I2P_Developers/i2p.www
3
0
Fork 5
Code Issues 27 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

markdown fixes

Browse Source
This commit is contained in:
zzz
2019-05-21 18:40:05 +00:00
parent 43277c1610
commit 304e69b7f4
1 changed files with 21 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
i2p2www/spec/proposals/151-ecdsa-blinding.rst
View File

@ -1,6 +1,6 @@
========================= ==================
ECDSA key blinding ECDSA key blinding
========================= ==================
.. meta:: .. meta::
:author: orignal :author: orignal
:created: 2019-05-21 :created: 2019-05-21
@ -23,11 +23,11 @@ This proposal descibes key bliding for ECDSA signature types 1, 2, 3.
Proposal Proposal
======== ========
Works the same way as RedDSA, but everyting is in Big Endian. Works the same way as RedDSA, but everything is in Big Endian.
Only same signature types are allowed, e.g. 1->1, 2->2, 3->3. Only same signature types are allowed, e.g. 1->1, 2->2, 3->3.
Definitions Definitions
~~~~~~~~~~~ -----------
B B
Curve's base point Curve's base point
@ -36,8 +36,7 @@ L
Elliptic curve's group order. Property of curve. Elliptic curve's group order. Property of curve.
DERIVE_PUBLIC(a) DERIVE_PUBLIC(a)
Convert a private key to public, by muplitpling B over an elliptic curve Convert a private key to public, by muplitpling B over an elliptic curve alpha
alpha
A 32-byte random number known to those who know the destination. A 32-byte random number known to those who know the destination.
GENERATE_ALPHA(destination, date, secret) GENERATE_ALPHA(destination, date, secret)
@ -78,13 +77,16 @@ HKDF(salt, ikm, info, n)
Blinding Calculations Blinding Calculations
~~~~~~~~~~~~~~~~~~~~~ ---------------------
A new secret alpha and blinded keys must be generated each day (UTC). A new secret alpha and blinded keys must be generated each day (UTC).
The secret alpha and the blinded keys are calculated as follows. The secret alpha and the blinded keys are calculated as follows.
GENERATE_ALPHA(destination, date, secret), for all parties: GENERATE_ALPHA(destination, date, secret), for all parties:
.. raw:: html
{% highlight lang='text' %}
// GENERATE_ALPHA(destination, date, secret) // GENERATE_ALPHA(destination, date, secret)
// secret is optional, else zero-length // secret is optional, else zero-length
@ -97,10 +99,14 @@ GENERATE_ALPHA(destination, date, secret), for all parties:
seed = HKDF(H("I2PGenerateAlpha", keydata), datestring || secret, "i2pblinding1", 64) seed = HKDF(H("I2PGenerateAlpha", keydata), datestring || secret, "i2pblinding1", 64)
// treat seed as a 64 byte big-endian value // treat seed as a 64 byte big-endian value
alpha = seed mod L alpha = seed mod L
{% endhighlight %}
BLIND_PRIVKEY(), for the owner publishing the leaseset: BLIND_PRIVKEY(), for the owner publishing the leaseset:
.. raw:: html
{% highlight lang='text' %}
// BLIND_PRIVKEY() // BLIND_PRIVKEY()
alpha = GENERATE_ALPHA(destination, date, secret) alpha = GENERATE_ALPHA(destination, date, secret)
@ -108,16 +114,21 @@ BLIND_PRIVKEY(), for the owner publishing the leaseset:
// Addition using scalar arithmentic // Addition using scalar arithmentic
blinded signing private key = a' = BLIND_PRIVKEY(a, alpha) = (a + alpha) mod L blinded signing private key = a' = BLIND_PRIVKEY(a, alpha) = (a + alpha) mod L
blinded signing public key = A' = DERIVE_PUBLIC(a') blinded signing public key = A' = DERIVE_PUBLIC(a')
{% endhighlight %}
BLIND_PUBKEY(), for the clients retrieving the leaseset: BLIND_PUBKEY(), for the clients retrieving the leaseset:
.. raw:: html
{% highlight lang='text' %}
// BLIND_PUBKEY() // BLIND_PUBKEY()
alpha = GENERATE_ALPHA(destination, date, secret) alpha = GENERATE_ALPHA(destination, date, secret)
A = destination's signing public key A = destination's signing public key
// Addition using group elements (points on the curve) // Addition using group elements (points on the curve)
blinded public key = A' = BLIND_PUBKEY(A, alpha) = A + DERIVE_PUBLIC(alpha) blinded public key = A' = BLIND_PUBKEY(A, alpha) = A + DERIVE_PUBLIC(alpha)
{% endhighlight %}
Both methods of calculating A' yield the same result, as required. Both methods of calculating A' yield the same result, as required.