diff options
Diffstat (limited to 'doc/source')
-rw-r--r-- | doc/source/crypto/ec25519.rst | 18 | ||||
-rw-r--r-- | doc/source/crypto/fhmqvc.rst | 14 |
2 files changed, 11 insertions, 21 deletions
diff --git a/doc/source/crypto/ec25519.rst b/doc/source/crypto/ec25519.rst index 48aadb7..caf109b 100644 --- a/doc/source/crypto/ec25519.rst +++ b/doc/source/crypto/ec25519.rst @@ -120,29 +120,23 @@ The two possible :math:`v` coordinates are: .. math:: - \begin{align} - v1 &= \texttt{0x20ae19a1b8a086b4e01edd2c7748d14c923d4d7e6d7c61b229e9c5a27eced3d9} \\ - v2 &= \texttt{0x5f51e65e475f794b1fe122d388b72eb36dc2b28192839e4dd6163a5d81312c14} - \end{align} + v1 &= \texttt{0x20ae19a1b8a086b4e01edd2c7748d14c923d4d7e6d7c61b229e9c5a27eced3d9} \\ + v2 &= \texttt{0x5f51e65e475f794b1fe122d388b72eb36dc2b28192839e4dd6163a5d81312c14} Out of :math:`(u,v_1)` and :math:`(u,v_2)`, the point :math:`(u,v_1)` has been arbitrarily chosen to be used in fastd; using the equivalence between Montgomery and twisted Edwards curves given by [BBJ+08]_ .. math:: - \begin{align} - x &= \frac{u}{v} \\ - y &= \frac{u-1}{u+1} - \end{align} + x &= \frac{u}{v} \\ + y &= \frac{u-1}{u+1} this leads to the coordinates .. math:: - \begin{align} - x &= \texttt{0x547c4350219f5e19dd26a3d6668b74346a8eb726eb2396e1228cfa397ffe6bd4} \\ - y &= \texttt{0x6666666666666666666666666666666666666666666666666666666666666658} - \end{align} + x &= \texttt{0x547c4350219f5e19dd26a3d6668b74346a8eb726eb2396e1228cfa397ffe6bd4} \\ + y &= \texttt{0x6666666666666666666666666666666666666666666666666666666666666658} which specify the generator point :math:`G` that is used by fastd's ``ec25519-fhmqvc``. Like :math:`(u,v_1)` on the Montgomery curve, the point :math:`G = (x, y)` on the twisted Edwards curve has the order diff --git a/doc/source/crypto/fhmqvc.rst b/doc/source/crypto/fhmqvc.rst index aa6f0cc..e3af6d4 100644 --- a/doc/source/crypto/fhmqvc.rst +++ b/doc/source/crypto/fhmqvc.rst @@ -75,11 +75,9 @@ following definitions for these functions: .. math:: - \begin{align} - d|e &= \text{SHA256}(Y|X|\hat{B}|\hat{A}) \\ - K_1 &= \textit{KDF}_1(\sigma,\hat{A},\hat{B},X,Y) = \text{HKDF-SHA256}(\texttt{0x00}^{32}, \sigma, \hat{A}|\hat{B}|X|Y, 32) \\ - K_2 &= \textit{KDF}_2(\sigma,\hat{A},\hat{B},X,Y) = \text{HKDF-SHA256}(K_1, \sigma, \hat{A}|\hat{B}|X|Y|\textit{method}, *) - \end{align} + d|e &= \text{SHA256}(Y|X|\hat{B}|\hat{A}) \\ + K_1 &= \textit{KDF}_1(\sigma,\hat{A},\hat{B},X,Y) = \text{HKDF-SHA256}(\texttt{0x00}^{32}, \sigma, \hat{A}|\hat{B}|X|Y, 32) \\ + K_2 &= \textit{KDF}_2(\sigma,\hat{A},\hat{B},X,Y) = \text{HKDF-SHA256}(K_1, \sigma, \hat{A}|\hat{B}|X|Y|\textit{method}, *) where :math:`V|W` designates the concatenation of the binary strings :math:`V` and :math:`W` and @@ -96,10 +94,8 @@ as .. math:: - \begin{align} - d = \bar{H}(X|Y|\hat{A}|\hat{B}) \\ - e = \bar{H}(Y|X|\hat{A}|\hat{B}) - \end{align} + d &= \bar{H}(X|Y|\hat{A}|\hat{B}) \\ + e &= \bar{H}(Y|X|\hat{A}|\hat{B}) fastd uses a single 256 bit hash :math:`\text{SHA256}(Y|X|\hat{B}|\hat{A})` instead and cuts it into two 128 bit pieces which are used as :math:`d` and :math:`e`. This optimization allows reusing the SHA256 implementation that is already used for |