aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--draft-schanzen-gns.html83
-rw-r--r--draft-schanzen-gns.txt202
-rw-r--r--draft-schanzen-gns.xml68
3 files changed, 234 insertions, 119 deletions
diff --git a/draft-schanzen-gns.html b/draft-schanzen-gns.html
index c86a08b..81923c6 100644
--- a/draft-schanzen-gns.html
+++ b/draft-schanzen-gns.html
@@ -2385,11 +2385,24 @@ table {
2385 The revocation message including the proof-of-work MAY be calculated 2385 The revocation message including the proof-of-work MAY be calculated
2386 ahead of time to support timely revocation.<a href="#section-7-2" class="pilcrow">¶</a></p> 2386 ahead of time to support timely revocation.<a href="#section-7-2" class="pilcrow">¶</a></p>
2387<p id="section-7-3"> 2387<p id="section-7-3">
2388 For all occurences below, "scrypt" is the scrypt Password-based Key
2389 Derivation Function as defined in <span>[<a href="#RFC7914" class="xref">RFC7914</a>]</span> with the
2390 following parameters set:<a href="#section-7-3" class="pilcrow">¶</a></p>
2391<div class="artwork art-text alignLeft" id="section-7-4">
2392<pre>
2393 S := "gnunet-revocation-proof-of-work" /* Salt */
2394 N := 2
2395 r := 8 /* Block size */
2396 p := 2 /* Parallelization parameter */
2397 dkLen := 64 /* Intended output length in octets */
2398 </pre><a href="#section-7-4" class="pilcrow">¶</a>
2399</div>
2400<p id="section-7-5">
2388 The following the the basic data "REV" on which the proof-of work is 2401 The following the the basic data "REV" on which the proof-of work is
2389 calculated:<a href="#section-7-3" class="pilcrow">¶</a></p> 2402 calculated:<a href="#section-7-5" class="pilcrow">¶</a></p>
2390<div id="figure_revocation"> 2403<div id="figure_revocation">
2391<figure id="figure-15"> 2404<figure id="figure-15">
2392 <div class="artwork art-text alignLeft" id="section-7-4.1"> 2405 <div class="artwork art-text alignLeft" id="section-7-6.1">
2393<pre> 2406<pre>
2394 0 8 16 24 32 40 48 56 2407 0 8 16 24 32 40 48 56
2395 +-----+-----+-----+-----+-----+-----+-----+-----+ 2408 +-----+-----+-----+-----+-----+-----+-----+-----+
@@ -2404,28 +2417,39 @@ table {
2404</div> 2417</div>
2405<figcaption><a href="#figure-15" class="selfRef">Figure 15</a></figcaption></figure> 2418<figcaption><a href="#figure-15" class="selfRef">Figure 15</a></figcaption></figure>
2406</div> 2419</div>
2407<p id="section-7-5"> 2420<p id="section-7-7">
2408 A single pass in the proof-of-work algorithm is defined as follows:<a href="#section-7-5" class="pilcrow">¶</a></p> 2421 A single pass in the proof-of-work algorithm is defined as follows:<a href="#section-7-7" class="pilcrow">¶</a></p>
2409<ol start="1" type="1" class="normal" id="section-7-6"> 2422<ol start="1" type="1" class="normal" id="section-7-8">
2410 <li id="section-7-6.1">Derive initial key material K from the REV data.<a href="#section-7-6.1" class="pilcrow">¶</a> 2423 <li id="section-7-8.1">Derive initial key material K from the REV data.<a href="#section-7-8.1" class="pilcrow">¶</a>
2411</li> 2424</li>
2412<li id="section-7-6.2">Derive IV material from the key material K.<a href="#section-7-6.2" class="pilcrow">¶</a> 2425<li id="section-7-8.2">Derive IV material from the key material K.<a href="#section-7-8.2" class="pilcrow">¶</a>
2413</li> 2426</li>
2414<li id="section-7-6.3">Encrypt the REV data using K and IV.<a href="#section-7-6.3" class="pilcrow">¶</a> 2427<li id="section-7-8.3">Encrypt the REV data using K and IV.<a href="#section-7-8.3" class="pilcrow">¶</a>
2415</li> 2428</li>
