commit 9906f623a7bbfe260d6ebb8146dbb043e0cb9c13
parent aba19d9a2fbf0dc4fee36ba420ca8c1b0d1728fd
Author: Schanzenbach, Martin <mschanzenbach@posteo.de>
Date: Sun, 15 Mar 2020 15:20:45 +0100
simplify pow
Diffstat:
3 files changed, 122 insertions(+), 154 deletions(-)
diff --git a/draft-schanzen-gns.html b/draft-schanzen-gns.html
@@ -2397,7 +2397,6 @@ table {
N := 2
r := 8 /* Block size */
p := 2 /* Parallelization parameter */
- dkLen := 64 /* Intended output length in octets */
</pre><a href="#section-7-4" class="pilcrow">¶</a>
</div>
<p id="section-7-5">
@@ -2439,12 +2438,13 @@ table {
<figure id="figure-16">
<div class="artwork art-text alignLeft" id="section-7-10.1">
<pre>
- K := scrypt (P := REV)
+ K := scrypt (P := REV, dkLen := 32)
</pre>
</div>
<figcaption><a href="#figure-16" class="selfRef">Figure 16</a></figcaption></figure>
<p id="section-7-11">
- The second step is to derive an initialization vector using a
+ where dkLen denotes the intended output length in octets.
+ The second step is to derive a 128 bit initialization vector using a
Hash-based Key Derivation Function as defined in
(<span>[<a href="#RFC5869" class="xref">RFC5869</a>]</span>).
Specifically, HMAC-SHA512 is used for the
@@ -2452,39 +2452,22 @@ table {
<figure id="figure-17">
<div class="artwork art-text alignLeft" id="section-7-12.1">
<pre>
- STATUS QUO:
- PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!",
- K[0,31])
- PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH",
- K[32,63])
- IV_aes := HKDF-Expand (PRK_aes,
- "gnunet-revocation-proof-of-work",
- 128 / 8);
- IV_two := HKDF-Expand (PRK_two,
- "gnunet-revocation-proof-of-work,
- 128 / 8)
- ALTERNATIVE:
PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K)
- IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 256 / 8);
+ IV := HKDF-Expand (PRK,
+ "gnunet-revocation-proof-of-work",
+ 128 / 8);
</pre>
</div>
<figcaption><a href="#figure-17" class="selfRef">Figure 17</a></figcaption></figure>
<p id="section-7-13">
- We divide the resulting keying material "K" into a 256-bit AES
- <span>[<a href="#RFC3826" class="xref">RFC3826</a>]</span> key and a 256-bit TWOFISH
- <span>[<a href="#TWOFISH" class="xref">TWOFISH</a>]</span> key and use IV as corresponding
- initialization vectors:<a href="#section-7-13" class="pilcrow">¶</a></p>
+ We use the resulting keying material "K" as a 256-bit TWOFISH
+ <span>[<a href="#TWOFISH" class="xref">TWOFISH</a>]</span> key and use IV as the corresponding
+ initialization vector:<a href="#section-7-13" class="pilcrow">¶</a></p>
<figure id="figure-18">
<div class="artwork art-text alignLeft" id="section-7-14.1">
<pre>
- STATUS QUO:
- EREV := TWOFISH(K[0:31], IV_two,
- AES(K[32:63], IV_aes, REV))
- ALTERNATIVE:
- EREV := TWOFISH(K[0:31], IV[16:31],
- AES(K[32:63], IV[0:15], REV))
-
+ EREV := TWOFISH(K, IV, REV)
</pre>
</div>
<figcaption><a href="#figure-18" class="selfRef">Figure 18</a></figcaption></figure>
@@ -2495,12 +2478,13 @@ table {
<figure id="figure-19">
<div class="artwork art-text alignLeft" id="section-7-16.1">
<pre>
- scrypt(P := EREV) < 2^(39)-1
+ scrypt(P := EREV, dkLen := 64) < 2^(39)-1
</pre>
</div>
<figcaption><a href="#figure-19" class="selfRef">Figure 19</a></figcaption></figure>
<p id="section-7-17">
+ where dkLen again denotes the intended output length in octets.
The final revocation data object consists of a signature over the
public of the zone which is revoked, the zone key itself and the just
calculated proof-of-work.
