commit bcf8c60a8b77a175b6ce448fed6d651f2d486054 Author: Isis Lovecruft isis@torproject.org Date: Sun May 8 15:56:30 2016 +0000
Clarify requiring output check in EXP() spec in NewHope proposal.
* THANKS TO Yawning Angel for suggesting the clarification. --- proposals/XXX-newhope-hybrid-handshake.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/proposals/XXX-newhope-hybrid-handshake.txt b/proposals/XXX-newhope-hybrid-handshake.txt index d11fbd2..607b533 100644 --- a/proposals/XXX-newhope-hybrid-handshake.txt +++ b/proposals/XXX-newhope-hybrid-handshake.txt @@ -73,9 +73,9 @@ Depends: prop#220 prop#249 prop#264
Let `EXP(a, b) == X25519(., b, a)` with `g == 9`. Let X25519_KEYGEN() do the appropriate manipulations when generating the secret key (clearing the - low bits, twidding the high bits). - - [XXX match RFC7748 notation more. --isis] + low bits, twidding the high bits). Additionally, EXP() MUST include the + check for all-zero output due to the input point being of small + order (cf. RFC7748 §6).
Let `X25519_KEYID(B) == B` where B is a valid X25519 public key.