2416<li id="section-7-6.4">Derive the proof of work from the encrypted REV.<a href="#section-7-6.4" class="pilcrow">¶</a> 2429<li id="section-7-8.4">Derive the proof of work from the encrypted REV and check against
2430 the proof condition.<a href="#section-7-8.4" class="pilcrow">¶</a>
2417</li> 2431</li>
2418</ol> 2432</ol>
2433<p id="section-7-9">
2434 The first step in the PoW is a call to scrypt with the REV data as
2435 password parameter to derive the initial key material K:<a href="#section-7-9" class="pilcrow">¶</a></p>
2419<figure id="figure-16"> 2436<figure id="figure-16">
2420 <div class="artwork art-text alignLeft" id="section-7-7.1"> 2437 <div class="artwork art-text alignLeft" id="section-7-10.1">
2421<pre> 2438<pre>
2422 K := scrypt (P := REV) 2439 K := scrypt (P := REV)
2423 </pre> 2440 </pre>
2424</div> 2441</div>
2425<figcaption><a href="#figure-16" class="selfRef">Figure 16</a></figcaption></figure> 2442<figcaption><a href="#figure-16" class="selfRef">Figure 16</a></figcaption></figure>
2443<p id="section-7-11">
2444 The second step is to derive an initialization vector using a
2445 Hash-based Key Derivation Function as defined in
2446 (<span>[<a href="#RFC5869" class="xref">RFC5869</a>]</span>).
2447 Specifically, HMAC-SHA512 is used for the
2448 extraction phase and HMAC-SHA256 for the expansion phase.<a href="#section-7-11" class="pilcrow">¶</a></p>
2426<figure id="figure-17"> 2449<figure id="figure-17">
2427 <div class="artwork art-text alignLeft" id="section-7-8.1"> 2450 <div class="artwork art-text alignLeft" id="section-7-12.1">
2428<pre> 2451<pre>
2452 STATUS QUO:
2429 PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!", 2453 PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!",
2430 K[0,31]) 2454 K[0,31])
2431 PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH", 2455 PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH",
@@ -2436,39 +2460,42 @@ table {
2436 IV_two := HKDF-Expand (PRK_two, 2460 IV_two := HKDF-Expand (PRK_two,
2437 "gnunet-revocation-proof-of-work, 2461 "gnunet-revocation-proof-of-work,
2438 128 / 8) 2462 128 / 8)
2463 ALTERNATIVE:
2464 PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K)
2465 IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 128 / 8);
2466
2439 </pre> 2467 </pre>
2440</div> 2468</div>
2441<figcaption><a href="#figure-17" class="selfRef">Figure 17</a></figcaption></figure> 2469<figcaption><a href="#figure-17" class="selfRef">Figure 17</a></figcaption></figure>
2470<p id="section-7-13">
2471 We divide the resulting keying material "K" into a 256-bit AES
2472 <span>[<a href="#RFC3826" class="xref">RFC3826</a>]</span> key and a 256-bit TWOFISH
2473 <span>[<a href="#TWOFISH" class="xref">TWOFISH</a>]</span> key and use IV as corresponding
2474 initialization vectors:<a href="#section-7-13" class="pilcrow">¶</a></p>
2442<figure id="figure-18"> 2475<figure id="figure-18">
2443 <div class="artwork art-text alignLeft" id="section-7-9.1"> 2476 <div class="artwork art-text alignLeft" id="section-7-14.1">
2444<pre> 2477<pre>
2478 STATUS QUO:
2445 EREV := TWOFISH(K[0:31], IV_two, 2479 EREV := TWOFISH(K[0:31], IV_two,
2446 AES(K[32:63], IV_aes, REV)) 2480 AES(K[32:63], IV_aes, REV))
2481 ALTERNATIVE:
2482 EREV := TWOFISH(K[0:31], IV[16:31],
2483 AES(K[32:63], IV[0:15], REV))
2484
2447 </pre> 2485 </pre>
2448</div> 2486</div>
2449<figcaption><a href="#figure-18" class="selfRef">Figure 18</a></figcaption></figure> 2487<figcaption><a href="#figure-18" class="selfRef">Figure 18</a></figcaption></figure>
2450<p id="section-7-10"> 2488<p id="section-7-15">
2451 The above EREV data object is calculated with different values for the 2489 The above EREV data object is again derived using the scrypt algorithm.