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt
@@ -1081,7 +1081,6 @@ Internet-Draft The GNU Name System November 2019
N := 2
r := 8 /* Block size */
p := 2 /* Parallelization parameter */
- dkLen := 64 /* Intended output length in octets */
The following the the basic data "REV" on which the proof-of work is
calculated:
@@ -1112,8 +1111,9 @@ Internet-Draft The GNU Name System November 2019
The first step in the PoW is a call to scrypt with the REV data as
password parameter to derive the initial key material K:
- K := scrypt (P := REV)
+ K := scrypt (P := REV, dkLen := 32)
+ Figure 16
@@ -1122,42 +1122,24 @@ Schanzenbach, et al. Expires 13 May 2020 [Page 20]
Internet-Draft The GNU Name System November 2019
- Figure 16
-
- The second step is to derive an initialization vector using a Hash-
- based Key Derivation Function as defined in ([RFC5869]).
- Specifically, HMAC-SHA512 is used for the extraction phase and HMAC-
- SHA256 for the expansion phase.
+ where dkLen denotes the intended output length in octets. The second
+ step is to derive a 128 bit initialization vector using a Hash-based
+ Key Derivation Function as defined in ([RFC5869]). Specifically,
+ HMAC-SHA512 is used for the extraction phase and HMAC-SHA256 for the
+ expansion phase.
- STATUS QUO:
- PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!",
- K[0,31])
- PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH",
- K[32,63])
- IV_aes := HKDF-Expand (PRK_aes,
- "gnunet-revocation-proof-of-work",
- 128 / 8);
- IV_two := HKDF-Expand (PRK_two,
- "gnunet-revocation-proof-of-work,
- 128 / 8)
- ALTERNATIVE:
PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K)
- IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 256 / 8);
+ IV := HKDF-Expand (PRK,
+ "gnunet-revocation-proof-of-work",
+ 128 / 8);
Figure 17
- We divide the resulting keying material "K" into a 256-bit AES
- [RFC3826] key and a 256-bit TWOFISH [TWOFISH] key and use IV as
- corresponding initialization vectors:
-
- STATUS QUO:
- EREV := TWOFISH(K[0:31], IV_two,
- AES(K[32:63], IV_aes, REV))
- ALTERNATIVE:
- EREV := TWOFISH(K[0:31], IV[16:31],
- AES(K[32:63], IV[0:15], REV))
+ We use the resulting keying material "K" as a 256-bit TWOFISH
+ [TWOFISH] key and use IV as the corresponding initialization vector:
+ EREV := TWOFISH(K, IV, REV)
Figure 18
@@ -1165,11 +1147,29 @@ Internet-Draft The GNU Name System November 2019
algorithm. The proof of work is complete, if the following
inequality holds for a given NONCE:
- scrypt(P := EREV) < 2^(39)-1
+ scrypt(P := EREV, dkLen := 64) < 2^(39)-1
Figure 19
+ where dkLen again denotes the intended output length in octets. The
+ final revocation data object consists of a signature over the public
+ of the zone which is revoked, the zone key itself and the just
+ calculated proof-of-work. The resulting block is then published and
+ disseminated. The concrete dissemination and publication methods are
+ out of scope of this document.
+
+
+
+
+
+
+
+
+
+
+
+
@@ -1178,12 +1178,6 @@ Schanzenbach, et al. Expires 13 May 2020 [Page 21]
Internet-Draft The GNU Name System November 2019
- The final revocation data object consists of a signature over the
- public of the zone which is revoked, the zone key itself and the just
- calculated proof-of-work. The resulting block is then published and
- disseminated. The concrete dissemination and publication methods are
- out of scope of this document.
