diff options
Diffstat (limited to 'draft-schanzen-gns.xml')
| -rw-r--r-- | draft-schanzen-gns.xml | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 0141940..de1af5b 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml | |||
| @@ -679,7 +679,13 @@ PRK_h := HKDF-Extract ("key-derivation", zk) | |||
| 679 | h := HKDF-Expand (PRK_h, label | "gns", 512 / 8) | 679 | h := HKDF-Expand (PRK_h, label | "gns", 512 / 8) |
| 680 | h[31] &= 7 // Implies h mod L == h | 680 | h[31] &= 7 // Implies h mod L == h |
| 681 | zk’ := h * zk | 681 | zk’ := h * zk |
| 682 | ]]></artwork> | 682 | ]]></artwork> |
| 683 | <t> | ||
| 684 | We note that implementors must employ a constant time scalar | ||
| 685 | multiplication for the constructions above. Also, implementors | ||
| 686 | must ensure that the private key "a" is an ed25519 private key | ||
| 687 | and specifically that "a[0] & 7 == 0" holds. | ||
| 688 | </t> | ||
| 683 | <t> | 689 | <t> |
| 684 | The EDKEY cryptosystem uses a | 690 | The EDKEY cryptosystem uses a |
| 685 | hash-based key derivation function (HKDF) as defined in | 691 | hash-based key derivation function (HKDF) as defined in |
| @@ -698,7 +704,8 @@ zk’ := h * zk | |||
| 698 | </t> | 704 | </t> |
| 699 | <t> | 705 | <t> |
| 700 | We point out that the multiplication of "zk" with "h" is a point multiplication, | 706 | We point out that the multiplication of "zk" with "h" is a point multiplication, |
| 701 | while the multiplication of "a" with "h" is a scalar multiplication. | 707 | while the division and multiplication of "a" and "a1" with the |
| 708 | cofactor are integer operations. | ||
| 702 | </t> | 709 | </t> |
| 703 | <t> | 710 | <t> |
| 704 | Signatures for EDKEY zones using the derived private key "a'" | 711 | Signatures for EDKEY zones using the derived private key "a'" |