2452 "NONCE" in "REV" until the following inequality holds:<a href="#section-7-10" class="pilcrow">¶</a></p> 2490 The proof of work is complete, if the following inequality holds:<a href="#section-7-15" class="pilcrow">¶</a></p>
2453<figure id="figure-19"> 2491<figure id="figure-19">
2454 <div class="artwork art-text alignLeft" id="section-7-11.1"> 2492 <div class="artwork art-text alignLeft" id="section-7-16.1">
2455<pre> 2493<pre>
2456 scrypt(P := EREV) &lt; 2^(39)-1 2494 scrypt(P := EREV) &lt; 2^(39)-1
2495
2457 </pre> 2496 </pre>
2458</div> 2497</div>
2459<figcaption><a href="#figure-19" class="selfRef">Figure 19</a></figcaption></figure> 2498<figcaption><a href="#figure-19" class="selfRef">Figure 19</a></figcaption></figure>
2460<p id="section-7-12">
2461 For all occurences above, "scrypt" is the scrypt algorithm as defined in
2462 <span>[<a href="#RFC7914" class="xref">RFC7914</a>]</span> with the following parameters set:<a href="#section-7-12" class="pilcrow">¶</a></p>
2463<div class="artwork art-text alignLeft" id="section-7-13">
2464<pre>
2465 S := "gnunet-revocation-proof-of-work" /* Salt */
2466 N := 2
2467 r := 8 /* Block size */
2468 p := 2 /* Parallelization parameter */
2469 dkLen := 64 /* Intended output length in octets */
2470 </pre><a href="#section-7-13" class="pilcrow">¶</a>
2471</div>
2472</section> 2499</section>
2473</div> 2500</div>
2474<div id="governance"> 2501<div id="governance">
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt
index 9d62457..6d41ad3 100644
--- a/draft-schanzen-gns.txt
+++ b/draft-schanzen-gns.txt
@@ -85,11 +85,11 @@ Table of Contents
85 6.2.5. VPN . . . . . . . . . . . . . . . . . . . . . . . . . 18 85 6.2.5. VPN . . . . . . . . . . . . . . . . . . . . . . . . . 18
86 6.2.6. NICK . . . . . . . . . . . . . . . . . . . . . . . . 19 86 6.2.6. NICK . . . . . . . . . . . . . . . . . . . . . . . . 19
87 7. Zone Revocation . . . . . . . . . . . . . . . . . . . . . . . 19 87 7. Zone Revocation . . . . . . . . . . . . . . . . . . . . . . . 19
88 8. Determining the Root Zone and Zone Governance . . . . . . . . 21 88 8. Determining the Root Zone and Zone Governance . . . . . . . . 22
89 9. Security Considerations . . . . . . . . . . . . . . . . . . . 22 89 9. Security Considerations . . . . . . . . . . . . . . . . . . . 23
90 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 90 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23
91 11. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . 23 91 11. Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . 24
92 12. Normative References . . . . . . . . . . . . . . . . . . . . 25 92 12. Normative References . . . . . . . . . . . . . . . . . . . . 26
93 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27 93 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 27
94 94
951. Introduction 951. Introduction
@@ -1073,6 +1073,16 @@ Internet-Draft The GNU Name System November 2019
1073 work. The revocation message including the proof-of-work MAY be 1073 work. The revocation message including the proof-of-work MAY be
1074 calculated ahead of time to support timely revocation. 1074 calculated ahead of time to support timely revocation.
