[tor-commits] [torspec/master] prop224: Specify ed25519 base point and add reference.

[nickm at torproject.org]

commit c396cac0f6d5ec16ac7ee2f7da243aeedca7d6d5
Author: George Kadianakis <desnacked at riseup.net>
Date:   Mon Sep 18 15:17:31 2017 +0300

    prop224: Specify ed25519 base point and add reference.
---
 proposals/224-rend-spec-ng.txt | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/proposals/224-rend-spec-ng.txt b/proposals/224-rend-spec-ng.txt
index 095fd9f..9f81cc9 100644
--- a/proposals/224-rend-spec-ng.txt
+++ b/proposals/224-rend-spec-ng.txt
@@ -2049,6 +2049,9 @@ References:
         J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and
         Bo-Yin Yang. http://cr.yp.to/papers.html#ed25519
 
+[ED25519-B-REF]:
+        https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-03#section-5:
+
 [PRNG-REFS]:
         http://projectbullrun.org/dual-ec/ext-rand.html
         https://lists.torproject.org/pipermail/tor-dev/2015-November/009954.html
@@ -2102,10 +2105,13 @@ A.2. Tor's key derivation scheme
   addition. See the Ed25519 paper [Reference ED25519-REFS] for a fairly
   clear writeup.)
 
-  Let the basepoint be written as B. Assume B has prime order l, so
-  lB=0. Let a master keypair be written as (a,A), where a is the private
-  key and A is the public key (A=aB)
-.
+  Let B be the ed25519 basepoint as found in section 5 of [ED25519-B-REF]:
+      B = (15112221349535400772501151409588531511454012693041857206046113283949847762202,
+           46316835694926478169428394003475163141307993866256225615783033603165251855960)
+
+  Assume B has prime order l, so lB=0. Let a master keypair be written as
+  (a,A), where a is the private key and A is the public key (A=aB).
+
   To derive the key for a nonce N and an optional secret s, compute the
   blinding factor like this: