commit 34709ff00d670ac2ed286e2e8237a22f72d0acd0
parent 77dfd2e1732ca389efa4800a2953840a536d654a
Author: Martin Schanzenbach <mschanzenbach@posteo.de>
Date: Wed, 23 Sep 2020 17:43:53 +0200
remove twofish
Diffstat:
1 file changed, 18 insertions(+), 48 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -1042,43 +1042,27 @@ q := SHA512 (HDKD-Public(zk, label))
<artwork name="" type="" align="left" alt=""><![CDATA[
PRK_k := HKDF-Extract ("gns-aes-ctx-key", zk)
PRK_iv := HKDF-Extract ("gns-aes-ctx-iv", zk)
-K := HKDF-Expand (PRK_k, label, 512 / 8);
-NONCES := HKDF-Expand (PRK_iv, label, 32 / 8)
+K := HKDF-Expand (PRK_k, label, 256 / 8);
+NONCE := HKDF-Expand (PRK_iv, label, 32 / 8)
IV := EXPIRATION
]]></artwork>
<t>
HKDF is a hash-based key derivation function as defined in
<xref target="RFC5869" />. Specifically, HMAC-SHA512 is used for the
extraction phase and HMAC-SHA256 for the expansion phase.
- The output keying material is 64 octets (512 bit) for the symmetric
- keys and 16 octets (128 bit) for the nonces.
- We divide the resulting keying material "K" into a 256 bit AES
- <xref target="RFC3826" /> key
- and a 256-bit TWOFISH <xref target="TWOFISH" /> key:
+ The output keying material is 32 octets (256 bit) for the symmetric
+ key and 4 octets (32 bit) for the nonce.
+ The symmetric key "K" is a 256 bit AES <xref target="RFC3826" /> key:
</t>
- <figure anchor="figure_hkdf_keys">
- <artwork name="" type="" align="left" alt=""><![CDATA[
-0 8 16 24 32 40 48 56
-+-----+-----+-----+-----+-----+-----+-----+-----+
-| AES KEY |
-| |
-| |
-| |
-+-----+-----+-----+-----+-----+-----+-----+-----+
-| TWOFISH KEY |
-| |
-| |
-| |
-+-----+-----+-----+-----+-----+-----+-----+-----+
- ]]></artwork>
- <!-- <postamble>which is a very simple example.</postamble>-->
- </figure>
<t>
- The NONCES are divided into two 32 bit NONCE values. Each is combined
- with a 64 bit initialization vecor and a counter as defined in
- <xref target="RFC3686" /> into a 128 bit COUNTERBLOCK.
- The initialization vector is the expiration time of the resource
- record block:
+ The nonce is combined with a 64 bit initialization vector and a
+ 32 bit block counter as defined in <xref target="RFC3686" />.
+ The block counter begins with the value of one,i and it is incremented
+ to generate subsequent portions of the key stream.
+ The block counter is a 32-bit integer value in network byte order.
+ The initialization vector is the expiration time of the
+ resource record block in network byte order.
+ The resulting COUNTER wire format is as follows:
</t>
<figure anchor="figure_hkdf_ivs">
<artwork name="" type="" align="left" alt=""><![CDATA[
@@ -1089,22 +1073,19 @@ IV := EXPIRATION
| EXPIRATION |
| |
+-----+-----+-----+-----+
-| COUNTER |
+| BLOCK COUNTER |
+-----+-----+-----+-----+
]]></artwork>
<!-- <postamble>which is a very simple example.</postamble>-->
</figure>
<t>
- The keys and counter blocks are used for a CTR-AES-256 and
- CTR-TWOFISH-256 chained symmetric cipher. Both ciphers are used in
- counter mode (CTR) as defined in <xref target="MODES" />.
+ The key and counter block are used for the AES cipher in counter mode
+ as defined in <xref target="MODES" /> (CTR-AES-256):
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
-RDATA := AES(K[0:31], COUNTERBLOCK,
- TWOFISH(K[32:63], COUNTERBLOCK, BDATA))
-BDATA := TWOFISH(K[32:63], COUNTERBLOCK,
- AES(K[0:31], COUNTERBLOCK, RDATA))
+RDATA := CTR-AES256(K, COUNTER, BDATA)
+BDATA := CTR-AES256(K, COUNTER, RDATA)
]]></artwork>
<t>
In order to ensure ciphertext indistinguishability, care must be
@@ -2114,17 +2095,6 @@ ee83f0cc79c4c5ea
&RFC8032;
&RFC8126;
- <reference anchor="TWOFISH">
- <front>
- <title>
- The Twofish Encryptions Algorithm: A 128-Bit Block Cipher, 1st Edition
- </title>
- <author initials="B." surname="Schneier" fullname="B. Schneier">
- <organization/>
- </author>
- <date year="1999" month="March"/>
- </front>
- </reference>
<reference anchor="GNS" target="https://doi.org/10.1007/978-3-319-12280-9_9">
<front>
<title>A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name System</title>
