-
Notifications
You must be signed in to change notification settings - Fork 6
Client Registration
The registration consists of the 3 messages sent between the client and the server, initiated by the client.
Client Server
------------------------------------------------------
request = client.RegistrationInit(password)
request
------------------------->
response = server.RegistrationResponse(request,
server_public_key,
credential_identifier,
oprf_seed)
response
<-------------------------
(record, export_key) = client.RegistrationFinalize(client_private_key,
response)
record
------------------------->
The user enumeration protection for non-yet-existing users is not implemented in this version.
The server should have an AKE key pair already set up and use it for the clients it's serving, though it's possible to use different key pairs for each client. When a client requests registration, the server commits to the AKE public key for the lifetime of the client's envelope.
OPAQUE handles user-specific salt derivation internally given a seed and a unique client identifier. The server should have an OPRF seed already set up before client registration happens, but can of course have one set up at that moment. This seed is committed to, meaning that it must be the same for all the client's authentication requests and must remain secret. The client identifier is a credential internal to the server, that must be unique for each client among all clients. It can be used to internally identify the client record.
Note that the same OPRF seed can be used for multiple, if not all, clients. The uniqueness of the salt must be guaranteed by the uniqueness of the client identifier. If client identifiers repeat, or if the OPRF seed is compromised, the whole security of the protocol is compromised.