commit 1e6eb27cffc88f5ad7bc9e89a7c13b8f90ec881f
parent 8d7c17bd39936b46a119908b7952fa73ac267443
Author: Martin Schanzenbach <mschanzenbach@posteo.de>
Date: Sun, 16 Feb 2020 17:16:34 +0100
add technical detail revocation
Diffstat:
3 files changed, 188 insertions(+), 118 deletions(-)
diff --git a/draft-schanzen-gns.html b/draft-schanzen-gns.html
@@ -2060,8 +2060,10 @@ table {
Cipher FeedBack (CFB) mode <span>[<a href="#RFC3826" class="xref">RFC3826</a>]</span>.<a href="#section-4.3-11" class="pilcrow">¶</a></p>
<div class="artwork art-text alignLeft" id="section-4.3-12">
<pre>
- RDATA := AES(AES KEY, AES IV, TWOFISH(TWOFISH KEY, TWOFISH IV, BDATA))
- BDATA := TWOFISH(TWOFISH KEY, TWOFISH IV, AES(AES KEY, AES IV, RDATA))
+ RDATA := AES(K[0:31], IV[0:15],
+ TWOFISH(K[32:63], IV[16:31], BDATA))
+ BDATA := TWOFISH(K[32:63], IV[16:31],
+ AES(K[0:31], IV[0:15], RDATA))
</pre><a href="#section-4.3-12" class="pilcrow">¶</a>
</div>
</section>
@@ -2404,31 +2406,69 @@ table {
</div>
<p id="section-7-5">
A single pass in the proof-of-work algorithm is defined as follows:<a href="#section-7-5" class="pilcrow">¶</a></p>
+<ol start="1" type="1" class="normal" id="section-7-6">
+ <li id="section-7-6.1">Derive initial key material K from the REV data.<a href="#section-7-6.1" class="pilcrow">¶</a>
+</li>
+<li id="section-7-6.2">Derive IV material from the key material K.<a href="#section-7-6.2" class="pilcrow">¶</a>
+</li>
+<li id="section-7-6.3">Encrypt the REV data using K and IV.<a href="#section-7-6.3" class="pilcrow">¶</a>
+</li>
+<li id="section-7-6.4">Derive the proof of work from the encrypted REV.<a href="#section-7-6.4" class="pilcrow">¶</a>
+</li>
+</ol>
<figure id="figure-16">
- <div class="artwork art-text alignLeft" id="section-7-6.1">
+ <div class="artwork art-text alignLeft" id="section-7-7.1">
<pre>
- DK := scrypt (P := REV)
- IV := IVderive (salt="gnunet-revocation-proof-of-work", "gnunet-proof-of-work-iv", DK)
- EREV := AES (DK, IV, REV) /* TODO this is more complex */
- REVDATA := scrypt(P := enc)
+ K := scrypt (P := REV)
</pre>
</div>
<figcaption><a href="#figure-16" class="selfRef">Figure 16</a></figcaption></figure>
-<p id="section-7-7">
+<figure id="figure-17">
+ <div class="artwork art-text alignLeft" id="section-7-8.1">
+<pre>
+ PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!",
+ K[0,31])
+ PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH",
+ K[32,63])
+ IV_aes := HKDF-Expand (PRK_aes,
+ "gnunet-revocation-proof-of-work",
+ 128 / 8);
+ IV_two := HKDF-Expand (PRK_two,
+ "gnunet-revocation-proof-of-work,
+ 128 / 8)
+ </pre>
+</div>
+<figcaption><a href="#figure-17" class="selfRef">Figure 17</a></figcaption></figure>
+<figure id="figure-18">
+ <div class="artwork art-text alignLeft" id="section-7-9.1">
+<pre>
+ EREV := TWOFISH(K[0:31], IV_two,
+ AES(K[32:63], IV_aes, REV))
+ </pre>
+</div>
+<figcaption><a href="#figure-18" class="selfRef">Figure 18</a></figcaption></figure>
+<figure id="figure-19">
+ <div class="artwork art-text alignLeft" id="section-7-10.1">
+<pre>
+ REVDATA := scrypt(P := EREV)
+ </pre>
+</div>
+<figcaption><a href="#figure-19" class="selfRef">Figure 19</a></figcaption></figure>
+<p id="section-7-11">
where "scrypt" is the scrypt algorithm as defined in
- <span>[<a href="#RFC7914" class="xref">RFC7914</a>]</span> with the following parameters set:<a href="#section-7-7" class="pilcrow">¶</a></p>
-<div class="artwork art-text alignLeft" id="section-7-8">
+ <span>[<a href="#RFC7914" class="xref">RFC7914</a>]</span> with the following parameters set:<a href="#section-7-11" class="pilcrow">¶</a></p>
+<div class="artwork art-text alignLeft" id="section-7-12">
<pre>
S := "gnunet-revocation-proof-of-work" /* Salt */
N := 2
r := 8 /* Block size */
p := 2 /* Parallelization parameter */
dkLen := 512 /* Intended output length */
- </pre><a href="#section-7-8" class="pilcrow">¶</a>
+ </pre><a href="#section-7-12" class="pilcrow">¶</a>
</div>
-<p id="section-7-9">
+<p id="section-7-13">
The above function is called with different values for the "NONCE" in
- "REVDAT" until the amount of leading zeroes is greater or equal 25.<a href="#section-7-9" class="pilcrow">¶</a></p>
+ "REV" until the amount of leading zeroes is greater or equal 25.<a href="#section-7-13" class="pilcrow">¶</a></p>
</section>
</div>
<div id="governance">
@@ -2551,7 +2591,7 @@ The registry shall record for each entry:<a href="#section-10-1" class="pilcrow"
Served", as described in <span>[<a href="#RFC8126" class="xref">RFC8126</a>]</span>.
IANA is requested to populate this registry as follows:<a href="#section-10-3" class="pilcrow">¶</a></p>
<div id="figure_rrtypenums">
-<figure id="figure-17">
+<figure id="figure-20">
<div class="artwork art-text alignLeft" id="section-10-4.1">
<pre>
Number | Type | Contact | References
@@ -2565,7 +2605,7 @@ The registry shall record for each entry:<a href="#section-10-1" class="pilcrow"
FIXME We have a lot more?
</pre>
</div>
-<figcaption><a href="#figure-17" class="selfRef">Figure 17</a></figcaption></figure>
+<figcaption><a href="#figure-20" class="selfRef">Figure 20</a></figcaption></figure>
</div>
</section>
</div>
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt
@@ -87,10 +87,10 @@ Table of Contents
7. Zone Revocation . . . . . . . . . . . . . . . . . . . . . . . 19
8. Determining the Root Zone and Zone Governance . . . . . . . . 21
9. Security Considerations . . . . . . . . . . . . . . . . . . . 22
- 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22
+ 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23
11. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . 23
12. Normative References . . . . . . . . . . . . . . . . . . . . 25
- Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26
+ Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27
1. Introduction
@@ -804,8 +804,10 @@ Internet-Draft The GNU Name System November 2019
chained symmetric cipher. Both ciphers are used in Cipher FeedBack
(CFB) mode [RFC3826].
- RDATA := AES(AES KEY, AES IV, TWOFISH(TWOFISH KEY, TWOFISH IV, BDATA))
- BDATA := TWOFISH(TWOFISH KEY, TWOFISH IV, AES(AES KEY, AES IV, RDATA))
+ RDATA := AES(K[0:31], IV[0:15],
+ TWOFISH(K[32:63], IV[16:31], BDATA))
+ BDATA := TWOFISH(K[32:63], IV[16:31],
+ AES(K[0:31], IV[0:15], RDATA))
5. Internationalization and Character Encoding
@@ -835,8 +837,6 @@ Internet-Draft The GNU Name System November 2019
-
-
Schanzenbach, et al. Expires 13 May 2020 [Page 15]
�
Internet-Draft The GNU Name System November 2019
@@ -1090,37 +1090,58 @@ Internet-Draft The GNU Name System November 2019
A single pass in the proof-of-work algorithm is defined as follows:
- DK := scrypt (P := REV)
- IV := IVderive (salt="gnunet-revocation-proof-of-work", "gnunet-proof-of-work-iv", DK)
- EREV := AES (DK, IV, REV) /* TODO this is more complex */
- REVDATA := scrypt(P := enc)
+ 1. Derive initial key material K from the REV data.
+
+ 2. Derive IV material from the key material K.
+
+ 3. Encrypt the REV data using K and IV.
+
+ 4. Derive the proof of work from the encrypted REV.
+
+ K := scrypt (P := REV)
Figure 16
- where "scrypt" is the scrypt algorithm as defined in [RFC7914] with
- the following parameters set:
+ PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!",
+ K[0,31])
+ PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH",
+ K[32,63])
+ IV_aes := HKDF-Expand (PRK_aes,
+ "gnunet-revocation-proof-of-work",
+ 128 / 8);
+ IV_two := HKDF-Expand (PRK_two,
+ "gnunet-revocation-proof-of-work,
+ 128 / 8)
- S := "gnunet-revocation-proof-of-work" /* Salt */
- N := 2
- r := 8 /* Block size */
- p := 2 /* Parallelization parameter */
- dkLen := 512 /* Intended output length */
+ Figure 17
- The above function is called with different values for the "NONCE" in
- "REVDAT" until the amount of leading zeroes is greater or equal 25.
