From d8436b2cf71512024fd530dac17e0b56b9ae741f Mon Sep 17 00:00:00 2001 From: akwizgran Date: Tue, 12 Jan 2016 10:29:45 +0000 Subject: [PATCH] --- BTP.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/BTP.md b/BTP.md index 597589b..9830ddd 100644 --- a/BTP.md +++ b/BTP.md @@ -12,7 +12,7 @@ We use || to denote concatenation, double quotes to denote an ASCII string, int( BTP uses the following cryptographic primitives: -* A message authentication code, MAC(k, m) +* A pseudo-random function, MAC(k, m) * An authenticated cipher, ENC(k, n, m) and DEC(k, n, m), where n is a nonce * A random number generator, R(n), with an output length of n bytes. R(n) must be either a true random number generator or a cryptographically secure pseudo-random number generator. @@ -20,9 +20,9 @@ We use MAC(k, m) to define a key derivation function: * `KDF(k, x_1, ..., x_n) == MAC(k, len(x_1) || x_1 || ... || len(x_n) || x_n)` -All keys are KEY_LEN bytes and all nonces are NONCE_LEN bytes. The output of MAC(k, m) is MAC_LEN bytes, and the output of ENC(k, n, m) is AUTH_LEN bytes longer than m. For simplicity we require that MAC_LEN == KEY_LEN. +All keys are KEY_LEN bytes and all nonces are NONCE_LEN bytes. The output of MAC(k, m) is MAC_LEN bytes. The output of ENC(k, n, m) is AUTH_LEN bytes longer than m. For simplicity we require that MAC_LEN == KEY_LEN. -> Implementation note: We propose to use keyed BLAKE2s as the message authentication code and XSalsa20/Poly1305 as the authenticated cipher. This gives KEY_LEN = MAC_LEN = 32, NONCE_LEN = 24, and AUTH_LEN = 16. +> Implementation note: We propose to use keyed BLAKE2s as the pseudo-random function and XSalsa20/Poly1305 as the authenticated cipher. This gives KEY_LEN = MAC_LEN = 32, NONCE_LEN = 24, and AUTH_LEN = 16. ### Initial state