gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lsd0001] branch master updated: fixes in crypto

From: gnunet
Subject: [lsd0001] branch master updated: fixes in crypto
Date: Thu, 17 Mar 2022 12:50:01 +0100 
This is an automated email from the git hooks/post-receive script.

martin-schanzenbach pushed a commit to branch master
in repository lsd0001.

The following commit(s) were added to refs/heads/master by this push:
     new 5594179  fixes in crypto
5594179 is described below

commit 55941796ffaabc0cca7a88efcbce2c5636bfa761
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Thu Mar 17 12:49:57 2022 +0100

    fixes in crypto
---
 draft-schanzen-gns.xml | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index dc984c3..05f934a 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -1271,14 +1271,15 @@ S-Decrypt(zk,label,expiration,ciphertext):
          <artwork name="" type="" align="left" alt=""><![CDATA[
 ZKDF-Private(d,label):
   /* EdDSA clamping */
-  a := SHA-512 (d)
+  dh := SHA-512 (d)
+  a := dh[0..31]
   a[0] &= 248
   a[31] &= 127
   a[31] |= 64
-  /* Calculate zk from d */
+  /* Calculate zk corresponding to d */
   zk := a * G
 
-  /* Calculate the blinding factor */
+  /* Calculate the blinding factor h */
   PRK_h := HKDF-Extract ("key-derivation", zk)
   h := HKDF-Expand (PRK_h, label || "gns", 512 / 8)
   /* Ensure that h == h mod L */
@@ -1354,12 +1355,14 @@ ZKDF-Public(zk,label):
          </t>
          <artwork name="" type="" align="left" alt=""><![CDATA[
 SignDerived(d,label,message):
+  /* Key expansion */
+  dh := SHA-512 (d)
   /* EdDSA clamping */
-  a := SHA-512 (d)
+  a := dh[0..31]
   a[0] &= 248
   a[31] &= 127
   a[31] |= 64
-  /* Calculate zk from d */
+  /* Calculate zk corresponding to d */
   zk := a * G
 
   /* Calculate blinding factor */
@@ -1367,7 +1370,7 @@ SignDerived(d,label,message):
   h := HKDF-Expand (PRK_h, label || "gns", 512 / 8)
 
   d' := ZKDF-Private(d,label)
-  dh := SHA-512 (d)
+  zk' := h * zk
   nonce := SHA-256 (dh[32..63] || h)
   r := SHA-512 (nonce || message)
   R := r * G

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]