diff options
author | Christian Grothoff <christian@grothoff.org> | 2022-02-01 20:33:00 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2022-02-01 20:33:00 +0100 |
commit | 8c58a3a83d30508e5093966ec72603dd0f7d6275 (patch) | |
tree | da49a3ea566c149fd7d91deb0efab7057d92620d | |
parent | 58f8b61c7c5b4f672e21c7f277235da65e1b221c (diff) | |
download | lsd0001-8c58a3a83d30508e5093966ec72603dd0f7d6275.tar.gz lsd0001-8c58a3a83d30508e5093966ec72603dd0f7d6275.zip |
another case where I think SHOULD is enough
-rw-r--r-- | draft-schanzen-gns.xml | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index acc5b55..36c6999 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -1168,9 +1168,12 @@ h[31] &= 7 // Implies h mod L == h | |||
1168 | zk' := h * zk | 1168 | zk' := h * zk |
1169 | ]]></artwork> | 1169 | ]]></artwork> |
1170 | <t> | 1170 | <t> |
1171 | We note that implementers must employ a constant time scalar | 1171 | We note that implementers SHOULD employ a constant time scalar |
1172 | multiplication for the constructions above. Also, implementers | 1172 | multiplication for the constructions above to protect against |
1173 | must ensure that the private key a is an ed25519 private key | 1173 | timing attacks. Otherwise, timing attacks may leak private key |
1174 | material if an attacker can predict when a system starts the | ||
1175 | publication process. Also, implementers | ||
1176 | MUST ensure that the private key a is an ed25519 private key | ||
1174 | and specifically that "a[0] & 7 == 0" holds. | 1177 | and specifically that "a[0] & 7 == 0" holds. |
1175 | </t> | 1178 | </t> |
1176 | <t> | 1179 | <t> |