From b63106887099ad4bbfcd21623ab29a4b9583048c Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 17 Jan 2023 13:21:26 +0000 Subject: rend-spec: Clarify and slightly reword credential explanation Introduce the credential and subcredential before we use them. Talk about the public identity key rather than the credential, when we can. --- rend-spec-v3.txt | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'rend-spec-v3.txt') diff --git a/rend-spec-v3.txt b/rend-spec-v3.txt index d72c36f..dacdaa9 100644 --- a/rend-spec-v3.txt +++ b/rend-spec-v3.txt @@ -495,12 +495,19 @@ Table of contents: hidden service descriptors are not signed with the services' public keys directly. Instead, we use a key-blinding system [KEYBLIND] to create a new key-of-the-day for each hidden service. Any client that - knows the hidden service's credential can derive these blinded + knows the hidden service's public identity key can derive these blinded signing keys for a given period. It should be impossible to derive - the blinded signing key lacking that credential. + the blinded signing key lacking that knowledge. + + This is achieved using two nonces: + + * A "credential", derived from the public identity key KP_hsid. + + * A "subcredential", derived from the credential N_hs_cred + and information which various with the current time period. The body of each descriptor is also encrypted with a key derived from - the credential. + the public signing key. To avoid a "thundering herd" problem where every service generates and uploads a new descriptor at the start of each period, each -- cgit v1.2.3-54-g00ecf