OPAQUE ExecModule
info
OPAQUE (Oblivious Password Authenticated Key Exchange) is a cryptographic protocol that enables secure password-based key establishment and multi-user secure computation without plaintext password transmission or storage.
Overview
The OPAQUE ExecModule provides three core operations for secure password handling in ValkyrAI workflows:
- Register - Create user enrollment with secure salt
- Authenticate - Verify password and derive session key
- Compute - Generate workflow-bound computation keys for MPC
Why OPAQUE?
Traditional password systems store salted hashes. OPAQUE goes further:
- ✅ Passwords never transmitted in plaintext - Even to the server
- ✅ Passwords never stored in plaintext - Only salted key material