gitea-mirror/rosenpass
1
0
Fork 0
mirror of https://github.com/rosenpass/rosenpass.git synced 2025-12-12 07:40:30 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix(whitepaper): Incorrect parameter ordering in encaps_/decaps_and_mix

Browse Source 
Update of the figures in the white paper to come later.
This commit is contained in:
Karolin Varner
2025-08-13 17:51:55 +02:00
parent db797ff11e
commit bc6fa0d672
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
papers/whitepaper.md
View File

@@ -451,13 +451,13 @@ Rosenpass is built with KEMs, not with NIKEs (Diffie-Hellman-style operations);
```pseudorust ```pseudorust
fn encaps_and_mix<T: KEM>(pk) { fn encaps_and_mix<T: KEM>(pk) {
let (ct, shk) = T::enc(pk); let (ct, shk) = T::enc(pk);
mix(pk, ct, shk); mix(pk, shk, ct);
ct ct
} }
fn decaps_and_mix<T: KEM>(sk, pk, ct) { fn decaps_and_mix<T: KEM>(sk, pk, ct) {
let shk = T::dec(sk, ct); let shk = T::dec(sk, ct);
mix(pk, ct, shk); mix(pk, shk, ct);
} }
``` ```
@@ -936,6 +936,7 @@ Changes, in particular:
\end{quote} \end{quote}
``` ```
12. Added a section to explain and specify our incorrect implementation of HMAC-BLAKE2b. 12. Added a section to explain and specify our incorrect implementation of HMAC-BLAKE2b.
13. In `encaps_and_mix()`/`decaps_and_mix()` the whitepaper stated that public key, ciphertext, and shared key are mixed into the chaining key in that order, but the implementation used a different order: public key, shared key, and ciphertext (shared key and ciphertext are swapped). We harmonize the white paper with the implementation.
#### 2025-06-24 Specifying the `osk` used for WireGuard as a protocol extension #### 2025-06-24 Specifying the `osk` used for WireGuard as a protocol extension