RFC Errata

Errata Search
RFC Number:		Errata ID:

Source of RFC		Status:
Area Acronym:		Type:
WG Acronym:		Submitter Name:
Other:		Date Submitted:
Summary Table Full Records

RFC 9497, "Oblivious Pseudorandom Functions (OPRFs) Using Prime-Order Groups", December 2023

Source of RFC: IRTF
See Also: RFC 9497 w/ inline errata

Errata ID: 8392
Status: Verified
Type: Technical
Publication Format(s) : TEXT, PDF, HTML
Reported By: daxpedda
Date Reported: 2025-04-25
Verifier Name: Nick Sullivan
Date Verified: 2026-01-27

Section 4 says:

RandomScalar():  Implemented by returning a uniformly random
         Scalar in the range [0, G.Order() - 1].

It should say:

RandomScalar():  Implemented by returning a uniformly random
         Scalar in the range [1, G.Order() - 1].

Notes:

Section 2.1 (https://www.rfc-editor.org/rfc/rfc9497#section-2.1-4.12) states:
> Chooses at random a nonzero element in GF(p).

So `RandomScalar()` implementations can't return 0.

--VERIFIER NOTE--
Verified. Section 2.1 requires nonzero; this fix aligns Section 4 with that requirement. EID 8393 addresses related Section 4.7 implementation guidance (held pending fix text revision).

Report New Errata

Search RFCs

RFC Editor

The Series

For Authors

Sponsor

RFC Errata

Errata Search

RFC 9497, "Oblivious Pseudorandom Functions (OPRFs) Using Prime-Order Groups", December 2023