diff options
-rw-r--r-- | draft-schanzen-gns.html | 83 | ||||
-rw-r--r-- | draft-schanzen-gns.txt | 202 | ||||
-rw-r--r-- | draft-schanzen-gns.xml | 68 |
3 files changed, 234 insertions, 119 deletions
diff --git a/draft-schanzen-gns.html b/draft-schanzen-gns.html index c86a08b..81923c6 100644 --- a/draft-schanzen-gns.html +++ b/draft-schanzen-gns.html | |||
@@ -2385,11 +2385,24 @@ table { | |||
2385 | The revocation message including the proof-of-work MAY be calculated | 2385 | The revocation message including the proof-of-work MAY be calculated |
2386 | ahead of time to support timely revocation.<a href="#section-7-2" class="pilcrow">¶</a></p> | 2386 | ahead of time to support timely revocation.<a href="#section-7-2" class="pilcrow">¶</a></p> |
2387 | <p id="section-7-3"> | 2387 | <p id="section-7-3"> |
2388 | For all occurences below, "scrypt" is the scrypt Password-based Key | ||
2389 | Derivation Function as defined in <span>[<a href="#RFC7914" class="xref">RFC7914</a>]</span> with the | ||
2390 | following parameters set:<a href="#section-7-3" class="pilcrow">¶</a></p> | ||
2391 | <div class="artwork art-text alignLeft" id="section-7-4"> | ||
2392 | <pre> | ||
2393 | S := "gnunet-revocation-proof-of-work" /* Salt */ | ||
2394 | N := 2 | ||
2395 | r := 8 /* Block size */ | ||
2396 | p := 2 /* Parallelization parameter */ | ||
2397 | dkLen := 64 /* Intended output length in octets */ | ||
2398 | </pre><a href="#section-7-4" class="pilcrow">¶</a> | ||
2399 | </div> | ||
2400 | <p id="section-7-5"> | ||
2388 | The following the the basic data "REV" on which the proof-of work is | 2401 | The following the the basic data "REV" on which the proof-of work is |
2389 | calculated:<a href="#section-7-3" class="pilcrow">¶</a></p> | 2402 | calculated:<a href="#section-7-5" class="pilcrow">¶</a></p> |
2390 | <div id="figure_revocation"> | 2403 | <div id="figure_revocation"> |
2391 | <figure id="figure-15"> | 2404 | <figure id="figure-15"> |
2392 | <div class="artwork art-text alignLeft" id="section-7-4.1"> | 2405 | <div class="artwork art-text alignLeft" id="section-7-6.1"> |
2393 | <pre> | 2406 | <pre> |
2394 | 0 8 16 24 32 40 48 56 | 2407 | 0 8 16 24 32 40 48 56 |
2395 | +-----+-----+-----+-----+-----+-----+-----+-----+ | 2408 | +-----+-----+-----+-----+-----+-----+-----+-----+ |
@@ -2404,28 +2417,39 @@ table { | |||
2404 | </div> | 2417 | </div> |
2405 | <figcaption><a href="#figure-15" class="selfRef">Figure 15</a></figcaption></figure> | 2418 | <figcaption><a href="#figure-15" class="selfRef">Figure 15</a></figcaption></figure> |
2406 | </div> | 2419 | </div> |
2407 | <p id="section-7-5"> | 2420 | <p id="section-7-7"> |
2408 | A single pass in the proof-of-work algorithm is defined as follows:<a href="#section-7-5" class="pilcrow">¶</a></p> | 2421 | A single pass in the proof-of-work algorithm is defined as follows:<a href="#section-7-7" class="pilcrow">¶</a></p> |
2409 | <ol start="1" type="1" class="normal" id="section-7-6"> | 2422 | <ol start="1" type="1" class="normal" id="section-7-8"> |
2410 | <li id="section-7-6.1">Derive initial key material K from the REV data.<a href="#section-7-6.1" class="pilcrow">¶</a> | 2423 | <li id="section-7-8.1">Derive initial key material K from the REV data.<a href="#section-7-8.1" class="pilcrow">¶</a> |
2411 | </li> | 2424 | </li> |
2412 | <li id="section-7-6.2">Derive IV material from the key material K.<a href="#section-7-6.2" class="pilcrow">¶</a> | 2425 | <li id="section-7-8.2">Derive IV material from the key material K.<a href="#section-7-8.2" class="pilcrow">¶</a> |
2413 | </li> | 2426 | </li> |
2414 | <li id="section-7-6.3">Encrypt the REV data using K and IV.<a href="#section-7-6.3" class="pilcrow">¶</a> | 2427 | <li id="section-7-8.3">Encrypt the REV data using K and IV.<a href="#section-7-8.3" class="pilcrow">¶</a> |
2415 | </li> | 2428 | </li> |
