lsd0001

LSD0001: GNU Name System
Log | Files | Refs | README
commit 258b24fa760bedd320d74f7c4f7ccd45d96bc686
parent 4c476ec0fae596727ece6a7b7e5b1183818e9a0b
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date:   Wed,  9 Feb 2022 08:53:24 +0100

use different concatenation operator

Diffstat:

Mdraft-schanzen-gns.xml | 44+++++++++++++++++++++++---------------------


1 file changed, 23 insertions(+), 21 deletions(-)

diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -506,8 +506,8 @@ Value       Symbol            Symbol
          For the string representation of a zTLD we define:
        </t>
        <artwork name="" type="" align="left" alt=""><![CDATA[
-zkl := GNSBase32Encode(ztype|zkey)
-ztype|zkey := GNSBase32Decode(zkl)
+zkl := GNSBase32Encode(ztype||zkey)
+ztype||zkey := GNSBase32Decode(zkl)
     ]]></artwork>
        <t>
          If zkl is less than 63 characters, it can directly be
@@ -515,7 +515,7 @@ ztype|zkey := GNSBase32Decode(zkl)
          If zkl is longer than 63 characters, the
          zTLD is constructed by dividing zkl into smaller labels separated by the
          label separator ".".
-         Here, the most significant bytes of the "ztype|zkey" concatenation must be contained
+         Here, the most significant bytes of the "ztype||zkey" concatenation must be contained
          in the rightmost label of the resulting string and the least significant
          bytes in the leftmost label of the resulting string. This allows the
          resolver to determine the ztype and zkl length from the rightmost label and
@@ -1006,7 +1006,7 @@ zTLD := zkl[126..129].zkl[63..125].zkl[0..62]
 ZKDF-Private(d,label):
   zk := d * G
   PRK_h := HKDF-Extract ("key-derivation", zk)
-  h := HKDF-Expand (PRK_h, label | "gns", 512 / 8)
+  h := HKDF-Expand (PRK_h, label || "gns", 512 / 8)
   d' := (h * d) mod L
   return d'
         ]]></artwork>
@@ -1017,7 +1017,7 @@ ZKDF-Private(d,label):
        <artwork name="" type="" align="left" alt=""><![CDATA[
 ZKDF-Public(zk,label)
   PRK_h := HKDF-Extract ("key-derivation", zk)
-  h := HKDF-Expand (PRK_h, label | "gns", 512 / 8)
+  h := HKDF-Expand (PRK_h, label || "gns", 512 / 8)
   zk' := (h mod L) * zk
   return zk'
         ]]></artwork>
@@ -1066,7 +1066,7 @@ S-Encrypt(zk,label,expiration,plaintext):
   PRK_n := HKDF-Extract ("gns-aes-ctx-iv", zk)
   K := HKDF-Expand (PRK_k, label, 256 / 8)
   NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
-  IV := NONCE | expiration | 0x0000000000000001
+  IV := NONCE || expiration || 0x0000000000000001
   return CTR-AES256(K, IV, plaintext)
            ]]></artwork>
        </figure>
@@ -1078,7 +1078,7 @@ S-Decrypt(zk,label,expiration,ciphertext):
   PRK_n := HKDF-Extract ("gns-aes-ctx-iv", zk)
   K := HKDF-Expand (PRK_k, label, 256 / 8)
   NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
-  IV := NONCE | expiration | 0x0000000000000001
+  IV := NONCE || expiration || 0x0000000000000001
   return CTR-AES256(K, IV, ciphertext)
            ]]></artwork>
        </figure>
@@ -1211,12 +1211,12 @@ S-Decrypt(zk,label,expiration,ciphertext):
          <artwork name="" type="" align="left" alt=""><![CDATA[
 ZKDF-Private(d,label):
   a := SHA-512 (d)
-  a[0] &= 248;
-  a[31] &= 127;
-  a[31] |= 64;
+  a[0] &= 248
+  a[31] &= 127
+  a[31] |= 64
   zk := a * G
   PRK_h := HKDF-Extract ("key-derivation", zk)
-  h := HKDF-Expand (PRK_h, label | "gns", 512 / 8)
+  h := HKDF-Expand (PRK_h, label || "gns", 512 / 8)
   h[31] &= 7
   a1 := a >> 3
   a2 := (h * a1) mod L
@@ -1230,7 +1230,7 @@ ZKDF-Private(d,label):
          <artwork name="" type="" align="left" alt=""><![CDATA[
 ZKDF-Public(zk,label):
   PRK_h := HKDF-Extract ("key-derivation", zk)
-  h := HKDF-Expand (PRK_h, label | "gns", 512 / 8)
+  h := HKDF-Expand (PRK_h, label || "gns", 512 / 8)
   h[31] &= 7
   zk' := h * zk
   return zk'
@@ -1289,21 +1289,21 @@ ZKDF-Public(zk,label):
 SignDerived(d,label,message):
   /* Calculate public key */
   a := SHA-512 (d)
-  a[0] &= 248;
-  a[31] &= 127;
-  a[31] |= 64;
+  a[0] &= 248
+  a[31] &= 127
+  a[31] |= 64
   zk := a * G
 
   /* Calculate blinding factor */
   PRK_h := HKDF-Extract ("key-derivation", zk)
-  h := HKDF-Expand (PRK_h, label | "gns", 512 / 8)
+  h := HKDF-Expand (PRK_h, label || "gns", 512 / 8)
 
   d' := ZKDF-Private(d,label)
   dh := SHA-512 (d)
-  nonce := SHA-256 (dh[32..63] | h)
-  r := SHA-512 (nonce | message)
+  nonce := SHA-256 (dh[32..63] || h)
+  r := SHA-512 (nonce || message)
   R := r * G
-  S := r + SHA-512(R | zk' | message) * d' mod L
+  S := r + SHA-512(R || zk' || message) * d' mod L
   return (R,S)
            ]]></artwork>
          <t>
@@ -1324,15 +1324,17 @@ VerifyDerived(zk,label,message,signature):
 S-Encrypt(zk,label,expiration,message):
   PRK_k := HKDF-Extract ("gns-xsalsa-ctx-key", zk)
   PRK_n := HKDF-Extract ("gns-xsalsa-ctx-iv", zk)
-  K := HKDF-Expand (PRK_k, label, 256 / 8);
+  K := HKDF-Expand (PRK_k, label, 256 / 8)
   NONCE := HKDF-Expand (PRK_n, label, 128 / 8)
+  IV := NONCE || expiration
   return XSalsa20-Poly1305(K, IV, message)
 
 S-Decrypt(zk,label,expiration,ciphertext):
   PRK_k := HKDF-Extract ("gns-xsalsa-ctx-key", zk)
   PRK_n := HKDF-Extract ("gns-xsalsa-ctx-iv", zk)
-  K := HKDF-Expand (PRK_k, label, 256 / 8);
+  K := HKDF-Expand (PRK_k, label, 256 / 8)
   NONCE := HKDF-Expand (PRK_n, label, 128 / 8)
+  IV := NONCE || expiration
   return XSalsa20-Poly1305(K, IV, ciphertext)
            ]]></artwork>
          <t>