+Schanzenbach, et al. Expires 13 May 2020 [Page 20]
+�
+Internet-Draft The GNU Name System November 2019
+ EREV := TWOFISH(K[0:31], IV_two,
+ AES(K[32:63], IV_aes, REV))
+ Figure 18
+ REVDATA := scrypt(P := EREV)
+ Figure 19
+ where "scrypt" is the scrypt algorithm as defined in [RFC7914] with
+ the following parameters set:
-Schanzenbach, et al. Expires 13 May 2020 [Page 20]
-�
-Internet-Draft The GNU Name System November 2019
+ S := "gnunet-revocation-proof-of-work" /* Salt */
+ N := 2
+ r := 8 /* Block size */
+ p := 2 /* Parallelization parameter */
+ dkLen := 512 /* Intended output length */
+ The above function is called with different values for the "NONCE" in
+ "REV" until the amount of leading zeroes is greater or equal 25.
8. Determining the Root Zone and Zone Governance
@@ -1148,6 +1169,15 @@ Internet-Draft The GNU Name System November 2019
GNS clients SHOULD first try to interpret the top-level domain of a
GNS name as a zone key. For example. if the top-level domain is a
+
+
+
+
+Schanzenbach, et al. Expires 13 May 2020 [Page 21]
+�
+Internet-Draft The GNU Name System November 2019
+
+
Base32-encoded public zone key "zk", the root zone of the resolution
process is implicitly given by the name:
@@ -1170,14 +1200,6 @@ Internet-Draft The GNU Name System November 2019
=> Entry zone: zk1
=> Name to resolve from entry zone: www.example
-
-
-
-Schanzenbach, et al. Expires 13 May 2020 [Page 21]
-�
-Internet-Draft The GNU Name System November 2019
-
-
Finally, additional "suffix to zone" mappings MAY be configured.
Suffix to zone key mappings SHOULD be configurable through a local
configuration file or database by the user or system administrator.
@@ -1201,6 +1223,17 @@ Internet-Draft The GNU Name System November 2019
TODO
+
+
+
+
+
+
+Schanzenbach, et al. Expires 13 May 2020 [Page 22]
+�
+Internet-Draft The GNU Name System November 2019
+
+
10. IANA Considerations
IANA is requested to create an "GNU Name System Record Type"
@@ -1221,19 +1254,6 @@ Internet-Draft The GNU Name System November 2019
Served", as described in [RFC8126]. IANA is requested to populate
this registry as follows:
-
-
-
-
-
-
-
-
-Schanzenbach, et al. Expires 13 May 2020 [Page 22]
-�
-Internet-Draft The GNU Name System November 2019
-
-
Number | Type | Contact | References
---------+-----------------+---------+---------
65536 | PKEY | N/A | [This.I-D]
@@ -1244,7 +1264,7 @@ Internet-Draft The GNU Name System November 2019
65541 | BOX | N/A | [This.I-D]
FIXME We have a lot more?
- Figure 17
+ Figure 20
11. Test Vectors
@@ -1262,6 +1282,14 @@ Internet-Draft The GNU Name System November 2019
zk (public zone key) :=
dff911496d025d7e
0885c03d19153e99
+
+
+
+Schanzenbach, et al. Expires 13 May 2020 [Page 23]
+�
+Internet-Draft The GNU Name System November 2019
+
+
4f213f23ea719eca
17fc32dc410e082e
@@ -1282,14 +1310,6 @@ Internet-Draft The GNU Name System November 2019
0017c802f7d32e18
q (query key) :=
-
-
-
-Schanzenbach, et al. Expires 13 May 2020 [Page 23]
-�
-Internet-Draft The GNU Name System November 2019
-
-
6fce4deddc5ad681
f4e29a3310767e3b
8b38bc1b276ce2ba
@@ -1319,6 +1339,13 @@ Internet-Draft The GNU Name System November 2019
071be189a9d236f9
b4a3654bb8c281d4
+
+
+Schanzenbach, et al. Expires 13 May 2020 [Page 24]
+�
+Internet-Draft The GNU Name System November 2019
+
+
RDATA :=
0000000100059412 RR COUNT | EXPIRA-
09ddea0f00000014 -TION | DATA SIZE (20)
@@ -1338,14 +1365,6 @@ Internet-Draft The GNU Name System November 2019
afc99ba9c5a3bb54
07e731a34680ee33
ae0de7bfeda7d2b7
-
-
-
-Schanzenbach, et al. Expires 13 May 2020 [Page 24]
-�
-Internet-Draft The GNU Name System November 2019
-
-
8c6b854a008b1b54
10df4f39f5ba9f46____________
8cb514a56c0eaae0 zk_h
@@ -1374,6 +1393,15 @@ Internet-Draft The GNU Name System November 2019
specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
November 1987, <https://www.rfc-editor.org/info/rfc1035>.
