From: Rudolf Polzer Date: Fri, 11 Mar 2011 21:23:12 +0000 (+0100) Subject: in the .txt, actually explain the current "default" protocol (fix signs) X-Git-Tag: xonotic-v0.5.0~8 X-Git-Url: https://git.rm.cloudns.org/?a=commitdiff_plain;h=2897326c90ac5ee5a65ed1a936bdef9866a6230a;p=xonotic%2Fd0_blind_id.git in the .txt, actually explain the current "default" protocol (fix signs) --- diff --git a/d0_blind_id.txt b/d0_blind_id.txt index 7d33aaf..deb008a 100644 --- a/d0_blind_id.txt +++ b/d0_blind_id.txt @@ -74,12 +74,12 @@ Authentication protocol: "response": - Client receives c and g^T - Client verifies that the received values are in the allowed ranges - - Client sends y = r + s * c mod |G| + - Client sends y = r - s * c mod |G| - Client sends g^t - Client calculates K = (g^T)^t "verify": - Server receives y and g^t - - Server calculates z = g^y S^-c + - Server calculates z = g^y S^c - Server calculates x' = h("z || g^t || m || z || g^t") - Server verifies x == x' - Server calculates K = (g^t)^T @@ -99,11 +99,11 @@ Signature protocol: - Client sends S, H if this is the first round of the protocol - Client generates r in [0, |G|[ at random - Client sends c = h("m || g^r") - - Client sends y = r + s * c + - Client sends y = r - s * c - Client sends m in plain "verify": - Server receives c, y, and m - - Server calculates z = g^y S^-c + - Server calculates z = g^y S^c - Server calculates c' = h("m || z") - Server verifies c == c'