From 8de17fa1b84c59a74178aba57c146bfb431801cf Mon Sep 17 00:00:00 2001 From: "John M. Schanck" Date: Fri, 14 Oct 2016 14:05:18 -0400 Subject: prop269: Removed hash of initial XTR salt --- proposals/269-hybrid-handshake.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'proposals/269-hybrid-handshake.txt') diff --git a/proposals/269-hybrid-handshake.txt b/proposals/269-hybrid-handshake.txt index 76b32c0..eb35180 100644 --- a/proposals/269-hybrid-handshake.txt +++ b/proposals/269-hybrid-handshake.txt @@ -168,7 +168,7 @@ Status: Draft s2, C := KEM_ENC(EPK) The server extracts the seed: - SALT := H(ID | A | X | EPK) + SALT := ID | A | X | EPK secret := s0 | s1 | s2 seed := EXTRACT(SALT, secret) @@ -190,7 +190,7 @@ Status: Draft s2 := KEM_DEC(C, esk) The client then derives the seed: - SALT := H(ID | A | X | EPK) + SALT := ID | A | X | EPK secret := s0 | s1 | s2 seed := EXTRACT(SALT, secret); @@ -225,7 +225,7 @@ Status: Draft | s0 := H(DH_MUL(X,a)) | | s1 := DH_MUL(X,y) | | s2, C := KEM_ENC(EPK) | - | SALT := H(ID | A | X | EPK) | + | SALT := ID | A | X | EPK | | secret := s0 | s1 | s2 | | seed := EXTRACT(SALT, secret) | | verify := EXPAND(seed, T_AUTH, MU) | @@ -239,7 +239,7 @@ Status: Draft | s0 := H(DH_MUL(A,x)) | | s1 := DH_MUL(Y,x) | | s2 := KEM_DEC(C, esk) | - | SALT := H(ID | A | X | EPK) | + | SALT := ID | A | X | EPK | | secret := s0 | s1 | s2 | | seed := EXTRACT(SALT, secret) | | verify := EXPAND(seed, T_AUTH, MU) | @@ -279,7 +279,7 @@ Status: Draft key := EXPAND(seed, M_EXPAND, KEY_LEN) In hybrid-null the server computes - SALT := H(ID | A | X) + SALT := ID | A | X secret_input := H(EXP(X,a)) | EXP(X,y) seed := EXTRACT(SALT, secret_input) verify := EXPAND(seed, T_AUTH, MU) -- cgit v1.2.3-54-g00ecf