Skip to content

Commit

Permalink
vrf: added xC2xyC to deal with diff encoding for P256 and 25519
Browse files Browse the repository at this point in the history
this affects the design of ECVRF_hash2curve()
  • Loading branch information
goldbe80 committed Jun 7, 2017
1 parent 1a0bc30 commit a44dcb4
Showing 1 changed file with 21 additions and 6 deletions.
27 changes: 21 additions & 6 deletions vrf.xml
Original file line number Diff line number Diff line change
Expand Up @@ -557,13 +557,21 @@
<t>p^k - EC point multiplication</t>
<t>p1*p2 - EC point addition</t>
<t>h[i] - the i'th octet of octet string h</t>
<t>ECP2OS - EC point to octet string conversion with point compression</t>
<t>OS2ECP - octet string to EC point conversion with point compression.
OS2ECP returns INVALID if the octet string does not convert to a valid EC point.</t>
<t>I2OSP - nonnegative integer conversion to octet string as defined in
Section 4.1 of <xref target="RFC8017" /></t>
<t> OS2IP - Coversion of an octet string to a nonnegative integer as defined in
Section 4.2 of <xref target="RFC8017" /></t>
<t>ECP2OS - conversion of EC point with point compression to octet string
as specified in <xref target="suites"/></t>
<t>OS2ECP - conversion of octet string to EC point with point compression
as specified in <xref target="suites"/>.
OS2ECP returns INVALID if the octet string does not convert to a valid EC point.</t>
<t>xC2xyC - conversion from octet string representation of
x-coordinate of EC point to octet string representation of an
EC point with point compression
as specified in <xref target="suites"/>.
[NOTE: SHARON JUST MADE THIS UP! IS THERE A STANDARD NAME/API FOR THIS?]
</t>
</list>
</t>

Expand Down Expand Up @@ -727,8 +735,7 @@
<list style="letters">
<t>CTR = I2OSP(ctr, 4)</t>
<t>attempted_hash = Hash(alpha || pk || CTR)</t>
<t>p = 0x02 || attempted_hash
<cref source="sharon">FIX: This step is specific to P256 encoding.</cref></t>
<t>p = xC2xyC(attempted_hash)</t>
<t>h = OS2ECP(p)</t>
<t>If h is not equal to "INVALID" and cofactor>1,
set h = h^cofactor</t>
Expand All @@ -751,7 +758,8 @@
of Hash is 2n, and the number of field elements in F is no less
than 2^(2n-1), this happens with probability at least 1/2.
In step C, one of the two possible y-coordinates for p
is chosen deterministically.
is chosen deterministically using xC2xyC as specified in
<xref target="suites"/>.
Once a valid EC point h is found, it is raised
to the power of cofactor to ensure that the result is in G
(rather than just on the elliptic curve E).
Expand Down Expand Up @@ -869,6 +877,9 @@
<t> OS2ECP is specified in Section 2.3.4 of <xref target="SECG1" />.
</t>

<t> xC2xyC(h) takes in a 32-octet string h and
returns a 33-octet string 0x02 || h </t>

<t>
The hash function Hash is SHA-256 as specified in <xref target="RFC6234"/>.
</t>
Expand Down Expand Up @@ -900,6 +911,10 @@
<cref source="Sharon">need to confirm that os2ecp outputs INVALID
(or something like that) if conversion fails!!</cref>
</t>

<t> xC2xyC(h) takes in a 32-octet string h and
returns a 32-octet string h.</t>

<t>
The hash function Hash is SHA-256 as specified in <xref target="RFC6234"/>.
</t>
Expand Down

0 comments on commit a44dcb4

Please sign in to comment.