1075 1075
1076 For all occurences below, "scrypt" is the scrypt Password-based Key
1077 Derivation Function as defined in [RFC7914] with the following
1078 parameters set:
1079
1080 S := "gnunet-revocation-proof-of-work" /* Salt */
1081 N := 2
1082 r := 8 /* Block size */
1083 p := 2 /* Parallelization parameter */
1084 dkLen := 64 /* Intended output length in octets */
1085
1076 The following the the basic data "REV" on which the proof-of work is 1086 The following the the basic data "REV" on which the proof-of work is
1077 calculated: 1087 calculated:
1078 1088
@@ -1096,12 +1106,30 @@ Internet-Draft The GNU Name System November 2019
1096 1106
1097 3. Encrypt the REV data using K and IV. 1107 3. Encrypt the REV data using K and IV.
1098 1108
1099 4. Derive the proof of work from the encrypted REV. 1109 4. Derive the proof of work from the encrypted REV and check against
1110 the proof condition.
1111
1112 The first step in the PoW is a call to scrypt with the REV data as
1113 password parameter to derive the initial key material K:
1100 1114
1101 K := scrypt (P := REV) 1115 K := scrypt (P := REV)
1102 1116
1117
1118
1119
1120Schanzenbach, et al. Expires 13 May 2020 [Page 20]
1121
1122Internet-Draft The GNU Name System November 2019
1123
1124
1103 Figure 16 1125 Figure 16
1104 1126
1127 The second step is to derive an initialization vector using a Hash-
1128 based Key Derivation Function as defined in ([RFC5869]).
1129 Specifically, HMAC-SHA512 is used for the extraction phase and HMAC-
1130 SHA256 for the expansion phase.
1131
1132 STATUS QUO:
1105 PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!", 1133 PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!",
1106 K[0,31]) 1134 K[0,31])
1107 PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH", 1135 PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH",
@@ -1112,36 +1140,43 @@ Internet-Draft The GNU Name System November 2019
1112 IV_two := HKDF-Expand (PRK_two, 1140 IV_two := HKDF-Expand (PRK_two,
1113 "gnunet-revocation-proof-of-work, 1141 "gnunet-revocation-proof-of-work,
1114 128 / 8) 1142 128 / 8)
1115 1143 ALTERNATIVE:
1116 Figure 17 1144 PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K)
1145 IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 128 / 8);
1117 1146
1118 1147
1148 Figure 17
1119 1149
1120Schanzenbach, et al. Expires 13 May 2020 [Page 20] 1150 We divide the resulting keying material "K" into a 256-bit AES
1121 1151 [RFC3826] key and a 256-bit TWOFISH [TWOFISH] key and use IV as
1122Internet-Draft The GNU Name System November 2019 1152 corresponding initialization vectors:
1123
1124 1153
1154 STATUS QUO:
1125 EREV := TWOFISH(K[0:31], IV_two, 1155 EREV := TWOFISH(K[0:31], IV_two,
1126 AES(K[32:63], IV_aes, REV)) 1156 AES(K[32:63], IV_aes, REV))
1157 ALTERNATIVE:
1158 EREV := TWOFISH(K[0:31], IV[16:31],
1159 AES(K[32:63], IV[0:15], REV))
1160
1127 1161
1128 Figure 18 1162 Figure 18
1129 1163
1130 The above EREV data object is calculated with different values for 1164 The above EREV data object is again derived using the scrypt
1131 the "NONCE" in "REV" until the following inequality holds: 1165 algorithm. The proof of work is complete, if the following
1166 inequality holds:
1132 1167
1133 scrypt(P := EREV) < 2^(39)-1 1168 scrypt(P := EREV) < 2^(39)-1
1134 1169
1170
1135 Figure 19 1171 Figure 19
1136 1172
1137 For all occurences above, "scrypt" is the scrypt algorithm as defined
1138 in [RFC7914] with the following parameters set:
