[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [lsd0001] branch master updated: attempt to explain Ed25519
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [lsd0001] branch master updated: attempt to explain Ed25519vsECDSA |
|
Date: |
Thu, 03 Oct 2019 21:52:03 +0200 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository lsd0001.
The following commit(s) were added to refs/heads/master by this push:
new 568f168 attempt to explain Ed25519vsECDSA
568f168 is described below
commit 568f16839077402c1926b82f7db4526e6b2062ce
Author: Schanzenbach, Martin <address@hidden>
AuthorDate: Thu Oct 3 21:49:52 2019 +0200
attempt to explain Ed25519vsECDSA
---
draft-schanzen-gns.html | 46 ++++---
draft-schanzen-gns.txt | 312 ++++++++++++++++++++++++++++++++----------------
draft-schanzen-gns.xml | 12 +-
3 files changed, 239 insertions(+), 131 deletions(-)
diff --git a/draft-schanzen-gns.html b/draft-schanzen-gns.html
index 023c049..f8fbfc3 100644
--- a/draft-schanzen-gns.html
+++ b/draft-schanzen-gns.html
@@ -1156,15 +1156,16 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<a href="#section-2" class="section-number selfRef">2. </a><a
href="#name-zones" class="section-name selfRef">Zones</a>
</h2>
<p id="section-2-1">
- A zone in GNS is defined by a public/private ECC key pair (x,zk),
- where P is the generator of an elliptic curve, x is the private key and
- zk := x*P the corresponding public key.
- The keys are constructed using the Ed25519 ECC scheme as defined in
- <span>[<a href="#RFC8032" class="xref">RFC8032</a>]</span>.
+ A zone in GNS is defined by a public/private ECC key pair (d,zk),
+ where B is the generator of a group or subgroup, d is the private key and
+ zk the corresponding public key
+ GNS uses the Ed25519 EC parameters as defined in <span>[<a href="#RFC8032"
class="xref">RFC8032</a>]</span>.
+ GNS combines the EC parameters of Ed25519 with the ECDSA scheme
+ defined in <span>[<a href="#RFC6979" class="xref">RFC6979</a>]</span> in
order to achieve zone privacy.
The public key "zk" is used to uniquely identify and refer to the zone and
is thus called "zone key".
Records published in the zone are signed using a private key derived
- from the private key "x" as described in <a href="#publish"
class="xref">Section 4</a>.<a href="#section-2-1" class="pilcrow">¶</a></p>
+ from "d" as described in <a href="#publish" class="xref">Section 4</a>.<a
href="#section-2-1" class="pilcrow">¶</a></p>
</section>
</div>
<div id="rrecords">
@@ -1396,7 +1397,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<pre>
PRK_h := HKDF-Extract ("key-derivation", zk)
h := HKDF-Expand (PRK_h, label | "gns", 512 / 8)
- x_h := h*x mod p
+ d_h := h*d mod p
zk_h := h*zk mod p
q := SHA512 (zk_h)
</pre><a href="#section-4.1-1" class="pilcrow">¶</a>
@@ -1417,7 +1418,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
is the HKDF expansion result. The expansion info is a concatenation
of
the label and string "gns".<a href="#section-4.1-3.4"
class="pilcrow">¶</a>
</dd>
- <dt id="section-4.1-3.5">x</dt>
+ <dt id="section-4.1-3.5">d</dt>
<dd id="section-4.1-3.6">
is the private zone key as defined in <span>[<a href="#RFC8032"
class="xref">RFC8032</a>]</span>.<a href="#section-4.1-3.6"
class="pilcrow">¶</a>
</dd>
@@ -1430,10 +1431,10 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<dd id="section-4.1-3.10">
under wich the resource records are published.<a
href="#section-4.1-3.10" class="pilcrow">¶</a>
</dd>
- <dt id="section-4.1-3.11">x_h</dt>
+ <dt id="section-4.1-3.11">d_h</dt>
<dd id="section-4.1-3.12">
- is a private key derived from the zone private key "x" using the
- keying material "h" (512 bit) and "p" is the group order as defined
in
+ is a private key derived from the zone private key "d" using the
+ keying material "h" (512 bit) and "p" is a prime as defined in
<span>[<a href="#RFC8032" class="xref">RFC8032</a>]</span>.<a
href="#section-4.1-3.12" class="pilcrow">¶</a>
</dd>
<dt id="section-4.1-3.13">zk_h</dt>
@@ -1446,7 +1447,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<dd id="section-4.1-3.16">
Is the DHT key under which the resource records block is published.
