commit b3a2953c279ab387e7cc731dbc9185c044c04ced
parent 5c50f83f3574003d0b38115f38d16814d0d886e8
Author: Martin Schanzenbach <mschanzenbach@posteo.de>
Date: Sat, 19 Sep 2020 16:14:25 +0200
minor
Diffstat:
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -447,17 +447,17 @@ zk' := h mod L * zk
Signatures for EDKEY zones using the derived private key a'
are NOT compliant with <xref target="ed25519" />.
Instead, signatures MUST be generated as follows for any given
- message M:
+ message M and deterministic random-looking r:
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
-R := rB
-S := r+SHA512(R,zk',M)*a*h mod L
+R := r * B
+S := r + SHA512(R, zk', M) * a' mod L
]]></artwork>
<t>
A signature (R,S) is valid if the following holds:
</t>
<artwork name="" type="" align="left" alt=""><![CDATA[
-SB == R + SHA512(R,zk',M)A' )
+SB == R + SHA512(R, zk', M) * A'
]]></artwork>
<t>
The "zid" of an EDKEY is 32 + 4 bytes in length. This means that
