From: Rudolf Polzer Date: Fri, 17 Sep 2010 06:45:04 +0000 (+0200) Subject: also describe the signature protocol X-Git-Tag: xonotic-v0.1.0preview~7 X-Git-Url: https://git.rm.cloudns.org/?a=commitdiff_plain;h=27202f34f5cbf844ba0bbbec3ad338bcbdffaa61;p=xonotic%2Fd0_blind_id.git also describe the signature protocol --- diff --git a/d0_blind_id.txt b/d0_blind_id.txt index a469118..7d33aaf 100644 --- a/d0_blind_id.txt +++ b/d0_blind_id.txt @@ -80,7 +80,7 @@ Authentication protocol: "verify": - Server receives y and g^t - Server calculates z = g^y S^-c - - Server calculates x' = h("z || m || z") + - Server calculates x' = h("z || g^t || m || z || g^t") - Server verifies x == x' - Server calculates K = (g^t)^T @@ -93,6 +93,20 @@ the same values on both sides only if the Schnorr identification scheme succeeds. If the protocol succeeds, the authenticity of m has been verified too. +Signature protocol: + Client provides a message m that is to be signed as part of the protocol + "start": + - Client sends S, H if this is the first round of the protocol + - Client generates r in [0, |G|[ at random + - Client sends c = h("m || g^r") + - Client sends y = r + s * c + - Client sends m in plain + "verify": + - Server receives c, y, and m + - Server calculates z = g^y S^-c + - Server calculates c' = h("m || z") + - Server verifies c == c' + Low level protocol: