From b30b4b0d559deeb59db88e7c9e8dfe97bab5bdf8 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 26 Aug 2021 10:40:19 -0400 Subject: Prop332: Minor edits. Document that MAC_KEY_LEN exists, and is 32. Switch from SHAKE128 to SHAKE256: the performance difference is negligible, and that's what we use elsewhere in Tor. --- proposals/332-ntor-v3-with-extra-data.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'proposals') diff --git a/proposals/332-ntor-v3-with-extra-data.md b/proposals/332-ntor-v3-with-extra-data.md index 06c55f9..a6e9c9b 100644 --- a/proposals/332-ntor-v3-with-extra-data.md +++ b/proposals/332-ntor-v3-with-extra-data.md @@ -109,7 +109,7 @@ We require the following crypto operations: * `H(s,t)` -- a tweakable hash function of output length `DIGEST_LEN`. * `MAC(k, msg, t)` -- a tweakable message-authentication-code function, - of output length `MAC_LEN`. + with key length `MAC_KEY_LEN` and output length `MAC_LEN`. * `EXP(pk,sk)` -- our Diffie Hellman group operation, taking a public key of length `PUB_KEY_LEN`. * `KEYGEN()` -- our Diffie-Hellman keypair generation algorithm, @@ -280,18 +280,18 @@ using a new PROTOID.) # A.1 Instantiation -Here are a set of functions based on SHA3, SHAKE128, Curve25519, and +Here are a set of functions based on SHA3, SHAKE-256, Curve25519, and AES256: ``` H(s, t) = SHA3_256(ENCAP(t) | s) MAC(k, msg, t) = SHA3_256(ENCAP(t) | ENCAP(k) | s) -KDF(s, t) = SHAKE_128(ENCAP(t) | s) +KDF(s, t) = SHAKE_256(ENCAP(t) | s) ENC(k, m) = AES_256_CTR(k, m) EXP(pk,sk), KEYGEN: defined as in curve25519 -DIGEST_LEN = MAC_LEN = ENC_KEY_LEN = PUB_KEY_LEN = 32 +DIGEST_LEN = MAC_LEN = MAC_KEY_LEN = ENC_KEY_LEN = PUB_KEY_LEN = 32 ID_LEN = 32 (representing an ed25519 identity key) ``` -- cgit v1.2.3-54-g00ecf