prop224: Specify blinding factor clamping.

author: George Kadianakis <desnacked@riseup.net> 2017-05-25 16:03:46 +0300
committer: George Kadianakis <desnacked@riseup.net> 2017-05-25 16:08:34 +0300
commit: 6d0b14fea3c2cf96c625203debb4416c6b7896d7 (patch)
tree: 8b1f36597c53dc88274c57291985392f5b63b85b /proposals/224-rend-spec-ng.txt
parent: c8e256400689fd19f4c429349f532ab21cb7583e (diff)
download: torspec-6d0b14fea3c2cf96c625203debb4416c6b7896d7.tar.gz
torspec-6d0b14fea3c2cf96c625203debb4416c6b7896d7.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/proposals/224-rend-spec-ng.txt b/proposals/224-rend-spec-ng.txt
index 6f16fce..247af87 100644
--- a/proposals/224-rend-spec-ng.txt
+++ b/proposals/224-rend-spec-ng.txt
@@ -2043,7 +2043,13 @@ A.2. Tor's key derivation scheme
            BLIND_STRING = "Derive temporary signing key"
            N = "key-blind" | INT_8(period-number) | INT_8(period_length)
 
-  and then do the following:
+  then clamp the blinding factor 'h' according to the ed25519 spec:
+
+           h[0] &= 248;
+           h[31] &= 127;
+           h[31] |= 64;
+
+  and do the key derivation as follows:
 
       private key for the period:   a' = h a
       public key for the period:    A' = h A = (ha)B
author	George Kadianakis <desnacked@riseup.net>	2017-05-25 16:03:46 +0300
committer	George Kadianakis <desnacked@riseup.net>	2017-05-25 16:08:34 +0300
commit	6d0b14fea3c2cf96c625203debb4416c6b7896d7 (patch)
tree	8b1f36597c53dc88274c57291985392f5b63b85b /proposals/224-rend-spec-ng.txt
parent	c8e256400689fd19f4c429349f532ab21cb7583e (diff)
download	torspec-6d0b14fea3c2cf96c625203debb4416c6b7896d7.tar.gz torspec-6d0b14fea3c2cf96c625203debb4416c6b7896d7.zip