diff options
| author | Martin Schanzenbach <schanzen@gnunet.org> | 2022-02-09 14:02:47 +0100 |
|---|---|---|
| committer | Martin Schanzenbach <schanzen@gnunet.org> | 2022-02-09 14:02:47 +0100 |
| commit | 4e4fb3536aeda118ed2c5b8632d36bc4ae0b7be0 (patch) | |
| tree | 874b54412ad2e73264cfb164a606d682ad0abe93 | |
| parent | f2ae686f743375da77f8bea8884262b6977bb8ba (diff) | |
| download | lsd0001-4e4fb3536aeda118ed2c5b8632d36bc4ae0b7be0.tar.gz lsd0001-4e4fb3536aeda118ed2c5b8632d36bc4ae0b7be0.zip | |
comments in pseudocode
| -rw-r--r-- | draft-schanzen-gns.xml | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 64abd62..a05af98 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
| @@ -1167,14 +1167,20 @@ S-Decrypt(zk,label,expiration,ciphertext): | |||
| 1167 | </t> | 1167 | </t> |
| 1168 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 1168 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
| 1169 | ZKDF-Private(d,label): | 1169 | ZKDF-Private(d,label): |
| 1170 | /* Calculate zk from d */ | ||
| 1170 | a := SHA-512 (d) | 1171 | a := SHA-512 (d) |
| 1172 | /* EdDSA clamping */ | ||
| 1171 | a[0] &= 248 | 1173 | a[0] &= 248 |
| 1172 | a[31] &= 127 | 1174 | a[31] &= 127 |
| 1173 | a[31] |= 64 | 1175 | a[31] |= 64 |
| 1174 | zk := a * G | 1176 | zk := a * G |
| 1177 | |||
| 1178 | /* Calculate the blinding factor */ | ||
| 1175 | PRK_h := HKDF-Extract ("key-derivation", zk) | 1179 | PRK_h := HKDF-Extract ("key-derivation", zk) |
| 1176 | h := HKDF-Expand (PRK_h, label || "gns", 512 / 8) | 1180 | h := HKDF-Expand (PRK_h, label || "gns", 512 / 8) |
| 1181 | /* Ensure that h == h mod L */ | ||
| 1177 | h[31] &= 7 | 1182 | h[31] &= 7 |
| 1183 | |||
| 1178 | a1 := a >> 3 | 1184 | a1 := a >> 3 |
| 1179 | a2 := (h * a1) mod L | 1185 | a2 := (h * a1) mod L |
| 1180 | d' := a2 << 3 | 1186 | d' := a2 << 3 |
| @@ -1186,9 +1192,12 @@ ZKDF-Private(d,label): | |||
| 1186 | </t> | 1192 | </t> |
| 1187 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 1193 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
| 1188 | ZKDF-Public(zk,label): | 1194 | ZKDF-Public(zk,label): |
| 1195 | /* Calculate the blinding factor */ | ||
| 1189 | PRK_h := HKDF-Extract ("key-derivation", zk) | 1196 | PRK_h := HKDF-Extract ("key-derivation", zk) |
| 1190 | h := HKDF-Expand (PRK_h, label || "gns", 512 / 8) | 1197 | h := HKDF-Expand (PRK_h, label || "gns", 512 / 8) |
| 1198 | /* Ensure that h == h mod L */ | ||
| 1191 | h[31] &= 7 | 1199 | h[31] &= 7 |
| 1200 | |||
| 1192 | zk' := h * zk | 1201 | zk' := h * zk |
| 1193 | return zk' | 1202 | return zk' |
| 1194 | ]]></artwork> | 1203 | ]]></artwork> |
| @@ -1244,8 +1253,9 @@ ZKDF-Public(zk,label): | |||
| 1244 | </t> | 1253 | </t> |
| 1245 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 1254 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
| 1246 | SignDerived(d,label,message): | 1255 | SignDerived(d,label,message): |
| 1247 | /* Calculate public key */ | 1256 | /* Calculate zk from d */ |
| 1248 | a := SHA-512 (d) | 1257 | a := SHA-512 (d) |
| 1258 | /* EdDSA clamping */ | ||
| 1249 | a[0] &= 248 | 1259 | a[0] &= 248 |
| 1250 | a[31] &= 127 | 1260 | a[31] &= 127 |
| 1251 | a[31] |= 64 | 1261 | a[31] |= 64 |