Kaladaran/briar
0
0
Fork 0
mirror of https://code.briarproject.org/briar/briar.git synced 2026-02-14 11:49:04 +01:00
Code Issues Projects Releases Wiki Activity

akwizgran
2016-01-12 10:29:45 +00:00
parent 6c0f9b1ec6
commit d8436b2cf7
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
BTP.md

@@ -12,7 +12,7 @@ We use || to denote concatenation, double quotes to denote an ASCII string, int(
BTP uses the following cryptographic primitives:
* A message authentication code, MAC(k, m)
* A pseudo-random function, MAC(k, m)
* An authenticated cipher, ENC(k, n, m) and DEC(k, n, m), where n is a nonce
* A random number generator, R(n), with an output length of n bytes. R(n) must be either a true random number generator or a cryptographically secure pseudo-random number generator.
@@ -20,9 +20,9 @@ We use MAC(k, m) to define a key derivation function:
* `KDF(k, x_1, ..., x_n) == MAC(k, len(x_1) || x_1 || ... || len(x_n) || x_n)`
All keys are KEY_LEN bytes and all nonces are NONCE_LEN bytes. The output of MAC(k, m) is MAC_LEN bytes, and the output of ENC(k, n, m) is AUTH_LEN bytes longer than m. For simplicity we require that MAC_LEN == KEY_LEN.
All keys are KEY_LEN bytes and all nonces are NONCE_LEN bytes. The output of MAC(k, m) is MAC_LEN bytes. The output of ENC(k, n, m) is AUTH_LEN bytes longer than m. For simplicity we require that MAC_LEN == KEY_LEN.
> Implementation note: We propose to use keyed BLAKE2s as the message authentication code and XSalsa20/Poly1305 as the authenticated cipher. This gives KEY_LEN = MAC_LEN = 32, NONCE_LEN = 24, and AUTH_LEN = 16.
> Implementation note: We propose to use keyed BLAKE2s as the pseudo-random function and XSalsa20/Poly1305 as the authenticated cipher. This gives KEY_LEN = MAC_LEN = 32, NONCE_LEN = 24, and AUTH_LEN = 16.
### Initial state