commit 0953de08695ccf307c73f161120e8df8f84255ab
parent 29a6435b02edfa6884075a038984d2ec9b0c29df
Author: Schanzenbach, Martin <mschanzenbach@posteo.de>
Date: Sat, 5 Oct 2019 22:17:14 +0200
update math, privacy notes
Diffstat:
3 files changed, 10 insertions(+), 14 deletions(-)
diff --git a/draft-schanzen-gns.html b/draft-schanzen-gns.html
@@ -1204,8 +1204,6 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
GNS employs the curve parameters of the twisted edwards representation
of Curve25519 <span>[<a href="#RFC7748" class="xref">RFC7748</a>]</span> (a.k.a. edwards25519)
with the ECDSA scheme (<span>[<a href="#RFC6979" class="xref">RFC6979</a>]</span>).
- The deterministic property of ECDSA (as opposed to EdDSA) is required
- in order to achieve zone privacy.
In the following, we use the following naming convention for our
cryptographic primitives:<a href="#section-2-1" class="pilcrow">¶</a></p>
<dl class="dlParallel" id="section-2-2">
@@ -1575,8 +1573,8 @@ async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(le
<pre>
PRK_h := HKDF-Extract ("key-derivation", zk)
h := HKDF-Expand (PRK_h, label | "gns", 512 / 8)
- d_h := h*d mod L
- zk_h := h*zk mod L
+ d_h := h mod L * d
+ zk_h := h mod L * zk
q := SHA512 (zk_h)
</pre><a href="#section-4.1-2" class="pilcrow">¶</a>
</div>
diff --git a/draft-schanzen-gns.txt b/draft-schanzen-gns.txt
@@ -139,10 +139,8 @@ Internet-Draft The GNU Name System July 2019
where d is the private key and zk the corresponding public key. GNS
employs the curve parameters of the twisted edwards representation of
Curve25519 [RFC7748] (a.k.a. edwards25519) with the ECDSA scheme
- ([RFC6979]). The deterministic property of ECDSA (as opposed to
- EdDSA) is required in order to achieve zone privacy. In the
- following, we use the following naming convention for our
- cryptographic primitives:
+ ([RFC6979]). In the following, we use the following naming
+ convention for our cryptographic primitives:
d is a 256-bit ECDSA private key. In GNS, records are signed using
a key derived from "d" as described in Section 4.
@@ -165,6 +163,8 @@ Internet-Draft The GNU Name System July 2019
+
+
Schanzenbach, et al. Expires 24 January 2020 [Page 3]
�
Internet-Draft The GNU Name System July 2019
@@ -439,8 +439,8 @@ Internet-Draft The GNU Name System July 2019
PRK_h := HKDF-Extract ("key-derivation", zk)
h := HKDF-Expand (PRK_h, label | "gns", 512 / 8)
- d_h := h*d mod L
- zk_h := h*zk mod L
+ d_h := h mod L * d
+ zk_h := h mod L * zk
q := SHA512 (zk_h)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -117,8 +117,6 @@
GNS employs the curve parameters of the twisted edwards representation
of Curve25519 <xref target="RFC7748" /> (a.k.a. edwards25519)
with the ECDSA scheme (<xref target="RFC6979" />).
- The deterministic property of ECDSA (as opposed to EdDSA) is required
- in order to achieve zone privacy.
In the following, we use the following naming convention for our
cryptographic primitives:
</t>
@@ -446,8 +444,8 @@
<artwork name="" type="" align="left" alt=""><![CDATA[
PRK_h := HKDF-Extract ("key-derivation", zk)
h := HKDF-Expand (PRK_h, label | "gns", 512 / 8)
- d_h := h*d mod L
- zk_h := h*zk mod L
+ d_h := h mod L * d
+ zk_h := h mod L * zk
q := SHA512 (zk_h)
]]></artwork>
<t>