It is the SHA512 hash over the public key "zk_h" corresponding to the
- derived private key "x_h".<a href="#section-4.1-3.16"
class="pilcrow">¶</a>
+ derived private key "d_h".<a href="#section-4.1-3.16"
class="pilcrow">¶</a>
</dd>
</dl>
</section>
@@ -1501,7 +1502,7 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
A 512-bit ECDSA deterministic signature compliant with
<span>[<a href="#RFC6979" class="xref">RFC6979</a>]</span>. The
signature is computed over the data
following the PUBLIC KEY field.
- The signature is created using the derived private key "x_h" (see
+ The signature is created using the derived private key "d_h" (see
<a href="#publish" class="xref">Section 4</a>).<a
href="#section-4.2-4.2" class="pilcrow">¶</a>
</dd>
<dt id="section-4.2-4.3">PUBLIC KEY</dt>
@@ -1534,8 +1535,9 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
</dd>
</dl>
<p id="section-4.2-5">
- As per <span>[<a href="#RFC8032" class="xref">RFC8032</a>]</span>, an
ECDSA signature consists of a pair
- of integers, r and s:<a href="#section-4.2-5" class="pilcrow">¶</a></p>
+ We note that even though we use a Ed25519 private key, the public key
+ is derived using ECDSA as defined in <span>[<a href="#RFC8032"
class="xref">RFC8032</a>]</span>.
+ Similarly, the ECDSA signature consists of a pair of integers, r and
s:<a href="#section-4.2-5" class="pilcrow">¶</a></p>
<div class="artwork art-text alignLeft" id="section-4.2-6">
<pre>
0 8 16 24 32 40 48 56
@@ -1730,27 +1732,19 @@ async function addMetadata(){try{const
e=document.styleSheets[0].cssRules;for(le
<pre>
label := "home"
- SEED :=
+ d :=
0f388abc49f99b86
75555ad33c3b586a
9e06f0f60f6caade
ee6fd12226ac2474
- D(private_scalar) :=
- 7450f71def6411e0
- ab0e6a1dfd1d9ccd
- 0eaf71952494ccf5
- 1b85ffac5db093c8
-
- zk (Zone Key) :=
+ zk (public zone key) :=
23d89a29da0f6808
c6b6d5e59cdd6a6f
cf3e2bb006f466d5
423a935d6b4d7e10
- SK (private_key) := SEED||PK
-
- h (derived_factor) :=
+ h :=
071efca7db2850bd
6f354ebfe38c5bbf
d6ba2f805cd8d3b5
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt
index d450d34..79b195d 100644
--- a/draft-schanzen-gns.txt
+++ b/draft-schanzen-gns.txt
@@ -62,14 +62,14 @@ Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
- 3. Resource records . . . . . . . . . . . . . . . . . . . . . . 2
+ 3. Resource records . . . . . . . . . . . . . . . . . . . . . . 3
3.1. Wire format . . . . . . . . . . . . . . . . . . . . . . . 3
3.2. PKEY . . . . . . . . . . . . . . . . . . . . . . . . . . 4
- 3.3. GNS2DNS . . . . . . . . . . . . . . . . . . . . . . . . . 4
+ 3.3. GNS2DNS . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.4. LEHO . . . . . . . . . . . . . . . . . . . . . . . . . . 5
- 4. Publishing records . . . . . . . . . . . . . . . . . . . . . 5
- 4.1. Key derivations . . . . . . . . . . . . . . . . . . . . . 5
- 4.2. Resource records block . . . . . . . . . . . . . . . . . 6
+ 4. Publishing records . . . . . . . . . . . . . . . . . . . . . 6
+ 4.1. Key derivations . . . . . . . . . . . . . . . . . . . . . 6
+ 4.2. Resource records block . . . . . . . . . . . . . . . . . 7
4.3. Block data encryption and decryption . . . . . . . . . . 8
5. Internationalization and Character Encoding . . . . . . . . . 10
6. Security Considerations . . . . . . . . . . . . . . . . . . . 10
@@ -77,8 +77,8 @@ Table of Contents
8. Namespace Revocation . . . . . . . . . . . . . . . . . . . . 10
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
10. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . 11
- 11. Normative References . . . . . . . . . . . . . . . . . . . . 11
- Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
+ 11. Normative References . . . . . . . . . . . . . . . . . . . . 13
+ Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14
1. Introduction
@@ -93,16 +93,16 @@ Table of Contents
2. Zones
- A zone in GNS is defined by a public/private ECC key pair (x,zk),
- where P is the generator of an elliptic curve, x is the private key
- and zk := x*P the corresponding public key. The keys are constructed
- using the Ed25519 ECC scheme as defined in [RFC8032]. The public key
- "zk" is used to uniquely identify and refer to the zone and is thus
- called "zone key". Records published in the zone are signed using a
- private key derived from the private key "x" as described in
- Section 4.
+ A zone in GNS is defined by a public/private ECC key pair (d,zk),
+ where B is the generator of a group or subgroup, d is the private key
+ and zk the corresponding public key GNS uses the Ed25519 EC
+ parameters as defined in [RFC8032]. GNS combines the EC parameters
+ of Ed25519 with the ECDSA scheme defined in [RFC6979] in order to
+ achieve zone privacy. The public key "zk" is used to uniquely
+ identify and refer to the zone and is thus called "zone key".
+ Records published in the zone are signed using a private key derived
+ from "d" as described in Section 4.
-3. Resource records
@@ -114,6 +114,8 @@ Schanzenbach, et al. Expires 24 January 2020
[Page 2]
Internet-Draft The GNU Name System July 2019
+3. Resource records
+
3.1. Wire format
A GNS resource record holds the data of a specific record in a zone.
@@ -128,8 +130,10 @@ Internet-Draft The GNU Name System
July 2019
| FLAGS | DATA /
+-----+-----+-----+-----+ /
/ /
- / /
- / |
+ / +-----+-----+-----+-----+
+ / | PADDING /
+ +-----+-----+-----+-----+ /
+ | |
+-----+-----+-----+-----+-----+-----+-----+-----+
Figure 1
@@ -141,7 +145,9 @@ Internet-Draft The GNU Name System
July 2019
byte order.
DATA SIZE The size of the DATA field in bytes and in network byte
- order.
+ order including padding. The padding MUST ensure that the size of
+ the resource record is a power of two. The only excption is the
+ PKEY record type, which is never padded.
TYPE The resource record type. This type can be one of the GNS
resource records as defined in Section 3 or a DNS record type as
@@ -155,12 +161,6 @@ Internet-Draft The GNU Name System
July 2019
DATA The resource record data payload. The contents are defined by
the respective type of the resource record.
- Flags indicate metadata surrounding the resource record. A flag
- value of 0 indicates that all flags are unset. The following
- illustrates the flag distribution in the 32-bit flag value of a
- resource record:
-
-
@@ -170,6 +170,14 @@ Schanzenbach, et al. Expires 24 January 2020
[Page 3]
Internet-Draft The GNU Name System July 2019
+ PADDING The padding MUST contain the 0 value in all octets. Not
+ applicable for PKEY records.