1139 1173
1140 S := "gnunet-revocation-proof-of-work" /* Salt */ 1174
1141 N := 2 1175
1142 r := 8 /* Block size */ 1176Schanzenbach, et al. Expires 13 May 2020 [Page 21]
1143 p := 2 /* Parallelization parameter */ 1177
1144 dkLen := 64 /* Intended output length in octets */ 1178Internet-Draft The GNU Name System November 2019
1179
1145 1180
11468. Determining the Root Zone and Zone Governance 11818. Determining the Root Zone and Zone Governance
1147 1182
@@ -1169,15 +1204,6 @@ Internet-Draft The GNU Name System November 2019
1169 1204
1170 GNS clients SHOULD first try to interpret the top-level domain of a 1205 GNS clients SHOULD first try to interpret the top-level domain of a
1171 GNS name as a zone key. For example. if the top-level domain is a 1206 GNS name as a zone key. For example. if the top-level domain is a
1172
1173
1174
1175
1176Schanzenbach, et al. Expires 13 May 2020 [Page 21]
1177
1178Internet-Draft The GNU Name System November 2019
1179
1180
1181 Base32-encoded public zone key "zk", the root zone of the resolution 1207 Base32-encoded public zone key "zk", the root zone of the resolution
1182 process is implicitly given by the name: 1208 process is implicitly given by the name:
1183 1209
@@ -1200,6 +1226,14 @@ Internet-Draft The GNU Name System November 2019
1200 => Entry zone: zk1 1226 => Entry zone: zk1
1201 => Name to resolve from entry zone: www.example 1227 => Name to resolve from entry zone: www.example
1202 1228
1229
1230
1231
1232Schanzenbach, et al. Expires 13 May 2020 [Page 22]
1233
1234Internet-Draft The GNU Name System November 2019
1235
1236
1203 Finally, additional "suffix to zone" mappings MAY be configured. 1237 Finally, additional "suffix to zone" mappings MAY be configured.
1204 Suffix to zone key mappings SHOULD be configurable through a local 1238 Suffix to zone key mappings SHOULD be configurable through a local
1205 configuration file or database by the user or system administrator. 1239 configuration file or database by the user or system administrator.
@@ -1223,17 +1257,6 @@ Internet-Draft The GNU Name System November 2019
1223 1257
1224 TODO 1258 TODO
1225 1259
1226
1227
1228
1229
1230
1231
1232Schanzenbach, et al. Expires 13 May 2020 [Page 22]
1233
1234Internet-Draft The GNU Name System November 2019
1235
1236
123710. IANA Considerations 126010. IANA Considerations
1238 1261
1239 IANA is requested to create an "GNU Name System Record Type" 1262 IANA is requested to create an "GNU Name System Record Type"
@@ -1254,6 +1277,19 @@ Internet-Draft The GNU Name System November 2019
1254 Served", as described in [RFC8126]. IANA is requested to populate 1277 Served", as described in [RFC8126]. IANA is requested to populate
1255 this registry as follows: 1278 this registry as follows:
1256 1279
1280
1281
1282
1283
1284
1285
1286
1287
1288Schanzenbach, et al. Expires 13 May 2020 [Page 23]
1289
1290Internet-Draft The GNU Name System November 2019
1291
1292
1257 Number | Type | Contact | References 1293 Number | Type | Contact | References
1258 ---------+-----------------+---------+--------- 1294 ---------+-----------------+---------+---------
1259 65536 | PKEY | N/A | [This.I-D] 1295 65536 | PKEY | N/A | [This.I-D]
@@ -1282,14 +1318,6 @@ Internet-Draft The GNU Name System November 2019
1282 zk (public zone key) := 1318 zk (public zone key) :=
1283 dff911496d025d7e 1319 dff911496d025d7e
1284 0885c03d19153e99 1320 0885c03d19153e99
1285
1286
1287