2416 | <li id="section-7-6.4">Derive the proof of work from the encrypted REV.<a href="#section-7-6.4" class="pilcrow">¶</a> | 2429 | <li id="section-7-8.4">Derive the proof of work from the encrypted REV and check against |
2430 | the proof condition.<a href="#section-7-8.4" class="pilcrow">¶</a> | ||
2417 | </li> | 2431 | </li> |
2418 | </ol> | 2432 | </ol> |
2433 | <p id="section-7-9"> | ||
2434 | The first step in the PoW is a call to scrypt with the REV data as | ||
2435 | password parameter to derive the initial key material K:<a href="#section-7-9" class="pilcrow">¶</a></p> | ||
2419 | <figure id="figure-16"> | 2436 | <figure id="figure-16"> |
2420 | <div class="artwork art-text alignLeft" id="section-7-7.1"> | 2437 | <div class="artwork art-text alignLeft" id="section-7-10.1"> |
2421 | <pre> | 2438 | <pre> |
2422 | K := scrypt (P := REV) | 2439 | K := scrypt (P := REV) |
2423 | </pre> | 2440 | </pre> |
2424 | </div> | 2441 | </div> |
2425 | <figcaption><a href="#figure-16" class="selfRef">Figure 16</a></figcaption></figure> | 2442 | <figcaption><a href="#figure-16" class="selfRef">Figure 16</a></figcaption></figure> |
2443 | <p id="section-7-11"> | ||
2444 | The second step is to derive an initialization vector using a | ||
2445 | Hash-based Key Derivation Function as defined in | ||
2446 | (<span>[<a href="#RFC5869" class="xref">RFC5869</a>]</span>). | ||
2447 | Specifically, HMAC-SHA512 is used for the | ||
2448 | extraction phase and HMAC-SHA256 for the expansion phase.<a href="#section-7-11" class="pilcrow">¶</a></p> | ||
2426 | <figure id="figure-17"> | 2449 | <figure id="figure-17"> |
2427 | <div class="artwork art-text alignLeft" id="section-7-8.1"> | 2450 | <div class="artwork art-text alignLeft" id="section-7-12.1"> |
2428 | <pre> | 2451 | <pre> |
2452 | STATUS QUO: | ||
2429 | PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!", | 2453 | PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!", |
2430 | K[0,31]) | 2454 | K[0,31]) |
2431 | PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH", | 2455 | PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH", |
@@ -2436,39 +2460,42 @@ table { | |||
2436 | IV_two := HKDF-Expand (PRK_two, | 2460 | IV_two := HKDF-Expand (PRK_two, |
2437 | "gnunet-revocation-proof-of-work, | 2461 | "gnunet-revocation-proof-of-work, |
2438 | 128 / 8) | 2462 | 128 / 8) |
2463 | ALTERNATIVE: | ||
2464 | PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K) | ||
2465 | IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 128 / 8); | ||
2466 | |||
2439 | </pre> | 2467 | </pre> |
2440 | </div> | 2468 | </div> |
2441 | <figcaption><a href="#figure-17" class="selfRef">Figure 17</a></figcaption></figure> | 2469 | <figcaption><a href="#figure-17" class="selfRef">Figure 17</a></figcaption></figure> |
2470 | <p id="section-7-13"> | ||
2471 | We divide the resulting keying material "K" into a 256-bit AES | ||
2472 | <span>[<a href="#RFC3826" class="xref">RFC3826</a>]</span> key and a 256-bit TWOFISH | ||
2473 | <span>[<a href="#TWOFISH" class="xref">TWOFISH</a>]</span> key and use IV as corresponding | ||
2474 | initialization vectors:<a href="#section-7-13" class="pilcrow">¶</a></p> | ||
2442 | <figure id="figure-18"> | 2475 | <figure id="figure-18"> |
2443 | <div class="artwork art-text alignLeft" id="section-7-9.1"> | 2476 | <div class="artwork art-text alignLeft" id="section-7-14.1"> |
2444 | <pre> | 2477 | <pre> |
2478 | STATUS QUO: | ||
2445 | EREV := TWOFISH(K[0:31], IV_two, | 2479 | EREV := TWOFISH(K[0:31], IV_two, |
2446 | AES(K[32:63], IV_aes, REV)) | 2480 | AES(K[32:63], IV_aes, REV)) |
2481 | ALTERNATIVE: | ||
2482 | EREV := TWOFISH(K[0:31], IV[16:31], | ||
2483 | AES(K[32:63], IV[0:15], REV)) | ||
2484 | |||
2447 | </pre> | 2485 | </pre> |
2448 | </div> | 2486 | </div> |
2449 | <figcaption><a href="#figure-18" class="selfRef">Figure 18</a></figcaption></figure> | 2487 | <figcaption><a href="#figure-18" class="selfRef">Figure 18</a></figcaption></figure> |
