From 78385868959876f08149d7cd0346b2603d327a0f Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 8 Feb 2023 11:39:37 -0500
Subject: Refer to N_hs_desc_enc in description of encrypted-cookie

---
 rend-spec-v3.txt | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt
index 0dc20db..947d82e 100644
--- a/rend-spec-v3.txt
+++ b/rend-spec-v3.txt
@@ -1242,13 +1242,8 @@ Table of contents:
       a pre-shared x25519 keypair (`KP_hsc_desc_enc`) which is used to
       decrypt the descriptor cookie.
 
-
-      We now describe the descriptor cookie encryption scheme. Here are the
-      relevant keys:
-
-          descriptor_cookie = descriptor cookie used to encrypt the descriptor
-
-      And here is what the hidden service computes:
+      We now describe the descriptor cookie encryption scheme. Here is what
+      the hidden service computes:
 
           SECRET_SEED = x25519(KS_hs_desc_ephem, KP_hsc_desc_enc)
           KEYS = KDF(N_hs_subcred | SECRET_SEED, 40)
@@ -1263,7 +1258,7 @@ Table of contents:
 
       - The "encrypted-cookie" field contains the descriptor cookie ciphertext
         as follows and is encoded in base64:
-           encrypted-cookie = STREAM(iv, COOKIE-KEY) XOR descriptor_cookie
+           encrypted-cookie = STREAM(iv, COOKIE-KEY) XOR N_hs_desc_enc.
 
       See section [FIRST-LAYER-CLIENT-BEHAVIOR] for the client-side logic of
       how to decrypt the descriptor cookie.
-- 
cgit v1.2.3-54-g00ecf