1288Schanzenbach, et al. Expires 13 May 2020 [Page 23]
1289
1290Internet-Draft The GNU Name System November 2019
1291
1292
1293 4f213f23ea719eca 1321 4f213f23ea719eca
1294 17fc32dc410e082e 1322 17fc32dc410e082e
1295 1323
@@ -1310,6 +1338,14 @@ Internet-Draft The GNU Name System November 2019
1310 0017c802f7d32e18 1338 0017c802f7d32e18
1311 1339
1312 q (query key) := 1340 q (query key) :=
1341
1342
1343
1344Schanzenbach, et al. Expires 13 May 2020 [Page 24]
1345
1346Internet-Draft The GNU Name System November 2019
1347
1348
1313 6fce4deddc5ad681 1349 6fce4deddc5ad681
1314 f4e29a3310767e3b 1350 f4e29a3310767e3b
1315 8b38bc1b276ce2ba 1351 8b38bc1b276ce2ba
@@ -1339,13 +1375,6 @@ Internet-Draft The GNU Name System November 2019
1339 071be189a9d236f9 1375 071be189a9d236f9
1340 b4a3654bb8c281d4 1376 b4a3654bb8c281d4
1341 1377
1342
1343
1344Schanzenbach, et al. Expires 13 May 2020 [Page 24]
1345
1346Internet-Draft The GNU Name System November 2019
1347
1348
1349 RDATA := 1378 RDATA :=
1350 0000000100059412 RR COUNT | EXPIRA- 1379 0000000100059412 RR COUNT | EXPIRA-
1351 09ddea0f00000014 -TION | DATA SIZE (20) 1380 09ddea0f00000014 -TION | DATA SIZE (20)
@@ -1365,6 +1394,14 @@ Internet-Draft The GNU Name System November 2019
1365 afc99ba9c5a3bb54 1394 afc99ba9c5a3bb54
1366 07e731a34680ee33 1395 07e731a34680ee33
1367 ae0de7bfeda7d2b7 1396 ae0de7bfeda7d2b7
1397
1398
1399
1400Schanzenbach, et al. Expires 13 May 2020 [Page 25]
1401
1402Internet-Draft The GNU Name System November 2019
1403
1404
1368 8c6b854a008b1b54 1405 8c6b854a008b1b54
1369 10df4f39f5ba9f46____________ 1406 10df4f39f5ba9f46____________
1370 8cb514a56c0eaae0 zk_h 1407 8cb514a56c0eaae0 zk_h
@@ -1393,15 +1430,6 @@ Internet-Draft The GNU Name System November 2019
1393 specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, 1430 specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
1394 November 1987, <https://www.rfc-editor.org/info/rfc1035>. 1431 November 1987, <https://www.rfc-editor.org/info/rfc1035>.
1395 1432
1396
1397
1398
1399
1400Schanzenbach, et al. Expires 13 May 2020 [Page 25]
1401
1402Internet-Draft The GNU Name System November 2019
1403
1404
1405 [RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for 1433 [RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
1406 specifying the location of services (DNS SRV)", RFC 2782, 1434 specifying the location of services (DNS SRV)", RFC 2782,
1407 DOI 10.17487/RFC2782, February 2000, 1435 DOI 10.17487/RFC2782, February 2000,
@@ -1422,6 +1450,14 @@ Internet-Draft The GNU Name System November 2019
1422 DOI 10.17487/RFC3826, June 2004, 1450 DOI 10.17487/RFC3826, June 2004,
1423 <https://www.rfc-editor.org/info/rfc3826>. 1451 <https://www.rfc-editor.org/info/rfc3826>.
1424 1452
1453
1454
1455
1456Schanzenbach, et al. Expires 13 May 2020 [Page 26]
1457
1458Internet-Draft The GNU Name System November 2019
1459
1460
1425 [RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand 1461 [RFC5869] Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
1426 Key Derivation Function (HKDF)", RFC 5869, 1462 Key Derivation Function (HKDF)", RFC 5869,
1427 DOI 10.17487/RFC5869, May 2010, 1463 DOI 10.17487/RFC5869, May 2010,
@@ -1450,14 +1486,6 @@ Internet-Draft The GNU Name System November 2019
1450 for Security", RFC 7748, DOI 10.17487/RFC7748, January 1486 for Security", RFC 7748, DOI 10.17487/RFC7748, January
1451 2016, <https://www.rfc-editor.org/info/rfc7748>. 1487 2016, <https://www.rfc-editor.org/info/rfc7748>.
1452 1488
1453
1454
1455
1456Schanzenbach, et al. Expires 13 May 2020 [Page 26]
1457
1458Internet-Draft The GNU Name System November 2019
1459
1460
1461 [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital 1489 [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital
1462 Signature Algorithm (EdDSA)", RFC 8032, 1490 Signature Algorithm (EdDSA)", RFC 8032,
1463 DOI 10.17487/RFC8032, January 2017, 1491 DOI 10.17487/RFC8032, January 2017,
@@ -1477,6 +1505,15 @@ Internet-Draft The GNU Name System November 2019
1477 1505
1478Authors' Addresses 1506Authors' Addresses
1479 1507
1508
1509
1510
1511
1512Schanzenbach, et al. Expires 13 May 2020 [Page 27]
1513
1514Internet-Draft The GNU Name System November 2019
1515
1516
1480 Martin Schanzenbach 1517 Martin Schanzenbach
1481 GNUnet e.V. 1518 GNUnet e.V.
1482 Boltzmannstrasse 3 1519 Boltzmannstrasse 3
@@ -1509,4 +1546,23 @@ Authors' Addresses
1509 1546
1510 1547
1511 1548
1512Schanzenbach, et al. Expires 13 May 2020 [Page 27] 1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568Schanzenbach, et al. Expires 13 May 2020 [Page 28]
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index 276f8bf..9bf1201 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -1135,6 +1135,18 @@
1135 ahead of time to support timely revocation. 1135 ahead of time to support timely revocation.
1136 </t> 1136 </t>
1137 <t> 1137 <t>
1138 For all occurences below, "scrypt" is the scrypt Password-based Key
1139 Derivation Function as defined in <xref target="RFC7914" /> with the
1140 following parameters set:
1141 </t>
1142 <artwork name="" type="" align="left" alt=""><![CDATA[
1143 S := "gnunet-revocation-proof-of-work" /* Salt */
1144 N := 2
1145 r := 8 /* Block size */
1146 p := 2 /* Parallelization parameter */
1147 dkLen := 64 /* Intended output length in octets */
1148 ]]></artwork>
1149 <t>
1138 The following the the basic data "REV" on which the proof-of work is 1150 The following the the basic data "REV" on which the proof-of work is
1139 calculated: 1151 calculated:
1140 </t> 1152 </t>
@@ -1158,15 +1170,29 @@
1158 <li>Derive initial key material K from the REV data.</li> 1170 <li>Derive initial key material K from the REV data.</li>
1159 <li>Derive IV material from the key material K.</li> 1171 <li>Derive IV material from the key material K.</li>
1160 <li>Encrypt the REV data using K and IV.</li> 1172 <li>Encrypt the REV data using K and IV.</li>
1161 <li>Derive the proof of work from the encrypted REV.</li> 1173 <li>Derive the proof of work from the encrypted REV and check against
1174 the proof condition.</li>
1162 </ol> 1175 </ol>
1176 <t>
1177 The first step in the PoW is a call to scrypt with the REV data as
1178 password parameter to derive the initial key material K:
1179 </t>
1163 <figure> 1180 <figure>
1164 <artwork name="" type="" align="left" alt=""><![CDATA[ 1181 <artwork name="" type="" align="left" alt=""><![CDATA[
1165 K := scrypt (P := REV) 1182 K := scrypt (P := REV)
1166 ]]></artwork> 1183 ]]></artwork>
1167 </figure> 1184 </figure>
1185 <t>
1186 The second step is to derive an initialization vector using a
1187 Hash-based Key Derivation Function as defined in
1188 (<xref target="RFC5869"/>).
