International Association
for Cryptologic Research

Oblivious pseudorandom functions (OPRFs) allow the blind evaluation of a pseudorandom function, which makes them a versatile building block that enjoys usage in numerous applications. So far, security of OPRFs is predominantly captured in the Universal Composability (UC) framework, where an ideal functionality covers the expected security and privacy properties. While the OPRF functionality appears intuitive at first, the ideal-world paradigm also comes with a number of challenges: from imposing idealized building blocks when building OPRFs, to the lack of modularity, and requiring intricate UC knowledge to securely maneuver their usage. Game-based definitions are a simpler way to cover security properties. They model each property in a single game, which grants modularity in formalizing and proving OPRFs, and when using them in protocols. Interestingly, the few works that rely on game-based OPRF notions all introduced their own and different security models. In this work, we propose an extensive framework of the core security and privacy definitions for OPRFs, that unifies and extends the current definitional landscape, and study the relations among the presented notions. We also analyze the two most prominent constructions in our framework: HashDH and 2HashDH. The former does not achieve UC security, but has advantages in applications that require key rotation or updatability and we show that it achieves most security properties in our framework. We also observe that HashDH and 2HashDH do not satisfy our strongest privacy notion, indicating that the guarantees by the UC functionality are not as well understood as we we might expect them to be. Overall, we hope that our modular security framework will facilitate future works that use and design OPRFs.