+
+
+
+
+Schanzenbach, et al. Expires 13 May 2020 [Page 25]
+�
+Internet-Draft The GNU Name System November 2019
+
+
[RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
specifying the location of services (DNS SRV)", RFC 2782,
DOI 10.17487/RFC2782, February 2000,
@@ -1394,14 +1422,6 @@ Internet-Draft The GNU Name System November 2019
DOI 10.17487/RFC3826, June 2004,
<https://www.rfc-editor.org/info/rfc3826>.
-
-
-
-Schanzenbach, et al. Expires 13 May 2020 [Page 25]
-�
-Internet-Draft The GNU Name System November 2019
-
-
[RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
Key Derivation Function (HKDF)", RFC 5869,
DOI 10.17487/RFC5869, May 2010,
@@ -1430,6 +1450,14 @@ Internet-Draft The GNU Name System November 2019
for Security", RFC 7748, DOI 10.17487/RFC7748, January
2016, <https://www.rfc-editor.org/info/rfc7748>.
+
+
+
+Schanzenbach, et al. Expires 13 May 2020 [Page 26]
+�
+Internet-Draft The GNU Name System November 2019
+
+
[RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital
Signature Algorithm (EdDSA)", RFC 8032,
DOI 10.17487/RFC8032, January 2017,
@@ -1449,15 +1477,6 @@ Internet-Draft The GNU Name System November 2019
Authors' Addresses
-
-
-
-
-Schanzenbach, et al. Expires 13 May 2020 [Page 26]
-�
-Internet-Draft The GNU Name System November 2019
-
-
Martin Schanzenbach
GNUnet e.V.
Boltzmannstrasse 3
@@ -1490,23 +1509,4 @@ Internet-Draft The GNU Name System November 2019
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Schanzenbach, et al. Expires 13 May 2020 [Page 27]
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -834,8 +834,10 @@
Cipher FeedBack (CFB) mode <xref target="RFC3826" />.
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
- RDATA := AES(AES KEY, AES IV, TWOFISH(TWOFISH KEY, TWOFISH IV, BDATA))
- BDATA := TWOFISH(TWOFISH KEY, TWOFISH IV, AES(AES KEY, AES IV, RDATA))
+ RDATA := AES(K[0:31], IV[0:15],
+ TWOFISH(K[32:63], IV[16:31], BDATA))
+ BDATA := TWOFISH(K[32:63], IV[16:31],
+ AES(K[0:31], IV[0:15], RDATA))
]]></artwork>
</section>
</section>
@@ -1152,12 +1154,40 @@
<t>
A single pass in the proof-of-work algorithm is defined as follows:
</t>
+ <ol>
+ <li>Derive initial key material K from the REV data.</li>
+ <li>Derive IV material from the key material K.</li>
+ <li>Encrypt the REV data using K and IV.</li>
+ <li>Derive the proof of work from the encrypted REV.</li>
+ </ol>
<figure>
<artwork name="" type="" align="left" alt=""><![CDATA[
- DK := scrypt (P := REV)
- IV := IVderive (salt="gnunet-revocation-proof-of-work", "gnunet-proof-of-work-iv", DK)
- EREV := AES (DK, IV, REV) /* TODO this is more complex */
- REVDATA := scrypt(P := enc)
+ K := scrypt (P := REV)
+ ]]></artwork>
+ </figure>
+ <figure>
+ <artwork name="" type="" align="left" alt=""><![CDATA[
+ PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!",
+ K[0,31])
+ PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH",
+ K[32,63])
+ IV_aes := HKDF-Expand (PRK_aes,
+ "gnunet-revocation-proof-of-work",
+ 128 / 8);
+ IV_two := HKDF-Expand (PRK_two,
+ "gnunet-revocation-proof-of-work,
+ 128 / 8)
+ ]]></artwork>
+ </figure>
+ <figure>
+ <artwork name="" type="" align="left" alt=""><![CDATA[
+ EREV := TWOFISH(K[0:31], IV_two,
+ AES(K[32:63], IV_aes, REV))
+ ]]></artwork>
+ </figure>
+ <figure>
+ <artwork name="" type="" align="left" alt=""><![CDATA[
+ REVDATA := scrypt(P := EREV)
]]></artwork>
</figure>
<t>
@@ -1173,7 +1203,7 @@
]]></artwork>
<t>
The above function is called with different values for the "NONCE" in
- "REVDAT" until the amount of leading zeroes is greater or equal 25.
+ "REV" until the amount of leading zeroes is greater or equal 25.
</t>
</section>
<section anchor="governance" numbered="true" toc="default">
