update math, privacy notes

3 files changed, 10 insertions, 14 deletions

diff --git a/draft-schanzen-gns.html b/draft-schanzen-gns.html
index 258e1cd..e8a363c 100644
--- a/draft-schanzen-gns.html
+++ b/draft-schanzen-gns.html
@@ -1204,8 +1204,6 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
        GNS employs the curve parameters of the twisted edwards representation
        of Curve25519 <span>[<a href="#RFC7748" class="xref">RFC7748</a>]</span> (a.k.a. edwards25519)
        with the ECDSA scheme (<span>[<a href="#RFC6979" class="xref">RFC6979</a>]</span>).
-       The deterministic property of ECDSA (as opposed to EdDSA) is required
-       in order to achieve zone privacy.
        In the following, we use the following naming convention for our
        cryptographic primitives:<a href="#section-2-1" class="pilcrow">¶</a></p>
 <dl class="dlParallel" id="section-2-2">
@@ -1575,8 +1573,8 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
 <pre>
          PRK_h := HKDF-Extract ("key-derivation", zk)
          h := HKDF-Expand (PRK_h, label | "gns", 512 / 8)
-         d_h := h*d mod L
-         zk_h := h*zk mod L
+         d_h := h mod L * d
+         zk_h := h mod L * zk
          q := SHA512 (zk_h)
          </pre><a href="#section-4.1-2" class="pilcrow">¶</a>
 </div>
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt
index 4d349f1..10349bc 100644
--- a/draft-schanzen-gns.txt
+++ b/draft-schanzen-gns.txt
@@ -139,10 +139,8 @@ Internet-Draft             The GNU Name System                 July 2019
    where d is the private key and zk the corresponding public key.  GNS
    employs the curve parameters of the twisted edwards representation of
    Curve25519 [RFC7748] (a.k.a. edwards25519) with the ECDSA scheme
-   ([RFC6979]).  The deterministic property of ECDSA (as opposed to
-   EdDSA) is required in order to achieve zone privacy.  In the
-   following, we use the following naming convention for our
-   cryptographic primitives:
+   ([RFC6979]).  In the following, we use the following naming
+   convention for our cryptographic primitives:
 
    d  is a 256-bit ECDSA private key.  In GNS, records are signed using
       a key derived from "d" as described in Section 4.
@@ -165,6 +163,8 @@ Internet-Draft             The GNU Name System                 July 2019
 
 
 
+
+
 Schanzenbach, et al.     Expires 24 January 2020                [Page 3]
 
 Internet-Draft             The GNU Name System                 July 2019
@@ -439,8 +439,8 @@ Internet-Draft             The GNU Name System                 July 2019
 
             PRK_h := HKDF-Extract ("key-derivation", zk)
             h := HKDF-Expand (PRK_h, label | "gns", 512 / 8)
-            d_h := h*d mod L
-            zk_h := h*zk mod L
+            d_h := h mod L * d
+            zk_h := h mod L * zk
             q := SHA512 (zk_h)
 
 
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 7685872..0972088 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -117,8 +117,6 @@
        GNS employs the curve parameters of the twisted edwards representation
        of Curve25519 <xref target="RFC7748" /> (a.k.a. edwards25519)
        with the ECDSA scheme (<xref target="RFC6979" />).
-       The deterministic property of ECDSA (as opposed to EdDSA) is required
-       in order to achieve zone privacy.
        In the following, we use the following naming convention for our
        cryptographic primitives:
      </t>
@@ -446,8 +444,8 @@
        <artwork name="" type="" align="left" alt=""><![CDATA[
          PRK_h := HKDF-Extract ("key-derivation", zk)
          h := HKDF-Expand (PRK_h, label | "gns", 512 / 8)
-         d_h := h*d mod L
-         zk_h := h*zk mod L
+         d_h := h mod L * d
+         zk_h := h mod L * zk
          q := SHA512 (zk_h)
          ]]></artwork>
        <t>