rebuilt html and txt

draft-irtf-cfrg-vrf.html

@@ -1,4 +1,3 @@
-
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 
@@ -425,12 +424,12 @@
 <link href="#rfc.authors" rel="Chapter">
 
 
-  <meta name="generator" content="xml2rfc version 3.7.0 - https://tools.ietf.org/tools/xml2rfc" />
+  <meta name="generator" content="xml2rfc version 3.11.1 - https://tools.ietf.org/tools/xml2rfc" />
   <link rel="schema.dct" href="http://purl.org/dc/terms/" />
 
   <meta name="dct.creator" content="Goldberg, S., Reyzin, L., Papadopoulos, D., and J. Vcelak" />
-  <meta name="dct.identifier" content="urn:ietf:id:draft-irtf-cfrg-vrf-09" />
-  <meta name="dct.issued" scheme="ISO8601" content="2021-17" />
+  <meta name="dct.identifier" content="urn:ietf:id:draft-irtf-cfrg-vrf-10" />
+  <meta name="dct.issued" scheme="ISO8601" content="2021-08" />
   <meta name="dct.abstract" content="A Verifiable Random Function (VRF) is the public-key version of a keyed cryptographic hash. Only the holder of the private key can compute the hash, but anyone with public key can verify the correctness of the hash.  VRFs are useful for preventing enumeration of hash-based data structures.  This document specifies several VRF constructions that are secure in the cryptographic random oracle model. One  VRF uses RSA and the other VRF uses Elliptic Curves (EC).   " />
   <meta name="description" content="A Verifiable Random Function (VRF) is the public-key version of a keyed cryptographic hash. Only the holder of the private key can compute the hash, but anyone with public key can verify the correctness of the hash.  VRFs are useful for preventing enumeration of hash-based data structures.  This document specifies several VRF constructions that are secure in the cryptographic random oracle model. One  VRF uses RSA and the other VRF uses Elliptic Curves (EC).   " />
 
@@ -454,7 +453,7 @@
 <td class="right">L. Reyzin</td>
 </tr>
 <tr>
-<td class="left">Expires: November 18, 2021</td>
+<td class="left">Expires: May 12, 2022</td>
 <td class="right">Boston University and Algorand</td>
 </tr>
 <tr>
@@ -475,23 +474,23 @@
 </tr>
 <tr>
 <td class="left"></td>
-<td class="right">May 17, 2021</td>
+<td class="right">November 8, 2021</td>
 </tr>
 
 
     </tbody>
   </table>
 
   <p class="title">Verifiable Random Functions (VRFs)<br />
-  <span class="filename">draft-irtf-cfrg-vrf-09</span></p>
+  <span class="filename">draft-irtf-cfrg-vrf-10</span></p>
 
   <h1 id="rfc.abstract"><a href="#rfc.abstract">Abstract</a></h1>
 <p>A Verifiable Random Function (VRF) is the public-key version of a keyed cryptographic hash. Only the holder of the private key can compute the hash, but anyone with public key can verify the correctness of the hash.  VRFs are useful for preventing enumeration of hash-based data structures.  This document specifies several VRF constructions that are secure in the cryptographic random oracle model. One  VRF uses RSA and the other VRF uses Elliptic Curves (EC).  </p>
 <h1 id="rfc.status"><a href="#rfc.status">Status of This Memo</a></h1>
 <p>This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.</p>
 <p>Internet-Drafts are working documents of the Internet Engineering Task Force (IETF).  Note that other groups may also distribute working documents as Internet-Drafts.  The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.</p>
 <p>Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time.  It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."</p>
-<p>This Internet-Draft will expire on November 18, 2021.</p>
+<p>This Internet-Draft will expire on May 12, 2022.</p>
 <h1 id="rfc.copyrightnotice"><a href="#rfc.copyrightnotice">Copyright Notice</a></h1>
 <p>Copyright (c) 2021 IETF Trust and the persons identified as the document authors.  All rights reserved.</p>
 <p>This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document.  Please review these documents carefully, as they describe your rights and restrictions with respect to this document.  Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.</p>
@@ -1160,7 +1159,7 @@ <h1 id="rfc.section.5.4.4">
 <li>"INVALID", or </li>
 <li>Gamma - EC point</li>
 <li>c - integer between 0 and 2^(8n)-1 </li>
-<li>s - integer between 0 and 2^(8qLen)-1 </li>
+<li>s - integer between 0 and q-1 </li>
 </ul>
 
 <p> </p>
@@ -1171,9 +1170,10 @@ <h1 id="rfc.section.5.4.4">
 <li>let c_string = pi_string[ptLen]...pi_string[ptLen+n-1]</li>
 <li>let s_string =pi_string[ptLen+n]...pi_string[ptLen+n+qLen-1]</li>
 <li>Gamma = string_to_point(gamma_string)</li>
-<li>if Gamma = "INVALID" output "INVALID" and stop.</li>
+<li>if Gamma = "INVALID" output "INVALID" and stop</li>
 <li>c = string_to_int(c_string)</li>
 <li>s = string_to_int(s_string)</li>
+<li>if s &gt;= q output "INVALID" and stop</li>
 <li>Output Gamma, c, and s</li>
 </ol>
 
@@ -1369,6 +1369,7 @@ <h1 id="rfc.section.8">
 <li>07 - Incorporated hash-to-curve draft by reference to replace our own Elligator2 and Simple SWU. Clarified discussion of EC parameters and functions. Added a 0 octet to all hashing to enforce domain separation from hashing done inside hash-to-curve.</li>
 <li>08 - Incorporated suggestions from crypto panel review by Chloe Martindale. Changed Reyzin's affiliation. Updated references.</li>
 <li>09 - Added a note to remove the implementation page before publication.</li>
+<li>10 - Added a check in ECVRF_decode_proof to ensure that s is reduced mod q.</li>
 </ul>
 
 <p> </p>