diff options
Diffstat (limited to 'draft-schanzen-gns.xml')
| -rw-r--r-- | draft-schanzen-gns.xml | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 10c95d0..0141940 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
| @@ -665,10 +665,10 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8) | |||
| 665 | zk := a * G | 665 | zk := a * G |
| 666 | PRK_h := HKDF-Extract ("key-derivation", zk) | 666 | PRK_h := HKDF-Extract ("key-derivation", zk) |
| 667 | h := HKDF-Expand (PRK_h, label | "gns", 512 / 8) | 667 | h := HKDF-Expand (PRK_h, label | "gns", 512 / 8) |
| 668 | a' := h * a mod L | 668 | h[31] &= 7 |
| 669 | a'[0] &= 248; | 669 | a1 := a / 8 /* 8 is the cofactor of Curve25519 */ |
| 670 | a'[31] &= 127; | 670 | a2 := h * a1 mod L |
| 671 | a'[31] |= 64; | 671 | a' = a2 * 8 /* 8 is the cofactor of Curve25519 */ |
| 672 | ]]></artwork> | 672 | ]]></artwork> |
| 673 | <t> | 673 | <t> |
| 674 | Equally, given a label, the output of the HDKD-Public function is | 674 | Equally, given a label, the output of the HDKD-Public function is |
| @@ -677,11 +677,8 @@ a'[31] |= 64; | |||
| 677 | <artwork name="" type="" align="left" alt=""><![CDATA[ | 677 | <artwork name="" type="" align="left" alt=""><![CDATA[ |
| 678 | PRK_h := HKDF-Extract ("key-derivation", zk) | 678 | PRK_h := HKDF-Extract ("key-derivation", zk) |
| 679 | h := HKDF-Expand (PRK_h, label | "gns", 512 / 8) | 679 | h := HKDF-Expand (PRK_h, label | "gns", 512 / 8) |
| 680 | a' = h mod L | 680 | h[31] &= 7 // Implies h mod L == h |
| 681 | a'[0] &= 248; | 681 | zk’ := h * zk |
| 682 | a'[31] &= 127; | ||
| 683 | a'[31] |= 64; | ||
| 684 | zk' := a' * zk | ||
| 685 | ]]></artwork> | 682 | ]]></artwork> |
| 686 | <t> | 683 | <t> |
| 687 | The EDKEY cryptosystem uses a | 684 | The EDKEY cryptosystem uses a |