Script updating gh-pages from 191658f. [ci skip]

cfrg · Jan 19, 2024 · 6315dbe · 6315dbe
1 parent 0515b6a
commit 6315dbe
Show file tree

Hide file tree

Showing 2 changed files with 73 additions and 57 deletions.
diff --git a/draft-irtf-cfrg-cpace.html b/draft-irtf-cfrg-cpace.html
@@ -1358,7 +1358,7 @@ <h2 id="name-copyright-notice">
                     <p id="section-toc.1-1.14.2.1.2.6.1"><a href="#appendix-B.1.6" class="auto internal xref">B.1.6</a>.  <a href="#name-test-vector-for-isk-calculat" class="internal xref">Test vector for ISK calculation parallel execution</a></p>
 </li>
                   <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.14.2.1.2.7">
-                    <p id="section-toc.1-1.14.2.1.2.7.1"><a href="#appendix-B.1.7" class="auto internal xref">B.1.7</a>.  <a href="#name-corresponding-ansi-c-initia" class="internal xref">Corresponding ANSI-C initializers</a></p>
+                    <p id="section-toc.1-1.14.2.1.2.7.1"><a href="#appendix-B.1.7" class="auto internal xref">B.1.7</a>.  <a href="#name-corresponding-c-programming" class="internal xref">Corresponding C programming language initializers</a></p>
 </li>
                   <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.14.2.1.2.8">
                     <p id="section-toc.1-1.14.2.1.2.8.1"><a href="#appendix-B.1.8" class="auto internal xref">B.1.8</a>.  <a href="#name-test-vectors-for-g_x25519sc" class="internal xref">Test vectors for G_X25519.scalar_mult_vfy: low order points</a></p>
@@ -1387,7 +1387,7 @@ <h2 id="name-copyright-notice">
                     <p id="section-toc.1-1.14.2.2.2.6.1"><a href="#appendix-B.2.6" class="auto internal xref">B.2.6</a>.  <a href="#name-test-vector-for-isk-calculatio" class="internal xref">Test vector for ISK calculation parallel execution</a></p>
 </li>
                   <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.14.2.2.2.7">
-                    <p id="section-toc.1-1.14.2.2.2.7.1"><a href="#appendix-B.2.7" class="auto internal xref">B.2.7</a>.  <a href="#name-corresponding-ansi-c-initial" class="internal xref">Corresponding ANSI-C initializers</a></p>
+                    <p id="section-toc.1-1.14.2.2.2.7.1"><a href="#appendix-B.2.7" class="auto internal xref">B.2.7</a>.  <a href="#name-corresponding-c-programming-" class="internal xref">Corresponding C programming language initializers</a></p>
 </li>
                   <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.14.2.2.2.8">
                     <p id="section-toc.1-1.14.2.2.2.8.1"><a href="#appendix-B.2.8" class="auto internal xref">B.2.8</a>.  <a href="#name-test-vectors-for-g_x448scal" class="internal xref">Test vectors for G_X448.scalar_mult_vfy: low order points</a></p>
@@ -1416,7 +1416,7 @@ <h2 id="name-copyright-notice">
                     <p id="section-toc.1-1.14.2.3.2.6.1"><a href="#appendix-B.3.6" class="auto internal xref">B.3.6</a>.  <a href="#name-test-vector-for-isk-calculation-" class="internal xref">Test vector for ISK calculation parallel execution</a></p>
 </li>
                   <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.14.2.3.2.7">
-                    <p id="section-toc.1-1.14.2.3.2.7.1"><a href="#appendix-B.3.7" class="auto internal xref">B.3.7</a>.  <a href="#name-corresponding-ansi-c-initiali" class="internal xref">Corresponding ANSI-C initializers</a></p>
+                    <p id="section-toc.1-1.14.2.3.2.7.1"><a href="#appendix-B.3.7" class="auto internal xref">B.3.7</a>.  <a href="#name-corresponding-c-programming-l" class="internal xref">Corresponding C programming language initializers</a></p>
 </li>
                   <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.14.2.3.2.8">
                     <p id="section-toc.1-1.14.2.3.2.8.1"><a href="#appendix-B.3.8" class="auto internal xref">B.3.8</a>.  <a href="#name-test-case-for-scalar_mult-w" class="internal xref">Test case for scalar_mult with valid inputs</a></p>
@@ -1448,7 +1448,7 @@ <h2 id="name-copyright-notice">
                     <p id="section-toc.1-1.14.2.4.2.6.1"><a href="#appendix-B.4.6" class="auto internal xref">B.4.6</a>.  <a href="#name-test-vector-for-isk-calculation-p" class="internal xref">Test vector for ISK calculation parallel execution</a></p>
 </li>
                   <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.14.2.4.2.7">
-                    <p id="section-toc.1-1.14.2.4.2.7.1"><a href="#appendix-B.4.7" class="auto internal xref">B.4.7</a>.  <a href="#name-corresponding-ansi-c-initializ" class="internal xref">Corresponding ANSI-C initializers</a></p>
+                    <p id="section-toc.1-1.14.2.4.2.7.1"><a href="#appendix-B.4.7" class="auto internal xref">B.4.7</a>.  <a href="#name-corresponding-c-programming-la" class="internal xref">Corresponding C programming language initializers</a></p>
 </li>
                   <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.14.2.4.2.8">