2450 | <p id="section-7-10"> | 2488 | <p id="section-7-15"> |
2451 | The above EREV data object is calculated with different values for the | 2489 | The above EREV data object is again derived using the scrypt algorithm. |
2452 | "NONCE" in "REV" until the following inequality holds:<a href="#section-7-10" class="pilcrow">¶</a></p> | 2490 | The proof of work is complete, if the following inequality holds:<a href="#section-7-15" class="pilcrow">¶</a></p> |
2453 | <figure id="figure-19"> | 2491 | <figure id="figure-19"> |
2454 | <div class="artwork art-text alignLeft" id="section-7-11.1"> | 2492 | <div class="artwork art-text alignLeft" id="section-7-16.1"> |
2455 | <pre> | 2493 | <pre> |
2456 | scrypt(P := EREV) < 2^(39)-1 | 2494 | scrypt(P := EREV) < 2^(39)-1 |
2495 | |||
2457 | </pre> | 2496 | </pre> |
2458 | </div> | 2497 | </div> |
2459 | <figcaption><a href="#figure-19" class="selfRef">Figure 19</a></figcaption></figure> | 2498 | <figcaption><a href="#figure-19" class="selfRef">Figure 19</a></figcaption></figure> |
2460 | <p id="section-7-12"> | ||
2461 | For all occurences above, "scrypt" is the scrypt algorithm as defined in | ||
2462 | <span>[<a href="#RFC7914" class="xref">RFC7914</a>]</span> with the following parameters set:<a href="#section-7-12" class="pilcrow">¶</a></p> | ||
2463 | <div class="artwork art-text alignLeft" id="section-7-13"> | ||
2464 | <pre> | ||
2465 | S := "gnunet-revocation-proof-of-work" /* Salt */ | ||
2466 | N := 2 | ||
2467 | r := 8 /* Block size */ | ||
2468 | p := 2 /* Parallelization parameter */ | ||
2469 | dkLen := 64 /* Intended output length in octets */ | ||
2470 | </pre><a href="#section-7-13" class="pilcrow">¶</a> | ||
2471 | </div> | ||
2472 | </section> | 2499 | </section> |
2473 | </div> | 2500 | </div> |
2474 | <div id="governance"> | 2501 | <div id="governance"> |
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt index 9d62457..6d41ad3 100644 --- a/draft-schanzen-gns.txt +++ b/draft-schanzen-gns.txt | |||
@@ -85,11 +85,11 @@ Table of Contents | |||
85 | 6.2.5. VPN . . . . . . . . . . . . . . . . . . . . . . . . . 18 | 85 | 6.2.5. VPN . . . . . . . . . . . . . . . . . . . . . . . . . 18 |
86 | 6.2.6. NICK . . . . . . . . . . . . . . . . . . . . . . . . 19 | 86 | 6.2.6. NICK . . . . . . . . . . . . . . . . . . . . . . . . 19 |
87 | 7. Zone Revocation . . . . . . . . . . . . . . . . . . . . . . . 19 | 87 | 7. Zone Revocation . . . . . . . . . . . . . . . . . . . . . . . 19 |
88 | 8. Determining the Root Zone and Zone Governance . . . . . . . . 21 | 88 | 8. Determining the Root Zone and Zone Governance . . . . . . . . 22 |
89 | 9. Security Considerations . . . . . . . . . . . . . . . . . . . 22 | 89 | 9. Security Considerations . . . . . . . . . . . . . . . . . . . 23 |
90 | 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 | 90 | 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 |
91 | 11. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . 23 | 91 | 11. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . 24 |
92 | 12. Normative References . . . . . . . . . . . . . . . . . . . . 25 | 92 | 12. Normative References . . . . . . . . . . . . . . . . . . . . 26 |
93 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27 | 93 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27 |
94 | 94 | ||
95 | 1. Introduction | 95 | 1. Introduction |
@@ -1073,6 +1073,16 @@ Internet-Draft The GNU Name System November 2019 | |||
1073 | work. The revocation message including the proof-of-work MAY be | 1073 | work. The revocation message including the proof-of-work MAY be |
1074 | calculated ahead of time to support timely revocation. | 1074 | calculated ahead of time to support timely revocation. |
1075 | 1075 | ||
1076 | For all occurences below, "scrypt" is the scrypt Password-based Key | ||
