diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2020-10-06 13:58:16 +0200 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2020-10-06 13:58:16 +0200 |
commit | e90cb113eb1e3550497dc214fb459fd4441e520f (patch) | |
tree | 881c06fcf3720e68e2cc2f1e86c4c483d894f23d | |
parent | a1d2f683368a330d320451a16ed69874ad62cbd5 (diff) | |
download | lsd0001-e90cb113eb1e3550497dc214fb459fd4441e520f.tar.gz lsd0001-e90cb113eb1e3550497dc214fb459fd4441e520f.zip |
minor considerations
-rw-r--r-- | draft-schanzen-gns.xml | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 0141940..de1af5b 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -679,7 +679,13 @@ PRK_h := HKDF-Extract ("key-derivation", zk) | |||
679 | h := HKDF-Expand (PRK_h, label | "gns", 512 / 8) | 679 | h := HKDF-Expand (PRK_h, label | "gns", 512 / 8) |
680 | h[31] &= 7 // Implies h mod L == h | 680 | h[31] &= 7 // Implies h mod L == h |
681 | zk’ := h * zk | 681 | zk’ := h * zk |
682 | ]]></artwork> | 682 | ]]></artwork> |
683 | <t> | ||
684 | We note that implementors must employ a constant time scalar | ||
685 | multiplication for the constructions above. Also, implementors | ||
686 | must ensure that the private key "a" is an ed25519 private key | ||
687 | and specifically that "a[0] & 7 == 0" holds. | ||
688 | </t> | ||
683 | <t> | 689 | <t> |
684 | The EDKEY cryptosystem uses a | 690 | The EDKEY cryptosystem uses a |
685 | hash-based key derivation function (HKDF) as defined in | 691 | hash-based key derivation function (HKDF) as defined in |
@@ -698,7 +704,8 @@ zk’ := h * zk | |||
698 | </t> | 704 | </t> |
699 | <t> | 705 | <t> |
700 | We point out that the multiplication of "zk" with "h" is a point multiplication, | 706 | We point out that the multiplication of "zk" with "h" is a point multiplication, |
701 | while the multiplication of "a" with "h" is a scalar multiplication. | 707 | while the division and multiplication of "a" and "a1" with the |
708 | cofactor are integer operations. | ||
702 | </t> | 709 | </t> |
703 | <t> | 710 | <t> |
704 | Signatures for EDKEY zones using the derived private key "a'" | 711 | Signatures for EDKEY zones using the derived private key "a'" |