commit 4b5b37787b99fdedada4a34fd2538dff041a9e7f
parent e5ad7184cbc7d63a7cb18f24d036f6248835aba8
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date: Wed, 9 Jul 2025 16:50:48 +0200
update
Diffstat:
1 file changed, 29 insertions(+), 100 deletions(-)
diff --git a/draft-schanzen-pils.xml b/draft-schanzen-pils.xml
@@ -12,6 +12,7 @@
<!ENTITY RFC4033 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.4033.xml">
<!ENTITY RFC5237 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5237.xml">
<!--<!ENTITY RFC3912 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.3912.xml">-->
+<!ENTITY RFC5869 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5869.xml">
<!ENTITY RFC5890 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5890.xml">
<!ENTITY RFC5895 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.5895.xml">
<!ENTITY RFC6066 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6066.xml">
@@ -20,7 +21,6 @@
<!ENTITY RFC6979 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.6979.xml">
<!ENTITY RFC7363 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7363.xml">
<!ENTITY RFC8806 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8806.xml">
-<!ENTITY RFC7748 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.7748.xml">
<!ENTITY RFC8126 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8126.xml">
<!ENTITY RFC8174 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8174.xml">
<!ENTITY RFC8244 PUBLIC '' "http://xml.resource.org/public/rfc/bibxml/reference.RFC.8244.xml">
@@ -116,8 +116,34 @@
this document.
</t>
</section>
+ <section anchor="address_hash" numbered="true" toc="default">
+ <name>Address hash</name>
+ <t>
+ The address hash is calculated over the concatenation of all
+ address strings (URIs) (excluding 0-terminator) using SHA-512.
+ </t>
+ </section>
<section anchor="pid_derivation" numbered="true" toc="default">
<name>Peer ID Derivation</name>
+ <t>
+ Given an address hash h_addr and an initial key seed, the
+ deterministic address-derived peer ID is calculated using HKDF (<xref target="RFC5869"/>) as:
+ </t>
+ <figure anchor="figure_key_schedule" title="The Key Schedule.">
+ <artwork name="" type="" align="left" alt=""><![CDATA[
+HKDF-Extract(salt = h_addr,IKM = seed)
+ |
+ +-----> HKDF-Expand(., "gnunet-pils-ephemeral-peer-key")
+ = ePID
+ ]]></artwork>
+ </figure>
+ <t>
+ "." shows the argument position of the input variable from the incoming arrow.
+ </t>
+ <t>
+ FIXME: Possibly needs algorithm for Elligator to iteratively try secret keys that can be
+ used.
+ </t>
</section>
<!-- gana -->
<section>
@@ -127,8 +153,7 @@
The implementation is part of <xref target="GNUnet"/> and represents the original and reference implementation.
</t>
<t>
- The basic Elligator primitives GenerateKeyPair(), SerializePublicKey() and DeserializePublicKey()
- are present in <xref target="GNUnetElligator"/>. The corresponding KEM primitives are part of <xref target="GNUnetHPKE"/>.
+ FIXME test vectors
</t>
</section>
<!-- <section>
@@ -142,46 +167,13 @@
<references>
<name>Normative References</name>
&RFC2119;
- &RFC7748;
+ &RFC5869;
&RFC8174;
&RFC9180;
</references>
<references>
<name>Informative References</name>
- <reference anchor="BHKL13" target="https://eprint.iacr.org/2013/325.pdf">
- <front>
- <title>Elligator: Elliptic-curve points indistinguishable from uniform random strings</title>
- <author initials="D.J" surname="Bernstein"
- fullname="Daniel J. Bernstein">
- </author>
- <author initials="M." surname="Hamburg"
- fullname="Mike Hamburg">
- </author>
- <author initials="A." surname="Krasnova"
- fullname="Anna Krasnova">
- </author>
- <author initials="T." surname="Lange"
- fullname="Tanja Lange">
- </author>
- <date month="August" year="2013" />
- </front>
- </reference>
- <!--<reference anchor="LSD0007" target="https://lsd.gnunet.org/lsd0007">
- <front>
- <title>The GNUnet communicators</title>
- <author initials="M" surname="Schanzenbach"
- fullname="Martin Schanzenbach">
- </author>
- <author initials="C." surname="Grothoff"
- fullname="Christian Grothoff">
- </author>
- <author initials="P." surname="Fardzadeh"
- fullname="Pedram Fardzadeh">
- </author>
- <date month="July" year="2024" />
- </front>
- </reference>-->
<reference anchor="GNUnet" target="https://git.gnunet.org/gnunet.git">
<front>
<title>gnunet.git - GNUnet core repository</title>
@@ -191,69 +183,6 @@
<date month="" year="2023" />
</front>
</reference>
- <reference anchor="GNUnetElligator" target="https://git.gnunet.org/gnunet.git/tree/src/lib/util/crypto_elligator.c">
- <front>
- <title>gnunet.git - Elligator primitives implementation in GNUnet core repository</title>
- <author initials="M" surname="Schanzenbach"
- fullname="Martin Schanzenbach">
- </author>
- <author initials="P." surname="Fardzadeh"
- fullname="Pedram Fardzadeh">
- </author>
- <date month="" year="2023" />
- </front>
- </reference>
- <reference anchor="GNUnetHPKE" target="https://git.gnunet.org/gnunet.git/tree/src/lib/util/crypto_hpke.c">
- <front>
- <title>gnunet.git - HPKE Primitive implementation in GNUnet core repository</title>
- <author initials="M" surname="Schanzenbach"
- fullname="Martin Schanzenbach">
- </author>
- <author initials="P." surname="Fardzadeh"
- fullname="Pedram Fardzadeh">
- </author>
- <date month="" year="2023" />
- </front>
- </reference>
</references>
-
-
- <section>
- <name>Elligator implementation</name>
- <t>
- This section provides a test vector for the Elligator KEM and should aid in verifying implementations.
- Note that Elligator has two parameters: the set of positive and negative numbers, and a non-square number U
- within the finite field, as described in section 5.1 of <xref target="BHKL13"/>. The displayed test vectors assume that the set of positive
- numbers is defined as {0,...,(P-1)/2}, the set of negative numbers as {(P-1)/2 + 1,...,P−1} and U is the non-square number
- sqrt(-1). The depicted coin flips are used in the order of the coinFlip() calls in SerializeElligatorPublicKey(pkX), namely
- coin flip 1 for choosing the pkXm term, coin flip 2 for the MSB and coin flip 3 for the second MSB.
- Unless indicated otherwise, the test vectors are provided as little-endian hexadecimal byte arrays.
- </t>
- <section>
- <name>Elligator KEM</name>
- <artwork name="" type="" align="left" alt=""><![CDATA[
-coin flip 1: 0
-coin flip 2: 1
-coin flip 3: 1
-pkEm:
-3f73ee0dd1970ff957f7ec15e0b5151166be3046e6a8b0ee53beca395b74e42c
-
-skEm:
-09395966d6d1c493b9917dd12c8dd24e2c05c081c98a67eb2d6dff622ec9c069
-
-skRm:
-f33887a8562dad5151e9289a0afa1301ccc698917850d56ea409a9949497baa4
-
-pkRm:
-3febadac122d397725ff580f6ce9a3e1c1c4a7de19807f13d383f2f9b6467136
-
-enc:
-da0f7edaefed18a99f0b73a789e51c4c6e80664190ae3c8ae4e95b9d926a34f7
-
-key:
-46eff65b5313f41fbaffc7adf98f5df03ab4e4f46ae62a2c7ecbe1f0ae83280b
- ]]></artwork>
- </section>
- </section>
</back>
</rfc>