1077 | Derivation Function as defined in [RFC7914] with the following | ||
1078 | parameters set: | ||
1079 | |||
1080 | S := "gnunet-revocation-proof-of-work" /* Salt */ | ||
1081 | N := 2 | ||
1082 | r := 8 /* Block size */ | ||
1083 | p := 2 /* Parallelization parameter */ | ||
1084 | dkLen := 64 /* Intended output length in octets */ | ||
1085 | |||
1076 | The following the the basic data "REV" on which the proof-of work is | 1086 | The following the the basic data "REV" on which the proof-of work is |
1077 | calculated: | 1087 | calculated: |
1078 | 1088 | ||
@@ -1096,12 +1106,30 @@ Internet-Draft The GNU Name System November 2019 | |||
1096 | 1106 | ||
1097 | 3. Encrypt the REV data using K and IV. | 1107 | 3. Encrypt the REV data using K and IV. |
1098 | 1108 | ||
1099 | 4. Derive the proof of work from the encrypted REV. | 1109 | 4. Derive the proof of work from the encrypted REV and check against |
1110 | the proof condition. | ||
1111 | |||
1112 | The first step in the PoW is a call to scrypt with the REV data as | ||
1113 | password parameter to derive the initial key material K: | ||
1100 | 1114 | ||
1101 | K := scrypt (P := REV) | 1115 | K := scrypt (P := REV) |
1102 | 1116 | ||
1117 | |||
1118 | |||
1119 | |||
1120 | Schanzenbach, et al. Expires 13 May 2020 [Page 20] | ||
1121 | |||
1122 | Internet-Draft The GNU Name System November 2019 | ||
1123 | |||
1124 | |||
1103 | Figure 16 | 1125 | Figure 16 |
1104 | 1126 | ||
1127 | The second step is to derive an initialization vector using a Hash- | ||
1128 | based Key Derivation Function as defined in ([RFC5869]). | ||
1129 | Specifically, HMAC-SHA512 is used for the extraction phase and HMAC- | ||
1130 | SHA256 for the expansion phase. | ||
1131 | |||
1132 | STATUS QUO: | ||
1105 | PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!", | 1133 | PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!", |
1106 | K[0,31]) | 1134 | K[0,31]) |
1107 | PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH", | 1135 | PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH", |
@@ -1112,36 +1140,43 @@ Internet-Draft The GNU Name System November 2019 | |||
1112 | IV_two := HKDF-Expand (PRK_two, | 1140 | IV_two := HKDF-Expand (PRK_two, |
1113 | "gnunet-revocation-proof-of-work, | 1141 | "gnunet-revocation-proof-of-work, |
1114 | 128 / 8) | 1142 | 128 / 8) |
1115 | 1143 | ALTERNATIVE: | |
1116 | Figure 17 | 1144 | PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K) |
1145 | IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 128 / 8); | ||
1117 | 1146 | ||
1118 | 1147 | ||
1148 | Figure 17 | ||
1119 | 1149 | ||
1120 | Schanzenbach, et al. Expires 13 May 2020 [Page 20] | 1150 | We divide the resulting keying material "K" into a 256-bit AES |
1121 | 1151 | [RFC3826] key and a 256-bit TWOFISH [TWOFISH] key and use IV as | |
1122 | Internet-Draft The GNU Name System November 2019 | 1152 | corresponding initialization vectors: |
1123 | |||
1124 | 1153 | ||
1154 | STATUS QUO: | ||
1125 | EREV := TWOFISH(K[0:31], IV_two, | 1155 | EREV := TWOFISH(K[0:31], IV_two, |
1126 | AES(K[32:63], IV_aes, REV)) | 1156 | AES(K[32:63], IV_aes, REV)) |
1157 | ALTERNATIVE: | ||
1158 | EREV := TWOFISH(K[0:31], IV[16:31], | ||
1159 | AES(K[32:63], IV[0:15], REV)) | ||
1160 | |||
1127 | 1161 | ||
1128 | Figure 18 | 1162 | Figure 18 |
1129 | 1163 | ||
1130 | The above EREV data object is calculated with different values for | 1164 | The above EREV data object is again derived using the scrypt |
1131 | the "NONCE" in "REV" until the following inequality holds: | 1165 | algorithm. The proof of work is complete, if the following |
1166 | inequality holds: | ||
1132 | 1167 | ||
1133 | scrypt(P := EREV) < 2^(39)-1 | 1168 | scrypt(P := EREV) < 2^(39)-1 |
1134 | 1169 | ||
1170 | |||
1135 | Figure 19 | 1171 | Figure 19 |
1136 | 1172 | ||
1137 | For all occurences above, "scrypt" is the scrypt algorithm as defined | ||
