B.5.1. Test vectors for calculate_generator with group NIST P-256

abbypan commented 2 years ago

As described in https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-10.html#name-domain-separation-requiremen

u = hash_to_field is impacted by DST.

https://www.ietf.org/archive/id/draft-irtf-cfrg-cpace-05.html

The QUUX is a fictional application named at hash_to_curve's draft: `generator_string: 1e4350616365503235365f584d443a5348412d3235365f535357555f4e555f0850617373776f7264170000000000000000000000000000000000000000000000160a41696e69746961746f720a42726573706f6e6465721034b36454cab2e7842c389f7d88ecb7df

count: 1

DST: QUUX-V01-CS02-with-P256_XMD:SHA-256_SSWUNU

=>

u: ea083a886a38ef4d15d95bd6a4b4d65620d3c57e4ed00e09fd2d67d67afd0797

generator g: 04993B46E30BA9CFC3DC2D3AE2CF9733CF03994E74383C4E1B4A92E8D6D466B321C4A642979162FBDE9E1C9A6180BD27A0594491E4C231F51006D0BF7992D07127 `

In CPace, we can use CPaceP256_XMD:SHA-256_SSWUNU as DST, the test vector in B.5.1 will become: ` generator_string: 1e4350616365503235365f584d443a5348412d3235365f535357555f4e555f0850617373776f7264170000000000000000000000000000000000000000000000160a41696e69746961746f720a42726573706f6e6465721034b36454cab2e7842c389f7d88ecb7df

count: 1

DST: CPaceP256_XMD:SHA-256_SSWUNU

=>

u: bf08bae3b88286f77d23be4a5125d31f561e61d51f515f260ed72b19f2aeacf1

generator g: 046E69443BF0FC9B58CB5EA0A454D24C444E699C32DA9A9FB23AF0C0E1299984AF324099C4C0F7BE13559F84D62FAC7ACC0B3AD47BC99499E3A744D9DEE0E7E4E1 ` And update the B.5.2, ..., B.5.7 too.

BjoernMHaase commented 1 year ago

Thank you for your input. I have just reworked this.

BjoernMHaase commented 1 year ago

Resolved

cfrg / draft-irtf-cfrg-cpace

B.5.1. Test vectors for calculate_generator with group NIST P-256 #15