-
0 8 16 24 32 40 48 56
+-----+-----+-----+-----+-----+-----+-----+-----+
| SIGNATURE |
@@ -1222,18 +1216,6 @@ Internet-Draft The GNU Name System November 2019
conceptually prefixed to the public key. The pseudo header includes
the key length and signature purpose:
-
-
-
-
-
-
-
-Schanzenbach, et al. Expires 13 May 2020 [Page 22]
-�
-Internet-Draft The GNU Name System November 2019
-
-
0 8 16 24 32 40 48 56
+-----+-----+-----+-----+-----+-----+-----+-----+
| SIZE (0x24) | PURPOSE (0x03) |
@@ -1244,6 +1226,14 @@ Internet-Draft The GNU Name System November 2019
| |
+-----+-----+-----+-----+-----+-----+-----+-----+
+
+
+
+Schanzenbach, et al. Expires 13 May 2020 [Page 22]
+�
+Internet-Draft The GNU Name System November 2019
+
+
Figure 21
where:
@@ -1283,13 +1273,6 @@ Internet-Draft The GNU Name System November 2019
Base32-encoded public zone key "zk", the root zone of the resolution
process is implicitly given by the name:
-
-
-Schanzenbach, et al. Expires 13 May 2020 [Page 23]
-�
-Internet-Draft The GNU Name System November 2019
-
-
Example name: www.example.<Base32(zk)>
=> Root zone: zk
=> Name to resolve from root zone: www.example
@@ -1300,6 +1283,13 @@ Internet-Draft The GNU Name System November 2019
locally managed zone matches the suffix of the name to be resolved,
resolution SHOULD start from the respective local zone:
+
+
+Schanzenbach, et al. Expires 13 May 2020 [Page 23]
+�
+Internet-Draft The GNU Name System November 2019
+
+
Example name: www.example.gnu
Local zones:
fr = (d0,zk0)
@@ -1337,15 +1327,6 @@ Internet-Draft The GNU Name System November 2019
IANA is requested to create an "GNU Name System Record Type"
registry. The registry shall record for each entry:
-
-
-
-
-Schanzenbach, et al. Expires 13 May 2020 [Page 24]
-�
-Internet-Draft The GNU Name System November 2019
-
-
* Type: The name of the record type (case insensitive ASCII string,
restricted to alphanumeric characters
@@ -1357,6 +1338,14 @@ Internet-Draft The GNU Name System November 2019
* References: Optionally, references describing the record type
(such as an RFC)
+
+
+
+Schanzenbach, et al. Expires 13 May 2020 [Page 24]
+�
+Internet-Draft The GNU Name System November 2019
+
+
The registration policy for this sub-registry is "First Come First
Served", as described in [RFC8126]. IANA is requested to populate
this registry as follows:
@@ -1394,14 +1383,6 @@ Internet-Draft The GNU Name System November 2019
h :=
2af3275a9cf90e54
-
-
-
-Schanzenbach, et al. Expires 13 May 2020 [Page 25]
-�
-Internet-Draft The GNU Name System November 2019
-
-
f2dbf7930be76fb9
5e7c80b1416f8ca6
dc50ce8e1fb759b9
@@ -1413,6 +1394,14 @@ Internet-Draft The GNU Name System November 2019
d_h :=
01fb61f482c17633
77611c4c2509e0f3
+
+
+
+Schanzenbach, et al. Expires 13 May 2020 [Page 25]
+�
+Internet-Draft The GNU Name System November 2019
+
+
81b0e7e4405c10bd
0017c802f7d32e18
@@ -1450,14 +1439,6 @@ Internet-Draft The GNU Name System November 2019
0000000100059412 RR COUNT | EXPIRA-
09ddea0f00000014 -TION | DATA SIZE (20)
0000000f00000000 TYPE (15=MX) | FLAGS (0)
-
-
-
-Schanzenbach, et al. Expires 13 May 2020 [Page 26]
-�
-Internet-Draft The GNU Name System November 2019
-
-
000a046d61696c07 Priority (10) |4 | mail | 7
6578616d706c6503 example | 3
636f6d0000000000 com | \0 | Followed by
@@ -1469,6 +1450,14 @@ Internet-Draft The GNU Name System November 2019
RRBLOCK :=
055cb070e05fe6de SIGNATURE
ad694a50e5b4dedd
+
+
+
+Schanzenbach, et al. Expires 13 May 2020 [Page 26]
+�
+Internet-Draft The GNU Name System November 2019
+
+
b9fdcbdbae004f65
afc99ba9c5a3bb54
07e731a34680ee33
@@ -1506,14 +1495,6 @@ Internet-Draft The GNU Name System November 2019
DOI 10.17487/RFC2782, February 2000,
<https://www.rfc-editor.org/info/rfc2782>.
