|
|
|
@ -2595,7 +2595,7 @@ The motivations for this change were as follows: |
|
|
|
a nonce as described below, as input to the KDF. Note that because |
|
|
|
$\TransmitPublic$ is included in the KDF input, being able to break the |
|
|
|
Elliptic Curve Diffie-Hellman Problem on Curve25519 (without breaking |
|
|
|
$\SymCipher$ as an authenticated encryption scheme or $\Blake{256}$ as |
|
|
|
$\SymSpecific$ as an authenticated encryption scheme or $\Blake{256}$ as |
|
|
|
a KDF) would not help to decrypt the \notesCiphertext unless |
|
|
|
$\TransmitPublic$ is known or guessed. |
|
|
|
\item The KDF also takes a public seed $\hSig$ as input. This can be modeled |
|
|
|
|
Daira Hopwood
8 years ago