commit d470174bc326281c3020252af273181cc58cbf9a
parent 583e83d24cf94e0842014c5e937d3ffacb4c2634
Author: Martin Schanzenbach <mschanzenbach@posteo.de>
Date: Tue, 6 Oct 2020 12:44:21 +0200
fix clamping thx bfix
Diffstat:
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -665,10 +665,10 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
zk := a * G
PRK_h := HKDF-Extract ("key-derivation", zk)
h := HKDF-Expand (PRK_h, label | "gns", 512 / 8)
-h[0] &= 248;
-h[31] &= 127;
-h[31] |= 64;
a' := h * a mod L
+a'[0] &= 248;
+a'[31] &= 127;
+a'[31] |= 64;
]]></artwork>
<t>
Equally, given a label, the output of the HDKD-Public function is
@@ -677,10 +677,11 @@ a' := h * a mod L
<artwork name="" type="" align="left" alt=""><![CDATA[
PRK_h := HKDF-Extract ("key-derivation", zk)
h := HKDF-Expand (PRK_h, label | "gns", 512 / 8)
-h[0] &= 248;
-h[31] &= 127;
-h[31] |= 64;
-zk' := h mod L * zk
+a' = h mod L
+a'[0] &= 248;
+a'[31] &= 127;
+a'[31] |= 64;
+zk' := a' * zk
]]></artwork>
<t>
The EDKEY cryptosystem uses a
