Fix sampling of DLEQ challenge #66
Assignees
Comments
|
A similar discussion is currently running in the hash-to-curve draft. In there, the hash-to-field function is being designed. |
alxdavids
added a commit
that referenced
this issue
Feb 10, 2020
- Use HKDF-Expand-SHA512 for sampling scalars in DLEQ - Fixes #66
alxdavids
added a commit
that referenced
this issue
Feb 10, 2020
- Use HKDF-Expand-SHA512 for sampling scalars in DLEQ - Fixes #66
|
@armfazh It would be good to get consensus on the best approach once the discussion is concluded. Until then I've written a PR that just uses HKDF-Expand-SHA512 instead of sampling using SHA512. |
chris-wood
pushed a commit
that referenced
this issue
Mar 2, 2020
- Use HKDF-Expand-SHA512 for sampling scalars in DLEQ - Fixes #66
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The sampling of the DLEQ challenge value (c) is currently performed as the output of a SHA-512 evaluation for all supported ciphersuites. However, in the case of P-521, this is incorrect, as the size of the field is 521 bits.
We should update the draft specification to output this challenge as the output of an HKDF-Expand so that we can expand the output arbirtarily to the required number of bytes.
The text was updated successfully, but these errors were encountered: