Various editorial updates #275
Conversation
draft-irtf-cfrg-bbs-signatures.md
Outdated
| 8. C = Bbar * r2^ + Abar * r3^ + H_j1 * m^_j1 + ... + H_jU * m^_jU + D * c | ||
| 9. cv = calculate_challenge(Abar, Bbar, C, (i1, ..., iR), | ||
| 8. T = Abar * r3^ + Bbar * r2^ + H_j1 * m^_j1 + ... + H_jU * m^_jU | ||
| 9. T = T + D * c |
There was a problem hiding this comment.
Is this a line length issue? Also, switching the order of Abar and Bbar without switching r2 and r3 doesn't seem worth it to me :)
There was a problem hiding this comment.
Oh boy another breaking change 😅. Switched r2 with r3 in #276 (with updated fixtures)
There was a problem hiding this comment.
Is this a line length issue?
Yeap sadly
draft-irtf-cfrg-bbs-signatures.md
Outdated
| @@ -202,8 +199,8 @@ e | |||
| r | |||
| : The prime order of the G1 and G2 subgroups. | |||
|
|
|||
| P1, P2 | |||
| : points on G1 and G2 respectively. For a pairing-friendly curve, this document denotes operations in E1 and E2 in additive notation, i.e., P + Q denotes point addition and x \* P denotes scalar multiplication. Operations in GT are written in multiplicative notation, i.e., a \* b is field multiplication. | |||
| BP, BP' | |||
There was a problem hiding this comment.
Why not BP1 and BP2, the ' character might be hard to understand in the middle of the spec.
There was a problem hiding this comment.
The indent was to use the notation from pairing-friendly curves draft. But yea its hard to see. Changed to use BP1 and BP2.
draft-irtf-cfrg-bbs-signatures.md
Outdated
| @@ -538,7 +509,7 @@ Procedure: | |||
| 8. B = P1 + Q_1 * domain + H_1 * msg_1 + ... + H_L * msg_L | |||
| 9. Abar = A * r1 | |||
| 10. Bbar = B * r1 - Abar * e | |||
| 11. C = Bbar * r2 + Abar * r3 + H_j1 * m~_j1 + ... + H_jU * m~_jU | |||
| 11. T = Abar * r3 + Bbar * r2 + H_j1 * m~_j1 + ... + H_jU * m~_jU | |||
| 12. c = calculate_challenge(Abar, Bbar, C, (i1, ..., iR), | |||
There was a problem hiding this comment.
Change C to T on line 12 since it's been renamed.
draft-irtf-cfrg-bbs-signatures.md
Outdated
| @@ -202,8 +199,8 @@ e | |||
| r | |||
| : The prime order of the G1 and G2 subgroups. | |||
|
|
|||
| P1, P2 | |||
| : points on G1 and G2 respectively. For a pairing-friendly curve, this document denotes operations in E1 and E2 in additive notation, i.e., P + Q denotes point addition and x \* P denotes scalar multiplication. Operations in GT are written in multiplicative notation, i.e., a \* b is field multiplication. | |||
| BP, BP' | |||
There was a problem hiding this comment.
We don't use BP (the G1 base point) in the spec, so we can get rid of it.
There was a problem hiding this comment.
BP (renamed to BP1) is used in the PR in the description of P1 in the ciphersuite (i.e., that P1 != BP1).
Still could most likely remove it, but better be on the safe side??
|
Discussed on the WG call on the 10 of July. Will wait for reviews before resolving |
|
Discussed on the WG call of the 10th of July. Multiple approvals. Editorial updates. Merging |
Main changes:
Definitions(we are explicitly defining everything in the operation)+ couple of terminology and operation description updates