commit c74a35872ce99ed60ab1e31b850b99a25f71eaed
parent 27748eb7472e07ae0bf62a34d7e29745041c7ad2
Author: Christian Grothoff <grothoff@gnunet.org>
Date: Mon, 31 Jan 2022 17:22:43 +0100
also need signing/verifying on unblinded values, for revocations
Diffstat:
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -352,7 +352,9 @@
<dd>
is a zone key derivation function which blinds a private key d
using label, resulting in another private key which
- can be used to create cryptographic signatures.
+ can be used to create cryptographic signatures. We note that
+ GNS only requires a signature to be created directly with
+ d to sign a revocation message for the zone key zk.
</dd>
<dt>ZKDF-Public(zk,label) -> zk'</dt>
<dd>
@@ -376,17 +378,18 @@
data based on key material derived from the zone key,
a label, a nonce and an expiration.
</dd>
- <dt>Sign(d',message) -> signature</dt>
+ <dt>Sign(d,message) -> signature, Sign(d',message) -> signature</dt>
<dd>
- is a function to sign encrypted record data using the (blinded) private
- key d', yielding an unforgable cryptographic signature.
+ is a function to sign a message (typically encrypted record data) using the (blinded) private
+ key d (d'), yielding an unforgable cryptographic signature.
</dd>
- <dt>Verify(zk',message,signature) -> valid</dt>
+ <dt>Verify(zk,message,signature) -> boolean, Verify(zk',message,signature) -> boolean</dt>
<dd>
is a function to verify the signature was created by
- the private key d' derived from d and a label if
- zk' was derived from the corresponding zone key
- zk := Public-Keygen(d) and same label.
+ the private key d (or derived key d') corresponding to
+ the zone key zk (or derived zone key zk')
+ where d,zk := Keygen(). If deriviations were used, they
+ must have used the same label.
The function returns a boolean value of "TRUE" if the signature is valid,
and otherwise "FALSE".
</dd>