-
-
-
-Schanzenbach, et al. Expires 13 May 2020 [Page 27]
-�
-Internet-Draft The GNU Name System November 2019
-
-
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
@@ -1525,6 +1506,14 @@ Internet-Draft The GNU Name System November 2019
[RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The
Advanced Encryption Standard (AES) Cipher Algorithm in the
+
+
+
+Schanzenbach, et al. Expires 13 May 2020 [Page 27]
+�
+Internet-Draft The GNU Name System November 2019
+
+
SNMP User-based Security Model", RFC 3826,
DOI 10.17487/RFC3826, June 2004,
<https://www.rfc-editor.org/info/rfc3826>.
@@ -1562,14 +1551,6 @@ Internet-Draft The GNU Name System November 2019
DOI 10.17487/RFC8032, January 2017,
<https://www.rfc-editor.org/info/rfc8032>.
-
-
-
-Schanzenbach, et al. Expires 13 May 2020 [Page 28]
-�
-Internet-Draft The GNU Name System November 2019
-
-
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017,
@@ -1582,6 +1563,13 @@ Internet-Draft The GNU Name System November 2019
Key Derivation Function", RFC 7914, DOI 10.17487/RFC7914,
August 2016, <https://www.rfc-editor.org/info/rfc7914>.
+
+
+Schanzenbach, et al. Expires 13 May 2020 [Page 28]
+�
+Internet-Draft The GNU Name System November 2019
+
+
Authors' Addresses
Martin Schanzenbach
@@ -1621,4 +1609,16 @@ Authors' Addresses
+
+
+
+
+
+
+
+
+
+
+
+
Schanzenbach, et al. Expires 13 May 2020 [Page 29]
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -1147,7 +1147,6 @@
N := 2
r := 8 /* Block size */
p := 2 /* Parallelization parameter */
- dkLen := 64 /* Intended output length in octets */
]]></artwork>
<t>
The following the the basic data "REV" on which the proof-of work is
@@ -1182,11 +1181,12 @@
</t>
<figure>
<artwork name="" type="" align="left" alt=""><![CDATA[
- K := scrypt (P := REV)
+ K := scrypt (P := REV, dkLen := 32)
]]></artwork>
</figure>
<t>
- The second step is to derive an initialization vector using a
+ where dkLen denotes the intended output length in octets.
+ The second step is to derive a 128 bit initialization vector using a
Hash-based Key Derivation Function as defined in
(<xref target="RFC5869"/>).
Specifically, HMAC-SHA512 is used for the
@@ -1195,39 +1195,22 @@
<figure>
<artwork name="" type="" align="left" alt=""><![CDATA[
- STATUS QUO:
- PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!",
- K[0,31])
- PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH",
- K[32,63])
- IV_aes := HKDF-Expand (PRK_aes,
- "gnunet-revocation-proof-of-work",
- 128 / 8);
- IV_two := HKDF-Expand (PRK_two,
- "gnunet-revocation-proof-of-work,
- 128 / 8)
- ALTERNATIVE:
PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K)
- IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 256 / 8);
+ IV := HKDF-Expand (PRK,
+ "gnunet-revocation-proof-of-work",
+ 128 / 8);
]]></artwork>
</figure>
<t>
- We divide the resulting keying material "K" into a 256-bit AES
- <xref target="RFC3826" /> key and a 256-bit TWOFISH
- <xref target="TWOFISH" /> key and use IV as corresponding
- initialization vectors:
+ We use the resulting keying material "K" as a 256-bit TWOFISH
+ <xref target="TWOFISH" /> key and use IV as the corresponding
+ initialization vector:
</t>
<figure>
<artwork name="" type="" align="left" alt=""><![CDATA[
- STATUS QUO:
- EREV := TWOFISH(K[0:31], IV_two,
- AES(K[32:63], IV_aes, REV))
- ALTERNATIVE:
- EREV := TWOFISH(K[0:31], IV[16:31],
- AES(K[32:63], IV[0:15], REV))
-
+ EREV := TWOFISH(K, IV, REV)
]]></artwork>
</figure>
<t>
@@ -1237,11 +1220,12 @@
</t>
<figure>
<artwork name="" type="" align="left" alt=""><![CDATA[
- scrypt(P := EREV) < 2^(39)-1
+ scrypt(P := EREV, dkLen := 64) < 2^(39)-1
]]>
</artwork>
</figure>
<t>
+ where dkLen again denotes the intended output length in octets.
The final revocation data object consists of a signature over the
public of the zone which is revoked, the zone key itself and the just
calculated proof-of-work.