+
+ Flags indicate metadata surrounding the resource record. A flag
+ value of 0 indicates that all flags are unset. The following
+ illustrates the flag distribution in the 32-bit flag value of a
+ resource record:
+
... 5 4 3 2 1 0
------+--------+--------+--------+--------+--------+
/ ... | SHADOW | EXPREL | / | PRIVATE| / |
@@ -208,6 +216,16 @@ Internet-Draft The GNU Name System
July 2019
Figure 3
+
+
+
+
+
+Schanzenbach, et al. Expires 24 January 2020 [Page 4]
+�
+Internet-Draft The GNU Name System July 2019
+
+
3.3. GNS2DNS
It is possible to delegate a label back into DNS through a GNS2DNS
@@ -219,13 +237,6 @@ Internet-Draft The GNU Name System
July 2019
resolved by querying the name server(s). The a GNS2DNS DATA entry
has the following format:
-
-
-Schanzenbach, et al. Expires 24 January 2020 [Page 4]
-�
-Internet-Draft The GNU Name System July 2019
-
-
0 8 16 24 32 40 48 56
+-----+-----+-----+-----+-----+-----+-----+-----+
| DNS NAME |
@@ -262,6 +273,15 @@ Internet-Draft The GNU Name System
July 2019
Figure 5
+
+
+
+
+Schanzenbach, et al. Expires 24 January 2020 [Page 5]
+�
+Internet-Draft The GNU Name System July 2019
+
+
4. Publishing records
GNS resource records are published in a distributed hash table (DHT).
@@ -273,18 +293,9 @@ Internet-Draft The GNU Name System
July 2019
4.1. Key derivations
-
-
-
-
-Schanzenbach, et al. Expires 24 January 2020 [Page 5]
-�
-Internet-Draft The GNU Name System July 2019
-
-
PRK_h := HKDF-Extract ("key-derivation", zk)
- h := HKDF-Expand (PRK_h, label, 512 / 8)
- x_h := h*x mod p
+ h := HKDF-Expand (PRK_h, label | "gns", 512 / 8)
+ d_h := h*d mod p
zk_h := h*zk mod p
q := SHA512 (zk_h)
@@ -299,15 +310,15 @@ Internet-Draft The GNU Name System
July 2019
h is the HKDF expansion result. The expansion info is a
concatenation of the label and string "gns".
- x is the private zone key as defined in [RFC8032].
+ d is the private zone key as defined in [RFC8032].
P is the base point of the curve Ed25519 as defined in [RFC8032].
label under wich the resource records are published.
- x_h is a private key derived from the zone private key "x" using the
- keying material "h" (512 bit) and "p" is the group order as
- defined in [RFC8032].
+ d_h is a private key derived from the zone private key "d" using the
+ keying material "h" (512 bit) and "p" is a prime as defined in
+ [RFC8032].
zk_h is a public key derived from the zone key "zk" using the keying
material "h" (512 bit) and "p" is the group order as defined in
@@ -315,18 +326,7 @@ Internet-Draft The GNU Name System
July 2019
q Is the DHT key under which the resource records block is
published. It is the SHA512 hash over the public key "zk_h"
- corresponding to the derived private key "x_h".
-
-4.2. Resource records block
-
- GNS records are grouped by their labels and published as a single
- block in the DHT. The contained resource records are encrypted using
- a symmetric encryption scheme. A GNS resource records block has the
- following format:
-
-
-
-
+ corresponding to the derived private key "d_h".
@@ -338,6 +338,13 @@ Schanzenbach, et al. Expires 24 January 2020
[Page 6]
Internet-Draft The GNU Name System July 2019
+4.2. Resource records block
+
+ GNS records are grouped by their labels and published as a single
+ block in the DHT. The contained resource records are encrypted using
+ a symmetric encryption scheme. A GNS resource records block has the
+ following format:
+
0 8 16 24 32 40 48 56
+-----+-----+-----+-----+-----+-----+-----+-----+
| SIGNATURE |
@@ -370,7 +377,7 @@ Internet-Draft The GNU Name System
July 2019
SIGNATURE A 512-bit ECDSA deterministic signature compliant with
[RFC6979]. The signature is computed over the data following the
PUBLIC KEY field. The signature is created using the derived
- private key "x_h" (see Section 4).
