> On 7 May 2016, at 05:17, isis <isis@xxxxxxxxxxxxxx> wrote: > > ... > > Let `ID` be a router's identity key taken from the router microdescriptor. > In the case for relays possessing Ed25519 identity keys (c.f. Tor proposal > #220), this is a 32-byte string representing the public Ed25519 identity key. > For backwards and forwards compatibility with routers which do not possess > Ed25519 identity keys, this is a 32-byte string created via the output of > H(ID). I don't understand why we do this backwards and forwards compatibility for ID, when the proposal only works for relays with an ed25519 key in their descriptor. I'm sure I'm missing something basic - I'm still learning how to read crypto papers and specifications. > ... > The function CVPD4 does the following: > > CVPD4(y0,y1,y2,y3): > v00 = round(y0/2q) > v01 = round(y1/2q) > v02 = round(y2/2q) > v03 = round(y3/2q) > v10 = round((y0-1)/2q) > v11 = round((y1-1)/2q) > v12 = round((y2-1)/2q) > v13 = round((y3-1)/2q) > t = abs(y0 - 2q*v00) > t += abs(y1 - 2q*v01) > t += abs(y2 - 2q*v02) > t += abs(y3 - 2q*v03) > if(t < 2q): > v0 = v00 > v1 = v01 > v2 = v02 > v3 = v03 > k = 0 > else > v0 = v10 > v1 = v11 > v2 = v12 > v3 = v13 > r = 1 > return (v0-v3,v1-v3,v2-v3,k+2*v3) > > In this description, round() returns the closest integer and abs() returns the > absolute value. > Note that all computations involved in helprec operate on secret data and must > be protected against timing attacks. round() is underspecified here: does 0.5 round to 0 or 1? Or is it not possible to get answers that are exactly halfway between two integers? Tim Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP 968F094B ricochet:ekmygaiu4rzgsk6n
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev