akwizgran created page: BQP

2026-03-01 19:18:18 +01:00 · 2015-04-12 08:27:05 +00:00
parent 02437dc60e
commit 29535a6c5d
1 changed files with 1 additions and 1 deletions
--- a/BTP.markdown
+++ b/BTP.markdown
@@ -21,7 +21,7 @@ We use MAC(k, m) to define a key derivation function:

 All keys are KEY_LEN bytes and all nonces are NONCE_LEN bytes. The output of MAC(k, m) is MAC_LEN bytes, and the output of ENC(k, n, m) is AUTH_LEN bytes longer than m. For simplicity we require that MAC_LEN == KEY_LEN.

-> Implementation note: The current implementation uses HMAC-SHA-256 as the message authentication code and AES-256-GCM as the authenticated cipher. In the next release we propose to use keyed BLAKE2s as the message authentication code and XSalsa20/Poly1305 as the authenticated cipher. This gives KEY_LEN = 32, MAC_LEN = 32, NONCE_LEN = 24, and AUTH_LEN = 16.
+> Implementation note: The current implementation uses HMAC-SHA-256 as the message authentication code and AES-256-GCM as the authenticated cipher. In the next release we propose to use keyed BLAKE2s as the message authentication code and XSalsa20/Poly1305 as the authenticated cipher. This gives KEY_LEN = MAC_LEN = 32, NONCE_LEN = 24, and AUTH_LEN = 16.

 ### Initial state