1138 | in [RFC7914] with the following parameters set: | ||
1139 | 1173 | ||
1140 | S := "gnunet-revocation-proof-of-work" /* Salt */ | 1174 | |
1141 | N := 2 | 1175 | |
1142 | r := 8 /* Block size */ | 1176 | Schanzenbach, et al. Expires 13 May 2020 [Page 21] |
1143 | p := 2 /* Parallelization parameter */ | 1177 | |
1144 | dkLen := 64 /* Intended output length in octets */ | 1178 | Internet-Draft The GNU Name System November 2019 |
1179 | |||
1145 | 1180 | ||
1146 | 8. Determining the Root Zone and Zone Governance | 1181 | 8. Determining the Root Zone and Zone Governance |
1147 | 1182 | ||
@@ -1169,15 +1204,6 @@ Internet-Draft The GNU Name System November 2019 | |||
1169 | 1204 | ||
1170 | GNS clients SHOULD first try to interpret the top-level domain of a | 1205 | GNS clients SHOULD first try to interpret the top-level domain of a |
1171 | GNS name as a zone key. For example. if the top-level domain is a | 1206 | GNS name as a zone key. For example. if the top-level domain is a |
1172 | |||
1173 | |||
1174 | |||
1175 | |||
1176 | Schanzenbach, et al. Expires 13 May 2020 [Page 21] | ||
1177 | |||
1178 | Internet-Draft The GNU Name System November 2019 | ||
1179 | |||
1180 | |||
1181 | Base32-encoded public zone key "zk", the root zone of the resolution | 1207 | Base32-encoded public zone key "zk", the root zone of the resolution |
1182 | process is implicitly given by the name: | 1208 | process is implicitly given by the name: |
1183 | 1209 | ||
@@ -1200,6 +1226,14 @@ Internet-Draft The GNU Name System November 2019 | |||
1200 | => Entry zone: zk1 | 1226 | => Entry zone: zk1 |
1201 | => Name to resolve from entry zone: www.example | 1227 | => Name to resolve from entry zone: www.example |
1202 | 1228 | ||
1229 | |||
1230 | |||
1231 | |||
1232 | Schanzenbach, et al. Expires 13 May 2020 [Page 22] | ||
1233 | |||
1234 | Internet-Draft The GNU Name System November 2019 | ||
1235 | |||
1236 | |||
1203 | Finally, additional "suffix to zone" mappings MAY be configured. | 1237 | Finally, additional "suffix to zone" mappings MAY be configured. |
1204 | Suffix to zone key mappings SHOULD be configurable through a local | 1238 | Suffix to zone key mappings SHOULD be configurable through a local |
1205 | configuration file or database by the user or system administrator. | 1239 | configuration file or database by the user or system administrator. |
@@ -1223,17 +1257,6 @@ Internet-Draft The GNU Name System November 2019 | |||
1223 | 1257 | ||
1224 | TODO | 1258 | TODO |
1225 | 1259 | ||
1226 | |||
1227 | |||
1228 | |||
1229 | |||
1230 | |||
1231 | |||
1232 | Schanzenbach, et al. Expires 13 May 2020 [Page 22] | ||
1233 | |||
1234 | Internet-Draft The GNU Name System November 2019 | ||
1235 | |||
1236 | |||
1237 | 10. IANA Considerations | 1260 | 10. IANA Considerations |
1238 | 1261 | ||
1239 | IANA is requested to create an "GNU Name System Record Type" | 1262 | IANA is requested to create an "GNU Name System Record Type" |
@@ -1254,6 +1277,19 @@ Internet-Draft The GNU Name System November 2019 | |||
1254 | Served", as described in [RFC8126]. IANA is requested to populate | 1277 | Served", as described in [RFC8126]. IANA is requested to populate |
1255 | this registry as follows: | 1278 | this registry as follows: |
1256 | 1279 | ||
1280 | |||
1281 | |||
1282 | |||
1283 | |||
1284 | |||
1285 | |||
1286 | |||
1287 | |||
1288 | Schanzenbach, et al. Expires 13 May 2020 [Page 23] | ||
1289 | |||
1290 | Internet-Draft The GNU Name System November 2019 | ||
1291 | |||
1292 | |||
1257 | Number | Type | Contact | References | 1293 | Number | Type | Contact | References |
1258 | ---------+-----------------+---------+--------- | 1294 | ---------+-----------------+---------+--------- |
1259 | 65536 | PKEY | N/A | [This.I-D] | 1295 | 65536 | PKEY | N/A | [This.I-D] |
@@ -1282,14 +1318,6 @@ Internet-Draft The GNU Name System November 2019 | |||
