg/opaque-impl","last_synced_at":"2026-06-13T15:34:49.344Z","repository":{"id":38828697,"uuid":"263083325","full_name":"nyg/opaque-impl","owner":"nyg","description":"PoC implementation in SageMath of OPAQUE, an asymmetric PAKE protocol.","archived":false,"fork":false,"pushed_at":"2020-05-23T11:57:51.000Z","size":1539,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-28T07:03:09.491Z","etag":null,"topics":["cryptography","elliptic-curve","opaque","proof-of-concept"],"latest_commit_sha":null,"homepage":"","language":"Jupyter Notebook","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nyg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-05-11T15:31:56.000Z","updated_at":"2024-04-02T20:17:41.000Z","dependencies_parsed_at":"2022-09-18T08:42:52.747Z","dependency_job_id":null,"html_url":"https://github.com/nyg/opaque-impl","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/nyg/opaque-impl","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nyg%2Fopaque-impl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nyg%2Fopaque-impl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nyg%2Fopaque-impl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nyg%2Fopaque-impl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nyg","download_url":"https://codeload.github.com/nyg/opaque-impl/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nyg%2Fopaque-impl/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34290346,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-13T02:00:06.617Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","elliptic-curve","opaque","proof-of-concept"],"created_at":"2024-11-12T01:32:07.743Z","updated_at":"2026-06-13T15:34:49.312Z","avatar_url":"https://github.com/nyg.png","language":"Jupyter Notebook","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OPAQUE\n\n## Introduction\n\nThe following software is an PoC implementation of the OPAQUE protocol. This implementation uses ECDH for the OPRF. For more information on the primitives used and the protocol description, see [pdf/README.pdf](pdf/README.pdf). This PoC is written using [SageMath](https://www.sagemath.org) and the [pyca/cryptography](https://github.com/pyca/cryptography) library.\n\n## Description\n\nThis software allows a client to register with the server and then to login. The server code is located in `server.sage` and the client code in `client.sage`.\n\nOPAQUE-related code is located in files inside the `opaque` folder. The Sage scripts inside that folder must be compiled into Python files before they can be imported in other Sage scripts. The `build-opaque.sh` script will do just that. However, for conveniance, compiled files are already commited in this repository.\n\n### Pickle\n\n[Pickle](https://docs.python.org/3/library/pickle.html) is used in two places:\n\n1. in the client, for the input of the `AuthEnc` function and\n2. in the server, to serialize the database to a file.\n\nThis means that in both cases, we unpickle only data we trust (unless an attacker managed to get access to the server or to the `rw` key…).\n\n### JSON\n\nJSON is used to transmit data between the client and the server, and as mentioned in the Python doc, *unlike pickle, deserializing untrusted JSON does not in itself create an arbitrary code execution vulnerability*.\n\n### Limitations\n\n1. This PoC can register only one user.\n2. The H' function is not secure.\n3. The sensible cryptographic material is not erase from the memory.\n4. When the client quits with an error, the corresponding socket connection on the server must be killed manually (^C).\n\n## Execution\n\n### `cryptography` library\n\nAs mentioned before, the `cryptography` library is used, install it with the following command:\n\n```sh\nsage --pip install cryptography\n```\n\nThe server must be launched first, followed by the client with the desired operation (register or login). The client must of course register before he can log in.\n\n```sh\nsage server.sage\nsage client.sage -op register\nsage client.sage -op login\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnyg%2Fopaque-impl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnyg%2Fopaque-impl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnyg%2Fopaque-impl/lists"}