Spec & code disagree on construction of "H" #31
Comments
ahdinosaur
added a commit
to ahdinosaur/secret-handshake-paper
that referenced
this issue
Nov 30, 2023
The paper defines: `H = Ap | sign{A}(K|Bp|hash(a · b))` (p.11)
The reference implementation concatenates A's public key (Ap) at the _end_.
This changes the paper to match the reference implementation.
Fixes auditdrivencrypto/secret-handshake#31
ahdinosaur
added a commit
to ahdinosaur/secret-handshake-paper
that referenced
this issue
Nov 30, 2023
The paper defines: `H = Ap | sign{A}(K|Bp|hash(a · b))` (p.11)
The reference implementation concatenates A's public key (Ap) at the _end_.
This changes the paper to match the reference implementation.
Fixes auditdrivencrypto/secret-handshake#31
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm implementing SHS in C++ by following the spec/paper, but I'm also looking at the JS code here and the C code in shs1-c. I just noticed a discrepancy:
H = Ap | sign{A}(K|Bp|hash(a · b))(p.11)shs1.cconcatenates A's public key (Ap) at the end:secret-handshake/crypto.js
Line 128 in 7a465d1
Obviously one is not better than the other. But as the latter is what's actually in use, it would be a good idea to update the actual spec to match. (And a footnote could be added to mention the already-known discrepancy in the server challenge, i.e. #7.)
The text was updated successfully, but these errors were encountered: