I2P_Developers/i2p.www
3
0
Fork 5
Code Issues 27 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

markdown fixes

Browse Source
This commit is contained in:
zzz
2019-05-21 18:40:05 +00:00
parent 43277c1610
commit 304e69b7f4
1 changed files with 21 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
i2p2www/spec/proposals/151-ecdsa-blinding.rst
View File

@ -1,6 +1,6 @@
=========================
==================
ECDSA key blinding
=========================
==================
.. meta::
:author: orignal
:created: 2019-05-21
@ -23,11 +23,11 @@ This proposal descibes key bliding for ECDSA signature types 1, 2, 3.
Proposal
========
Works the same way as RedDSA, but everyting is in Big Endian.
Works the same way as RedDSA, but everything is in Big Endian.
Only same signature types are allowed, e.g. 1->1, 2->2, 3->3.
Definitions
~~~~~~~~~~~
-----------
B
Curve's base point
@ -36,8 +36,7 @@ L
Elliptic curve's group order. Property of curve.
DERIVE_PUBLIC(a)
Convert a private key to public, by muplitpling B over an elliptic curve
alpha
Convert a private key to public, by muplitpling B over an elliptic curve alpha
A 32-byte random number known to those who know the destination.
GENERATE_ALPHA(destination, date, secret)
@ -78,14 +77,17 @@ HKDF(salt, ikm, info, n)
Blinding Calculations
~~~~~~~~~~~~~~~~~~~~~
---------------------
A new secret alpha and blinded keys must be generated each day (UTC).
The secret alpha and the blinded keys are calculated as follows.
GENERATE_ALPHA(destination, date, secret), for all parties:
// GENERATE_ALPHA(destination, date, secret)
.. raw:: html
{% highlight lang='text' %}
// GENERATE_ALPHA(destination, date, secret)
// secret is optional, else zero-length
A = destination's signing public key
@ -97,27 +99,36 @@ GENERATE_ALPHA(destination, date, secret), for all parties:
seed = HKDF(H("I2PGenerateAlpha", keydata), datestring || secret, "i2pblinding1", 64)
// treat seed as a 64 byte big-endian value
alpha = seed mod L
{% endhighlight %}
BLIND_PRIVKEY(), for the owner publishing the leaseset:
// BLIND_PRIVKEY()
.. raw:: html
{% highlight lang='text' %}
// BLIND_PRIVKEY()
alpha = GENERATE_ALPHA(destination, date, secret)
a = destination's signing private key
// Addition using scalar arithmentic
blinded signing private key = a' = BLIND_PRIVKEY(a, alpha) = (a + alpha) mod L
blinded signing public key = A' = DERIVE_PUBLIC(a')
{% endhighlight %}
BLIND_PUBKEY(), for the clients retrieving the leaseset:
// BLIND_PUBKEY()
.. raw:: html
{% highlight lang='text' %}
// BLIND_PUBKEY()
alpha = GENERATE_ALPHA(destination, date, secret)
A = destination's signing public key
// Addition using group elements (points on the curve)
blinded public key = A' = BLIND_PUBKEY(A, alpha) = A + DERIVE_PUBLIC(alpha)
{% endhighlight %}
Both methods of calculating A' yield the same result, as required.