commit 27748eb7472e07ae0bf62a34d7e29745041c7ad2
parent 67b27a4f6a60fab903f5789a991261490b3f901b
Author: Christian Grothoff <grothoff@gnunet.org>
Date: Mon, 31 Jan 2022 17:01:00 +0100
do not split KeyGen
Diffstat:
1 file changed, 38 insertions(+), 32 deletions(-)
diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
@@ -324,31 +324,29 @@
It can be represented by a Zone Top-Level Domain (zTLD) string.
</t>
<t>
- The zone type ztype is the unique zone type of the zone as registered
+ Each zone type (ztype) is assigned a unique 32-bit number when it is registered
in the GNUnet Assigned Numbers Authority <xref target="GANA" />.
- The zone type determines which cryptosystem is used for the
+ The ztype determines which cryptosystem is used for the
asymmetric and symmetric key operations of the zone.
- The zone type is identified by a 32-bit number.
- It always corresponds to a resource record type number identifying a
- delegation into a zone of this type.
+ The ztype number always corresponds to a resource record type
+ number identifying a delegation into a zone of this type. To
+ ensure that there are no conflicts with DNS record types, ztypes
+ are always assigned numeric values above 65535.
</t>
<t>
- For any zone, d is the private key. zk is the zone key.
- The specific formats depends on the zone type.
- The creation of zone keys for the default zone types are specified in
+ For any zone, let d be the private key and zk the public zone key.
+ The specific wire format used depends on the ztype.
+ The creation of zone keys for the default ztypes are specified in
<xref target="gnsrecords_delegation"/>.
- New zone types may be specified in the future, for example if the
+ New ztypes may be specified in the future, for example if the
cryptographic mechanisms used in this document are broken.
- Any zone type MUST define the following set of cryptographic functions:
+ Any ztype MUST define the following set of cryptographic functions:
</t>
<dl>
- <dt>Private-KeyGen() -> d</dt>
+ <dt>KeyGen() -> d, zk</dt>
<dd>
- is a function to generate a fresh private key d.
- </dd>
- <dt>Public-KeyGen(d) -> zk</dt>
- <dd>
- is a function to derive a zone key zk from a private key d.
+ is a function to generate a fresh private key d and
+ the corresponding public zone key zk.
</dd>
<dt>ZKDF-Private(d,label) -> d'</dt>
<dd>
@@ -361,7 +359,7 @@
is a zone key derivation function which blinds a zone key zk
using a label. zk and zk' must be unlinkable. Furthermore,
blinding zk with different values for the label must result
- in unlinkable different resulting values for zk'.
+ in unlinkable zk' values.
</dd>
<dt>S-Encrypt(zk,label,nonce,expiration,message) -> ciphertext</dt>
<dd>
@@ -913,15 +911,11 @@ zTLD := zkl[126..129].zkl[63..125].zkl[0..62]
<dl>
<dt>d</dt>
<dd>
- is a 256-bit ECDSA private key. The generation of the private
- scalar as defined in Section 2.2. of <xref target="RFC6979" /> represents the Private-KeyGen() function.
+ is a 256-bit ECDSA private key.
</dd>
<dt>zk</dt>
<dd>
- is the ECDSA zone key corresponding to d. Its generation is
- defined in Section 2.2. of <xref target="RFC6979" /> as the curve point d*G where G
- is the group generator of the elliptic curve.
- This generation represents the Public-KeyGen(d) function.
+ is the ECDSA public zone key corresponding to d.
</dd>
<dt>p</dt>
<dd>
@@ -937,6 +931,12 @@ zTLD := zkl[126..129].zkl[63..125].zkl[0..62]
<dd>
is the order of the prime-order subgroup of edwards25519 in <xref target="RFC7748" />.
</dd>
+ <dt>KeyGen()</dt>
+ <dd>The generation of the private
+ scalar d and the curve point zk := d*G (where G is the group generator
+ of the elliptic curve) as defined in Section 2.2. of
+ <xref target="RFC6979" /> represents the KeyGen() function.
+ </dd>
</dl>
<t>
The zone type and zone key of a PKEY are 32 + 4 bytes in length. This means that
@@ -1076,9 +1076,7 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
<dl>
<dt>d</dt>
<dd>
- is a 256-bit EdDSA private key. The generation as defined
- in Section 3.2. of <xref target="RFC8032" /> and represents the Private-KeyGen()
- function.
+ is a 256-bit EdDSA private key.
</dd>
<dt>a</dt>
<dd>
@@ -1087,12 +1085,10 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
</dd>
<dt>zk</dt>
<dd>
- is the EdDSA public key corresponding to d. It is defined in
- Section 3.2 of <xref target="RFC8032" /> as the curve point a*G where G is the
- group generator of the elliptic curve and a is an integer
- derived from d using the SHA-512 hash function.
- This generation including the derivation of a represents the
- Public-KeyGen(d) function.
+ is the EdDSA public key corresponding to d. It is defined
+ as the curve point a*G where G is the
+ group generator of the elliptic curve
+ as defined in <xref target="ed25519" />.
</dd>
<dt>p</dt>
<dd>
@@ -1108,6 +1104,16 @@ NONCE := HKDF-Expand (PRK_n, label, 32 / 8)
<dd>
is the order of the prime-order subgroup of edwards25519 in <xref target="RFC7748" />.
</dd>
+ <dt>KeyGen()</dt>
+ <dd>
+ The generation of the private key d and the associated public
+ key zk := a*G where G is the
+ group generator of the elliptic curve and a is an integer
+ derived from d using the SHA-512 hash function
+ as defined
+ in Section 3.2. of <xref target="RFC8032" /> represents the KeyGen()
+ function.
+ </dd>
</dl>
<t>
The zone type and zone key of an EDKEY are 32 + 4 bytes in length. This means that