+ private key "d_h" (see Section 4).
PUBLIC KEY The 256-bit ECC public key "zk_h" to be used to verify
SIGNATURE. The wire format of this value is defined in [RFC8032],
@@ -379,13 +386,6 @@ Internet-Draft The GNU Name System
July 2019
BDATA SIZE A 32-bit value containing the length of the following
data (PURPOSE, EXPIRATION, BDATA) in network byte order.
- PURPOSE A 32-bit signature purpose flag. This field MUST be 15 (in
- network byte order).
-
- EXPIRATION The resource records block expiration time. This is the
- expiration time of the resource record contained within this block
- with the smallest expiration time. This is a 64-bit absolute date
-
@@ -394,14 +394,21 @@ Schanzenbach, et al. Expires 24 January 2020
[Page 7]
Internet-Draft The GNU Name System July 2019
+ PURPOSE A 32-bit signature purpose flag. This field MUST be 15 (in
+ network byte order).
+
+ EXPIRATION The resource records block expiration time. This is the
+ expiration time of the resource record contained within this block
+ with the smallest expiration time. This is a 64-bit absolute date
in microseconds since midnight (0 hour), January 1, 1970 in
network byte order.
BDATA The encrypted resource records with a total size of "BDATA
SIZE".
- As per [RFC8032], an ECDSA signature consists of a pair of integers,
- r and s:
+ We note that even though we use a Ed25519 private key, the public key
+ is derived using ECDSA as defined in [RFC8032]. Similarly, the ECDSA
+ signature consists of a pair of integers, r and s:
0 8 16 24 32 40 48 56
+-----+-----+-----+-----+-----+-----+-----+-----+
@@ -429,19 +436,12 @@ Internet-Draft The GNU Name System
July 2019
PRK_k := HKDF-Extract ("gns-aes-ctx-key", zk)
PRK_iv := HKDF-Extract ("gns-aes-ctx-iv", zk)
- K := HKDF-Expand (PRK_k, l, 512 / 8);
- IV := HKDF-Expand (PRK_iv, l, 256 / 8)
+ K := HKDF-Expand (PRK_k, label, 512 / 8);
+ IV := HKDF-Expand (PRK_iv, label, 256 / 8)
We use a hash-based key derivation function (HKDF) as defined in
[RFC5869]. We use HMAC-SHA512 for the extraction phase and HMAC-
SHA256 for the expansion phase. The output keying material is 64
- octets (512 bit) for the symmetric keys and 32 octets (256 bit) for
- the initialization vector. We divide the resulting keying material
- "K" into a 256-bit AES key "Kaes" and a 256-bit TWOFISH key "Ktwo":
-
-
-
-
@@ -450,6 +450,10 @@ Schanzenbach, et al. Expires 24 January 2020
[Page 8]
Internet-Draft The GNU Name System July 2019
+ octets (512 bit) for the symmetric keys and 32 octets (256 bit) for
+ the initialization vector. We divide the resulting keying material
+ "K" into a 256-bit AES key "Kaes" and a 256-bit TWOFISH key "Ktwo":
+
0 8 16 24 32 40 48 56
+-----+-----+-----+-----+-----+-----+-----+-----+
| AES KEY (Kaes) |
