Closes #51.
Partially addresses #34 (there are changes coming in -12).
Apply various improvements for IDPF in the base draft to VIDPF and simplify things a bit.
Merge "cs proofs" into correction words
Harmonize variable names across key generation and evaluation
Align Vidpf API closer to Idpf API in the base draft:
Rename "binder" to "nonce" and require to have fixed length
Reorder the public share and keys
Use the same method for extending a seed as for the IDPF in the base draft (borrow control bits from the seeds in order to avoid an additional AES call).
Discourage branching on secret values, including control bits and alpha on the client side.
Closes #51. Partially addresses #34 (there are changes coming in -12).
Apply various improvements for IDPF in the base draft to VIDPF and simplify things a bit.
Merge "cs proofs" into correction words
Harmonize variable names across key generation and evaluation
Align
VidpfAPI closer toIdpfAPI in the base draft:Rename "binder" to "nonce" and require to have fixed length
Reorder the public share and keys
Use the same method for extending a seed as for the IDPF in the base draft (borrow control bits from the seeds in order to avoid an additional AES call).
Discourage branching on secret values, including control bits and
alphaon the client side.