daphne_worker: Stabilize the PRF for internal use #390
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #266.
We currently use cSHAKE128 for deriving ReportsPending and ReportsProcessed shards and for computing the collection job ID for DAP-02. This comes from
prio::vdaf::prg::PrgSha3
. This API is not stable: the algorithm it uses depends on the VDAF version used, and we have not settled on which XOF to use for VDAF. (In VDAF-07 we have replaced cSHAKE128 with SHAKE128.) To avoid breaking changes for our internal use cases, usering::hmac::HMAC_SHA256
instead.The recommended key size for this PRF is 32 bytes. Accordingly, rotate the keys in daphne_worker_test/wrangler.toml.