@@ -497,10 +501,6 @@ Internet-Draft The GNU Name System
July 2019
-
-
-
-
Schanzenbach, et al. Expires 24 January 2020 [Page 9]
�
Internet-Draft The GNU Name System July 2019
@@ -569,22 +569,133 @@ Internet-Draft The GNU Name System
July 2019
10. Test Vectors
- SEED=0f388abc49f99b8675555ad33c3b586a9e06f0f60f6caadeee6fd12226ac2474
- LABEL="home"
-
D(private_scalar)=7450f71def6411e0ab0e6a1dfd1d9ccd0eaf71952494ccf51b85ffac5db093c8
-
PK(public_key)=23d89a29da0f6808c6b6d5e59cdd6a6fcf3e2bb006f466d5423a935d6b4d7e10
- SK(private_key)=SEED||PK
-
H(derived_factor)=071efca7db2850bd6f354ebfe38c5bbfd6ba2f805cd8d3b54edd7f3dd0730d1a
-
H*PK(derived_pk)=9f27ad25b5954a467bc65a676b7a6d23b2ef300f7fc70058059e7f29e594b5c1
-
QUERY=d18e5efff7646f9c87db4ff5e98df8f53d57b7a813271a488fd84e9e4ecae92636ab831bd17cd7e6c879d04e8a91b55570a94a6fef9ecf3c70207f69a4a8387a
- AES_KEY=033e97f17570004effe7e1b75b167668a3e0c320b7660eef0718d0aaa779164
- AES_IV=b052ae34fac578e9c7e400e712359621
- 2FISH_KEY=db5211605614363a4c2e23d96c9b1d3188a1b7cb85802db10ac7cc3f763c1670
- AES_IV=bc63e4b6f47a7254e4f4ff06d263f9d5
-
DATA_PLAIN=000000010005af87005b9140000000170000000f00000000000a046d61696c0a686f692d706f6c6c6f69036f726700000000000000000000000000000000000000000000000000
-
DATA_ENCRYPED=5fb6552e3959ff9fd80c1b0213dc7ef1f6edb016df693226f0d46dc04a34265bf6eaf8e945a7685dc94913835e03d695d1e307d6e4ce210bf0983af61346c69e69b2c636300fbf
- SIGNED_DATA=000000570000000f0005af87005b9140||DATA_ENCRYPTED
-
SIGNATURE=0f560541fb3900c3459efcba85e006a99122725baa1fb50b6ec6210eb815caba0663c95eb9ca1863b13c9320e8637a1168abebc4b916f4fff5bf62aa8d2d56b8
+ label := "home"
+
+ d :=
+ 0f388abc49f99b86
+ 75555ad33c3b586a
+ 9e06f0f60f6caade
+ ee6fd12226ac2474
+
+ zk (public zone key) :=
+ 23d89a29da0f6808
+ c6b6d5e59cdd6a6f
+ cf3e2bb006f466d5
+ 423a935d6b4d7e10
+
+ h :=
+ 071efca7db2850bd
+ 6f354ebfe38c5bbf
+ d6ba2f805cd8d3b5
+ 4edd7f3dd0730d1a
+
+ zk_h (derived zone key) :=
+ 9f27ad25b5954a46
+ 7bc65a676b7a6d23
+ b2ef300f7fc70058
+ 059e7f29e594b5c1
+
+ q (query key) :=
+ d18e5efff7646f9c
+ 87db4ff5e98df8f5
+ 3d57b7a813271a48
+ 8fd84e9e4ecae926
+ 36ab831bd17cd7e6
+ c879d04e8a91b555
+ 70a94a6fef9ecf3c
+ 70207f69a4a8387a
+
+ AES_KEY :=
+ 033e97f17570004e
+ ffe7e1b75b167668
+ a3e0c320b7660eef
+ 0718d0aaa779164
+
+
+
+Schanzenbach, et al. Expires 24 January 2020 [Page 11]
+�
+Internet-Draft The GNU Name System July 2019
+
+
+ AES_IV :=
+ b052ae34fac578e9
+ c7e400e712359621
+
+ TWOFISH_KEY :=
+ db5211605614363a
+ 4c2e23d96c9b1d31
+ 88a1b7cb85802db1
+ 0ac7cc3f763c1670
+
+ TWOFISH_IV :=
+ bc63e4b6f47a7254
+ e4f4ff06d263f9d5
+
+ RDATA :=
+ 000000010005af87 RR COUNT | EXPIRA-
+ 005b914000000017 -TION | DATA SIZE (23)
+ 0000000f00000000 TYPE (15=MX) | FLAGS (0)
+ 000a046d61696c0a DATA (prio=10 mx=mail.hoi-polloi.org.)
