commit 90b1ca67cc627b69381a062d4f19dd5227faf233
parent ccafae094c98ee63cc74105e39b12f26699e02f5
Author: Martin Schanzenbach <mschanzenbach@posteo.de>
Date: Sun, 2 May 2021 15:28:54 +0200
avoid HDKD and rename to ZKDF
Diffstat:
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -146,8 +146,8 @@
using an encryption key derived from the label and the zone public key.
Instead of the zone private key "d", the signature MUST
be created using a blinded public/private key pair "d'" and "zk'".
- This blinding is realized using a hierarchical deterministic key
- derivation (HDKD) scheme.
+ This blinding is realized using a deterministic key
+ derivation scheme.
Such a scheme allows the deterministic derivation of keys from
the original public and private zone keys using "label" values.
Specifically, the zone owner can derive private keys "d'", and a
@@ -247,9 +247,9 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
<dd>
is a function to derive a public key "zk" from a private key "d".
</dd>
- <dt>HDKD-Private(d,label) -> d'</dt>
+ <dt>ZKDF-Private(d,label) -> d'</dt>
<dd>
- is an HDKD function which blinds a private zone key "d"
+ is a zone key derivation function which blinds a private zone key "d"
using "label", resulting in another private key which
can be used to create cryptographic signatures.
</dd>
@@ -267,9 +267,9 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
is a function to sign "bdata" using the (blinded) private key
"d'", yielding an unforgable cryptographic signature "sig".
</dd>
- <dt>HDKD-Public(zk,label) -> zk'</dt>
+ <dt>ZKDF-Public(zk,label) -> zk'</dt>
<dd>
- is a HDKD function which blinds a public zone key "zk"
+ is a zone key derivation function which blinds a public zone key "zk"
using "label". "zk" and "zk'" must be unlinkable. Furthermore,
blinding "zk" with different values for "label" must result
in unlinkable different resulting values for "zk'".
@@ -497,7 +497,7 @@ zTLD := zkl[126:129].zkl[63:125].zkl[0:62]
not need any further conversion.
</t>
<t>
- Given a label, the output d' of the HDKD-Private(d,label) function for zone
+ Given a label, the output d' of the ZKDF-Private(d,label) function for zone
key blinding is calculated as follows for PKEY zones:
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
@@ -507,7 +507,7 @@ h := HKDF-Expand (PRK_h, label | "gns", 512 / 8)
d' := h * d mod L
]]></artwork>
<t>
- Equally, given a label, the output zk' of the HDKD-Public(zk,label) function is
+ Equally, given a label, the output zk' of the ZKDF-Public(zk,label) function is
calculated as follows for PKEY zones:
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
@@ -668,8 +668,8 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
not need any further conversion.
</t>
<t>
- The "EDKEY" HDKD instantiation is based on <xref target="Tor224"/>.
- Given a label, the output of the HDKD-Private function for zone
+ The "EDKEY" ZKDF instantiation is based on <xref target="Tor224"/>.
+ Given a label, the output of the ZKDF-Private function for zone
key blinding is calculated as follows for EDKEY zones:
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
@@ -685,7 +685,7 @@ a'[31] &= 127;
a'[31] |= 64;
]]></artwork>
<t>
- Equally, given a label, the output of the HDKD-Public function is
+ Equally, given a label, the output of the ZKDF-Public function is
calculated as follows for PKEY zones:
</t>
<artwork name="" type="" align="left" alt=""><