1189 Specifically, HMAC-SHA512 is used for the
1190 extraction phase and HMAC-SHA256 for the expansion phase.
1191 </t>
1192
1168 <figure> 1193 <figure>
1169 <artwork name="" type="" align="left" alt=""><![CDATA[ 1194 <artwork name="" type="" align="left" alt=""><![CDATA[
1195 STATUS QUO:
1170 PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!", 1196 PRK_aes := HKDF-Extract ("gnunet-proof-of-work-ivAES!",
1171 K[0,31]) 1197 K[0,31])
1172 PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH", 1198 PRK_two := HKDF-Extract ("gnunet-proof-of-work-ivFISH",
@@ -1177,36 +1203,42 @@
1177 IV_two := HKDF-Expand (PRK_two, 1203 IV_two := HKDF-Expand (PRK_two,
1178 "gnunet-revocation-proof-of-work, 1204 "gnunet-revocation-proof-of-work,
1179 128 / 8) 1205 128 / 8)
1206 ALTERNATIVE:
1207 PRK := HKDF-Extract ("gnunet-proof-of-work-iv", K)
1208 IV := HKDF-Expand (PRK, "gnunet-revocation-proof-of-work", 128 / 8);
1209
1180 ]]></artwork> 1210 ]]></artwork>
1181 </figure> 1211 </figure>
1212 <t>
1213 We divide the resulting keying material "K" into a 256-bit AES
1214 <xref target="RFC3826" /> key and a 256-bit TWOFISH
1215 <xref target="TWOFISH" /> key and use IV as corresponding
1216 initialization vectors:
1217 </t>
1218
1182 <figure> 1219 <figure>
1183 <artwork name="" type="" align="left" alt=""><![CDATA[ 1220 <artwork name="" type="" align="left" alt=""><![CDATA[
1221 STATUS QUO:
1184 EREV := TWOFISH(K[0:31], IV_two, 1222 EREV := TWOFISH(K[0:31], IV_two,
1185 AES(K[32:63], IV_aes, REV)) 1223 AES(K[32:63], IV_aes, REV))
1224 ALTERNATIVE:
1225 EREV := TWOFISH(K[0:31], IV[16:31],
1226 AES(K[32:63], IV[0:15], REV))
1227
1186 ]]></artwork> 1228 ]]></artwork>
1187 </figure> 1229 </figure>
1188 <t> 1230 <t>
1189 The above EREV data object is calculated with different values for the 1231 The above EREV data object is again derived using the scrypt algorithm.
1190 "NONCE" in "REV" until the following inequality holds: 1232 The proof of work is complete, if the following inequality holds:
1191 </t> 1233 </t>
1192 1234
1193 <figure> 1235 <figure>
1194 <artwork name="" type="" align="left" alt=""><![CDATA[ 1236 <artwork name="" type="" align="left" alt=""><![CDATA[
1195 scrypt(P := EREV) < 2^(39)-1 1237 scrypt(P := EREV) < 2^(39)-1
1196 ]]></artwork> 1238 ]]>
1197 </figure> 1239 </artwork>
1198 <t> 1240 </figure>
1199 For all occurences above, "scrypt" is the scrypt algorithm as defined in 1241 </section>
1200 <xref target="RFC7914" /> with the following parameters set:
1201 </t>
1202 <artwork name="" type="" align="left" alt=""><![CDATA[
1203 S := "gnunet-revocation-proof-of-work" /* Salt */
1204 N := 2
1205 r := 8 /* Block size */
1206 p := 2 /* Parallelization parameter */
1207 dkLen := 64 /* Intended output length in octets */
1208 ]]></artwork>
1209 </section>
1210 <section anchor="governance" numbered="true" toc="default"> 1242 <section anchor="governance" numbered="true" toc="default">
1211 <name>Determining the Root Zone and Zone Governance</name> 1243 <name>Determining the Root Zone and Zone Governance</name>
1212 <t> 1244 <t>
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 03:36:06 +0000