+ 686f692d706f6c6c
+ 6f69036f72670000
+ 0000000000000000
+ 0000000000000000
+ 00000000000000
+
+ BDATA :=
+ 5fb6552e3959ff9f
+ d80c1b0213dc7ef1
+ f6edb016df693226
+ f0d46dc04a34265b
+ f6eaf8e945a7685d
+ c94913835e03d695
+ d1e307d6e4ce210b
+ f0983af61346c69e
+ 69b2c636300fbf
+
+ SIGNATURE :=
+ 0f560541fb3900c3
+ 459efcba85e006a9
+ 9122725baa1fb50b
+ 6ec6210eb815caba
+ 0663c95eb9ca1863
+ b13c9320e8637a11
+ 68abebc4b916f4ff
+ f5bf62aa8d2d56b8
+
+ BLOCK :=
+ 0f560541fb3900c3 SIGNATURE
+
+
+
+Schanzenbach, et al. Expires 24 January 2020 [Page 12]
+�
+Internet-Draft The GNU Name System July 2019
+
+
+ 459efcba85e006a9 ||
+ 9122725baa1fb50b \/
+ 6ec6210eb815caba
+ 0663c95eb9ca1863
+ b13c9320e8637a11
+ 68abebc4b916f4ff
+ f5bf62aa8d2d56b8____________
+ 9f27ad25b5954a46 zk_h
+ 7bc65a676b7a6d23 ||
+ b2ef300f7fc70058 \/
+ 059e7f29e594b5c1____________
+ 000000570000000f BDATA SIZE (=87) | PURPOSE (=15)
+ 0005af87005b9140 EXPIRATION
+ 5fb6552e3959ff9f BDATA
+ d80c1b0213dc7ef1 ||
+ f6edb016df693226 \/
+ f0d46dc04a34265b
+ f6eaf8e945a7685d
+ c94913835e03d695
+ d1e307d6e4ce210b
+ f0983af61346c69e
+ 69b2c636300fbf ____________
11. Normative References
@@ -613,7 +724,8 @@ Internet-Draft The GNU Name System
July 2019
-Schanzenbach, et al. Expires 24 January 2020 [Page 11]
+
+Schanzenbach, et al. Expires 24 January 2020 [Page 13]
�
Internet-Draft The GNU Name System July 2019
@@ -669,4 +781,4 @@ Authors' Addresses
-Schanzenbach, et al. Expires 24 January 2020 [Page 12]
+Schanzenbach, et al. Expires 24 January 2020 [Page 14]
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 39c19a2..a809124 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -83,9 +83,10 @@
<t>
A zone in GNS is defined by a public/private ECC key pair (d,zk),
where B is the generator of a group or subgroup, d is the private key and
- zk the corresponding public key.
- The keys are constructed using the Ed25519 ECC scheme as defined in
- <xref target="RFC8032" />.
+ zk the corresponding public key
+ GNS uses the Ed25519 EC parameters as defined in <xref target="RFC8032" />.
+ GNS combines the EC parameters of Ed25519 with the ECDSA scheme
+ defined in <xref target="RFC6979" /> in order to achieve zone privacy.
The public key "zk" is used to uniquely identify and refer to the zone and
is thus called "zone key".
Records published in the zone are signed using a private key derived
@@ -416,8 +417,9 @@
</dd>
</dl>
<t>
- As per <xref target="RFC8032" />, an ECDSA signature consists of a
pair
- of integers, r and s:
+ We note that even though we use a Ed25519 private key, the public key
+ is derived using ECDSA as defined in <xref target="RFC8032" />.
+ Similarly, the ECDSA signature consists of a pair of integers, r and s:
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
0 8 16 24 32 40 48 56
--
To stop receiving notification emails like this one, please contact
address@hidden.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [lsd0001] branch master updated: attempt to explain Ed25519vsECDSA,
gnunet <=