1282 | zk (public zone key) := | 1318 | zk (public zone key) := |
1283 | dff911496d025d7e | 1319 | dff911496d025d7e |
1284 | 0885c03d19153e99 | 1320 | 0885c03d19153e99 |
1285 | |||
1286 | |||
1287 | |||
1288 | Schanzenbach, et al. Expires 13 May 2020 [Page 23] | ||
1289 | |||
1290 | Internet-Draft The GNU Name System November 2019 | ||
1291 | |||
1292 | |||
1293 | 4f213f23ea719eca | 1321 | 4f213f23ea719eca |
1294 | 17fc32dc410e082e | 1322 | 17fc32dc410e082e |
1295 | 1323 | ||
@@ -1310,6 +1338,14 @@ Internet-Draft The GNU Name System November 2019 | |||
1310 | 0017c802f7d32e18 | 1338 | 0017c802f7d32e18 |
1311 | 1339 | ||
1312 | q (query key) := | 1340 | q (query key) := |
1341 | |||
1342 | |||
1343 | |||
1344 | Schanzenbach, et al. Expires 13 May 2020 [Page 24] | ||
1345 | |||
1346 | Internet-Draft The GNU Name System November 2019 | ||
1347 | |||
1348 | |||
1313 | 6fce4deddc5ad681 | 1349 | 6fce4deddc5ad681 |
1314 | f4e29a3310767e3b | 1350 | f4e29a3310767e3b |
1315 | 8b38bc1b276ce2ba | 1351 | 8b38bc1b276ce2ba |
@@ -1339,13 +1375,6 @@ Internet-Draft The GNU Name System November 2019 | |||
1339 | 071be189a9d236f9 | 1375 | 071be189a9d236f9 |
1340 | b4a3654bb8c281d4 | 1376 | b4a3654bb8c281d4 |
1341 | 1377 | ||
1342 | |||
1343 | |||
1344 | Schanzenbach, et al. Expires 13 May 2020 [Page 24] | ||
1345 | |||
1346 | Internet-Draft The GNU Name System November 2019 | ||
1347 | |||
1348 | |||
1349 | RDATA := | 1378 | RDATA := |
1350 | 0000000100059412 RR COUNT | EXPIRA- | 1379 | 0000000100059412 RR COUNT | EXPIRA- |
1351 | 09ddea0f00000014 -TION | DATA SIZE (20) | 1380 | 09ddea0f00000014 -TION | DATA SIZE (20) |
@@ -1365,6 +1394,14 @@ Internet-Draft The GNU Name System November 2019 | |||
1365 | afc99ba9c5a3bb54 | 1394 | afc99ba9c5a3bb54 |
1366 | 07e731a34680ee33 | 1395 | 07e731a34680ee33 |
1367 | ae0de7bfeda7d2b7 | 1396 | ae0de7bfeda7d2b7 |
1397 | |||
1398 | |||
1399 | |||
1400 | Schanzenbach, et al. Expires 13 May 2020 [Page 25] | ||
1401 | |||
1402 | Internet-Draft The GNU Name System November 2019 | ||
1403 | |||
1404 | |||
1368 | 8c6b854a008b1b54 | 1405 | 8c6b854a008b1b54 |
1369 | 10df4f39f5ba9f46____________ | 1406 | 10df4f39f5ba9f46____________ |
1370 | 8cb514a56c0eaae0 zk_h | 1407 | 8cb514a56c0eaae0 zk_h |
@@ -1393,15 +1430,6 @@ Internet-Draft The GNU Name System November 2019 | |||
1393 | specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, | 1430 | specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, |
1394 | November 1987, <https://www.rfc-editor.org/info/rfc1035>. | 1431 | November 1987, <https://www.rfc-editor.org/info/rfc1035>. |
1395 | 1432 | ||
1396 | |||
1397 | |||
1398 | |||
1399 | |||
1400 | Schanzenbach, et al. Expires 13 May 2020 [Page 25] | ||
1401 | |||
1402 | Internet-Draft The GNU Name System November 2019 | ||
1403 | |||
1404 | |||
1405 | [RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for | 1433 | [RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for |
1406 | specifying the location of services (DNS SRV)", RFC 2782, | 1434 | specifying the location of services (DNS SRV)", RFC 2782, |
1407 | DOI 10.17487/RFC2782, February 2000, | 1435 | DOI 10.17487/RFC2782, February 2000, |
@@ -1422,6 +1450,14 @@ Internet-Draft The GNU Name System November 2019 | |||
1422 | DOI 10.17487/RFC3826, June 2004, | 1450 | DOI 10.17487/RFC3826, June 2004, |
1423 | <https://www.rfc-editor.org/info/rfc3826>. | 1451 | <https://www.rfc-editor.org/info/rfc3826>. |
1424 | 1452 | ||
1453 | |||
1454 | |||
1455 | |||
1456 | Schanzenbach, et al. Expires 13 May 2020 [Page 26] | ||
1457 | |||
1458 | Internet-Draft The GNU Name System November 2019 | ||
1459 | |||
1460 | |||
1425 | [RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand | 1461 | [RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand |
1426 | Key Derivation Function (HKDF)", RFC 5869, | 1462 | Key Derivation Function (HKDF)", RFC 5869, |
