[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lsd0001] branch master updated: edkey updates
From: |
gnunet |
Subject: |
[lsd0001] branch master updated: edkey updates |
Date: |
Sat, 01 May 2021 22:56:21 +0200 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository lsd0001.
The following commit(s) were added to refs/heads/master by this push:
new 628ea7b edkey updates
628ea7b is described below
commit 628ea7b275bbfcb6879fd66caa6050a8ed14d97c
Author: Martin Schanzenbach <mschanzenbach@posteo.de>
AuthorDate: Sat May 1 22:54:09 2021 +0200
edkey updates
---
draft-schanzen-gns.xml | 41 ++++++++++++++++++++++++++++++-----------
1 file changed, 30 insertions(+), 11 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 4dd6e52..e1cbe6a 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -522,7 +522,8 @@ zk' := h mod L * zk
"PRK_h" is key material retrieved using an HKDF using the string
"key-derivation" as salt and the public zone key "zk" as initial
keying material.
- "h" is the 512-bit HKDF expansion result. The expansion info input is
+ "h" is the 512-bit HKDF expansion result and must be interpreted in
+ network byte order. The expansion info input is
a concatenation of the label and string "gns".
"label" is a UTF-8 string under which the resource records are
published.
@@ -679,6 +680,9 @@ h[31] &= 7
a1 := a / 8 /* 8 is the cofactor of Curve25519 */
a2 := h * a1 mod L
a' = a2 * 8 /* 8 is the cofactor of Curve25519 */
+a'[0] &= 248;
+a'[31] &= 127;
+a'[31] |= 64;
]]></artwork>
<t>
Equally, given a label, the output of the HDKD-Public function is
@@ -706,7 +710,8 @@ zk' := h * zk
keying material.
"h" is the 512-bit HKDF expansion result. The expansion info input
is
a concatenation of the label and string "gns".
- The result of the HKDF must be clamped.
+ The result of the HKDF must be clamped and interpreted in network
+ byte order.
"a" is the 256-bit integer corresponding to the 256-bit private zone
key "d".
"label" is a UTF-8 string under which the resource records are
@@ -724,6 +729,8 @@ zk' := h * zk
message M and deterministic random-looking "r":
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
+sk := SHA512 (d)
+r := SHA512 (sk + 32, M)
R := r * G
S := r + SHA512(R, zk', M) * a' mod L
]]></artwork>
@@ -731,19 +738,19 @@ S := r + SHA512(R, zk', M) * a' mod L
A signature (R,S) is valid if the following holds:
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
-SB == R + SHA512(R, zk', M) * A'
+S * G == R + SHA512(R, zk', M) * zk'
]]></artwork>
<t>
- The S-Encrypt() and S-Decrypt() functions use ChaCha20
- as defined in <xref target="RFC7539" />
- (ChaCha20-Poly1305):
+ The S-Encrypt() and S-Decrypt() functions use XSalsa20
+ as defined in <xref target="XSalsa20" />
+ (XSalsa20-Poly1305):
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
-RDATA := ChaCha20(K, IV, BDATA)
-BDATA := ChaCha20(K, IV, RDATA) = CIPHERTEXT | TAG
+RDATA := XSalsa20(K, IV, BDATA)
+BDATA := XSalsa20(K, IV, RDATA) = CIPHERTEXT | TAG
]]></artwork>
<t>
- The result of the ChaCha20 encryption function is the encrypted
+ The result of the XSalsa20 encryption function is the encrypted
ciphertext concatenated with the 128-bit authentication
tag "TAG".
Accordingly, the length of BDATA equals the length of the
@@ -785,11 +792,12 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
0 8 16 24 32
+-----+-----+-----+-----+
| NONCE |
+| |
+| |
+| |
+-----+-----+-----+-----+
| EXPIRATION |
| |
-+-----+-----+-----+-----+
-| BLOCK COUNTER |
+-----+-----+-----+-----+
]]></artwork>
</figure>
@@ -2365,6 +2373,17 @@ cae1789d
</front>
</reference>
+ <reference anchor="XSalsa20"
target="https://cr.yp.to/snuffle/xsalsa-20110204.pdf">
+ <front>
+ <title>Extending the Salsa20 nonce</title>
+ <author initials="D." surname="Bernstein" fullname="Daniel
Bernstein">
+ <organization>University of Illinois at Chicago</organization>
+ </author>
+ <date year="2011"/>
+ </front>
+ </reference>
+
+
<reference anchor="ed25519"
target="http://link.springer.com/chapter/10.1007/978-3-642-23951-9_9">
<front>
<title>High-Speed High-Security Signatures</title>
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [lsd0001] branch master updated: edkey updates,
gnunet <=