commit 991da11eb6ef2f4edcc0e41e2e37bb278991d860
parent e8522b5244168135d478c12383bb59a4afcbce6d
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Tue, 15 Apr 2025 22:39:25 +0200
clarify H
Diffstat:
1 file changed, 1 insertion(+), 0 deletions(-)
diff --git a/draft-schanzen-cake.xml b/draft-schanzen-cake.xml
@@ -129,6 +129,7 @@
<dt>ES:</dt> <dd>Early Secret Key</dd>
<dt>IHTS:</dt> <dd>Initiator Handshake Secret Key</dd>
<dt>RHTS:</dt> <dd>Receiver Handshake Secret Key</dd>
+ <dt>H(D):</dt> <dd>A 512-bit hash over D. The hash function is TBD (Blake2b or SHA-512).</dd>
<dt>T(M):</dt> <dd>means the transcript as a concatenation of received/sent messages starting from and including the InitiatorHello pk_e until and including M. Note that the transcript refers to everything that is seen on the wire, including potentially encrypted messages or fields and metadata.</dd>
<dt>'{}K'</dt> <dd>indicates encryption with a handshake traffic key K and <xref target="RFC8439"/>, the ChaCha20-Poly1305 Authenticated Encryption with Associated Data (AEAD) construction.</dd>
<dt>'[]K'</dt> <dd>indicates encryption with an application traffic key K and <xref target="RFC8439"/>, the ChaCha20-Poly1305 Authenticated Encryption with Associated Data (AEAD) construction.</dd>