1427 | DOI 10.17487/RFC5869, May 2010, | 1463 | DOI 10.17487/RFC5869, May 2010, |
@@ -1450,14 +1486,6 @@ Internet-Draft The GNU Name System November 2019 | |||
1450 | for Security", RFC 7748, DOI 10.17487/RFC7748, January | 1486 | for Security", RFC 7748, DOI 10.17487/RFC7748, January |
1451 | 2016, <https://www.rfc-editor.org/info/rfc7748>. | 1487 | 2016, <https://www.rfc-editor.org/info/rfc7748>. |
1452 | 1488 | ||
1453 | |||
1454 | |||
1455 | |||
1456 | Schanzenbach, et al. Expires 13 May 2020 [Page 26] | ||
1457 | |||
1458 | Internet-Draft The GNU Name System November 2019 | ||
1459 | |||
1460 | |||
1461 | [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital | 1489 | [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital |
1462 | Signature Algorithm (EdDSA)", RFC 8032, | 1490 | Signature Algorithm (EdDSA)", RFC 8032, |
1463 | DOI 10.17487/RFC8032, January 2017, | 1491 | DOI 10.17487/RFC8032, January 2017, |
@@ -1477,6 +1505,15 @@ Internet-Draft The GNU Name System November 2019 | |||
1477 | 1505 | ||
1478 | Authors' Addresses | 1506 | Authors' Addresses |
1479 | 1507 | ||
1508 | |||
1509 | |||
1510 | |||
1511 | |||
1512 | Schanzenbach, et al. Expires 13 May 2020 [Page 27] | ||
1513 | |||
1514 | Internet-Draft The GNU Name System November 2019 | ||
1515 | |||
1516 | |||
1480 | Martin Schanzenbach | 1517 | Martin Schanzenbach |
1481 | GNUnet e.V. | 1518 | GNUnet e.V. |
1482 | Boltzmannstrasse 3 | 1519 | Boltzmannstrasse 3 |
@@ -1509,4 +1546,23 @@ Authors' Addresses | |||
1509 | 1546 | ||
1510 | 1547 | ||
1511 | 1548 | ||
1512 | Schanzenbach, et al. Expires 13 May 2020 [Page 27] | 1549 | |
1550 | |||
1551 | |||
1552 | |||
1553 | |||
1554 | |||
1555 | |||
1556 | |||
1557 | |||
1558 | |||
1559 | |||
1560 | |||
1561 | |||
1562 | |||
1563 | |||
1564 | |||
1565 | |||
1566 | |||
1567 | |||
1568 | Schanzenbach, et al. Expires 13 May 2020 [Page 28] | ||
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 276f8bf..9bf1201 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
@@ -1135,6 +1135,18 @@ | |||
1135 | ahead of time to support timely revocation. | 1135 | ahead of time to support timely revocation. |
1136 | </t> | 1136 | </t> |
1137 | <t> | 1137 | <t> |
1138 | For all occurences below, "scrypt" is the scrypt Password-based Key | ||
1139 | Derivation Function as defined in <xref target="RFC7914" /> with the | ||
1140 | following parameters set: | ||
1141 | </t> | ||
1142 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
1143 | S := "gnunet-revocation-proof-of-work" /* Salt */ | ||
1144 | N := 2 | ||
1145 | r := 8 /* Block size */ | ||
1146 | p := 2 /* Parallelization parameter */ | ||
1147 | dkLen := 64 /* Intended output length in octets */ | ||
1148 | ]]></artwork> | ||
1149 | <t> | ||
1138 | The following the the basic data "REV" on which the proof-of work is | 1150 | The following the the basic data "REV" on which the proof-of work is |
1139 | calculated: | 1151 | calculated: |
1140 | </t> | 1152 | </t> |
@@ -1158,15 +1170,29 @@ | |||
1158 | <li>Derive initial key material K from the REV data.</li> | 1170 | <li>Derive initial key material K from the REV data.</li> |
1159 | <li>Derive IV material from the key material K.</li> | 1171 | <li>Derive IV material from the key material K.</li> |
1160 | <li>Encrypt the REV data using K and IV.</li> | 1172 | <li>Encrypt the REV data using K and IV.</li> |
1161 | <li>Derive the proof of work from the encrypted REV.</li> | 1173 | <li>Derive the proof of work from the encrypted REV and check against |
1174 | the proof condition.</li> | ||
1162 | </ol> | 1175 | </ol> |
1176 | <t> | ||
1177 | The first step in the PoW is a call to scrypt with the REV data as | ||
1178 | password parameter to derive the initial key material K: | ||
1179 | </t> | ||
1163 | <figure> | 1180 | <figure> |
1164 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 1181 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
1165 | K := scrypt (P := REV) | 1182 | K := scrypt (P := REV) |
1166 | ]]></artwork> | 1183 | ]]></artwork> |
1167 | </figure> | 1184 | </figure> |
1185 | <t> | ||
1186 | The second step is to derive an initialization vector using a | ||
1187 | Hash-based Key Derivation Function as defined in | ||
1188 | (<xref target="RFC5869"/>). | ||
1189 | Specifically, HMAC-SHA512 is used for the | ||
1190 | extraction phase and HMAC-SHA256 for the expansion phase. | ||
1191 | </t> | ||
1192 | |||
1168 | <figure> | 1193 | <figure> |
1169 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 1194 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
1195 | STATUS QUO: | ||
1170 | PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!", | 1196 | PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!", |
1171 | K[0,31]) | 1197 | K[0,31]) |
1172 | PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH", | 1198 | PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH", |
@@ -1177,36 +1203,42 @@ | |||
1177 | IV_two := HKDF-Expand (PRK_two, | 1203 | IV_two := HKDF-Expand (PRK_two, |
1178 | "gnunet-revocation-proof-of-work, | 1204 | "gnunet-revocation-proof-of-work, |
1179 | 128 / 8) | 1205 | 128 / 8) |
1206 | ALTERNATIVE: | ||
1207 | PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K) | ||
1208 | IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 128 / 8); | ||
1209 | |||
1180 | ]]></artwork> | 1210 | ]]></artwork> |
1181 | </figure> | 1211 | </figure> |
1212 | <t> | ||
1213 | We divide the resulting keying material "K" into a 256-bit AES | ||
1214 | <xref target="RFC3826" /> key and a 256-bit TWOFISH | ||
1215 | <xref target="TWOFISH" /> key and use IV as corresponding | ||
1216 | initialization vectors: | ||
1217 | </t> | ||
1218 | |||
1182 | <figure> | 1219 | <figure> |
1183 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 1220 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
1221 | STATUS QUO: | ||
1184 | EREV := TWOFISH(K[0:31], IV_two, | 1222 | EREV := TWOFISH(K[0:31], IV_two, |
1185 | AES(K[32:63], IV_aes, REV)) | 1223 | AES(K[32:63], IV_aes, REV)) |
1224 | ALTERNATIVE: | ||
1225 | EREV := TWOFISH(K[0:31], IV[16:31], | ||
1226 | AES(K[32:63], IV[0:15], REV)) | ||
1227 | |||
1186 | ]]></artwork> | 1228 | ]]></artwork> |
1187 | </figure> | 1229 | </figure> |
1188 | <t> | 1230 | <t> |
1189 | The above EREV data object is calculated with different values for the | 1231 | The above EREV data object is again derived using the scrypt algorithm. |
1190 | "NONCE" in "REV" until the following inequality holds: | 1232 | The proof of work is complete, if the following inequality holds: |
1191 | </t> | 1233 | </t> |
1192 | 1234 | ||
1193 | <figure> | 1235 | <figure> |
1194 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 1236 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
1195 | scrypt(P := EREV) < 2^(39)-1 | 1237 | scrypt(P := EREV) < 2^(39)-1 |
1196 | ]]></artwork> | 1238 | ]]> |
1197 | </figure> | 1239 | </artwork> |
1198 | <t> | 1240 | </figure> |
1199 | For all occurences above, "scrypt" is the scrypt algorithm as defined in | 1241 | </section> |
1200 | <xref target="RFC7914" /> with the following parameters set: | ||
1201 | </t> | ||
1202 | <artwork name="" type="" align="left" alt=""><![CDATA[ | ||
1203 | S := "gnunet-revocation-proof-of-work" /* Salt */ | ||
1204 | N := 2 | ||
1205 | r := 8 /* Block size */ | ||
1206 | p := 2 /* Parallelization parameter */ | ||
1207 | dkLen := 64 /* Intended output length in octets */ | ||
1208 | ]]></artwork> | ||
1209 | </section> | ||
1210 | <section anchor="governance" numbered="true" toc="default"> | 1242 | <section anchor="governance" numbered="true" toc="default"> |
1211 | <name>Determining the Root Zone and Zone Governance</name> | 1243 | <name>Determining the Root Zone and Zone Governance</name> |
1212 | <t> | 1244 | <t> |