                     <p id="section-toc.1-1.14.2.4.2.8.1"><a href="#appendix-B.4.8" class="auto internal xref">B.4.8</a>.  <a href="#name-test-case-for-scalar_mult-wi" class="internal xref">Test case for scalar_mult with valid inputs</a></p>
@@ -1480,7 +1480,7 @@ <h2 id="name-copyright-notice">
                     <p id="section-toc.1-1.14.2.5.2.6.1"><a href="#appendix-B.5.6" class="auto internal xref">B.5.6</a>.  <a href="#name-test-vector-for-isk-calculation-pa" class="internal xref">Test vector for ISK calculation parallel execution</a></p>
 </li>
                   <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.14.2.5.2.7">
-                    <p id="section-toc.1-1.14.2.5.2.7.1"><a href="#appendix-B.5.7" class="auto internal xref">B.5.7</a>.  <a href="#name-corresponding-ansi-c-initialize" class="internal xref">Corresponding ANSI-C initializers</a></p>
+                    <p id="section-toc.1-1.14.2.5.2.7.1"><a href="#appendix-B.5.7" class="auto internal xref">B.5.7</a>.  <a href="#name-corresponding-c-programming-lan" class="internal xref">Corresponding C programming language initializers</a></p>
 </li>
                   <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.14.2.5.2.8">
                     <p id="section-toc.1-1.14.2.5.2.8.1"><a href="#appendix-B.5.8" class="auto internal xref">B.5.8</a>.  <a href="#name-test-case-for-scalar_mult_v" class="internal xref">Test case for scalar_mult_vfy with correct inputs</a></p>
@@ -1512,7 +1512,7 @@ <h2 id="name-copyright-notice">
                     <p id="section-toc.1-1.14.2.6.2.6.1"><a href="#appendix-B.6.6" class="auto internal xref">B.6.6</a>.  <a href="#name-test-vector-for-isk-calculation-par" class="internal xref">Test vector for ISK calculation parallel execution</a></p>
 </li>
                   <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.14.2.6.2.7">
-                    <p id="section-toc.1-1.14.2.6.2.7.1"><a href="#appendix-B.6.7" class="auto internal xref">B.6.7</a>.  <a href="#name-corresponding-ansi-c-initializer" class="internal xref">Corresponding ANSI-C initializers</a></p>
+                    <p id="section-toc.1-1.14.2.6.2.7.1"><a href="#appendix-B.6.7" class="auto internal xref">B.6.7</a>.  <a href="#name-corresponding-c-programming-lang" class="internal xref">Corresponding C programming language initializers</a></p>
 </li>
                   <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.14.2.6.2.8">
                     <p id="section-toc.1-1.14.2.6.2.8.1"><a href="#appendix-B.6.8" class="auto internal xref">B.6.8</a>.  <a href="#name-test-case-for-scalar_mult_vf" class="internal xref">Test case for scalar_mult_vfy with correct inputs</a></p>
@@ -1544,7 +1544,7 @@ <h2 id="name-copyright-notice">
                     <p id="section-toc.1-1.14.2.7.2.6.1"><a href="#appendix-B.7.6" class="auto internal xref">B.7.6</a>.  <a href="#name-test-vector-for-isk-calculation-par-2" class="internal xref">Test vector for ISK calculation parallel execution</a></p>
 </li>
                   <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.14.2.7.2.7">
-                    <p id="section-toc.1-1.14.2.7.2.7.1"><a href="#appendix-B.7.7" class="auto internal xref">B.7.7</a>.  <a href="#name-corresponding-ansi-c-initializers" class="internal xref">Corresponding ANSI-C initializers</a></p>
+                    <p id="section-toc.1-1.14.2.7.2.7.1"><a href="#appendix-B.7.7" class="auto internal xref">B.7.7</a>.  <a href="#name-corresponding-c-programming-langu" class="internal xref">Corresponding C programming language initializers</a></p>
 </li>
                   <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.14.2.7.2.8">
                     <p id="section-toc.1-1.14.2.7.2.8.1"><a href="#appendix-B.7.8" class="auto internal xref">B.7.8</a>.  <a href="#name-test-case-for-scalar_mult_vfy" class="internal xref">Test case for scalar_mult_vfy with correct inputs</a></p>
@@ -2417,7 +2417,7 @@ <h3 id="name-key-confirmation">
         <h3 id="name-sampling-of-scalars">
 <a href="#section-9.5" class="section-number selfRef">9.5. </a><a href="#name-sampling-of-scalars" class="section-name selfRef">Sampling of scalars</a>
         </h3>
-<p id="section-9.5-1">For curves over fields F_p where p is a prime close to a power of two, we recommend sampling scalars as a uniform bit string of length field_size_bits. We do so in order to reduce both, complexity of the implementation and the attack surface
+<p id="section-9.5-1">For curves over fields F_q where q is a prime close to a power of two, we recommend sampling scalars as a uniform bit string of length field_size_bits. We do so in order to reduce both, complexity of the implementation and the attack surface
 with respect to side-channels for embedded systems in hostile environments.
 The effect of non-uniform sampling on security was demonstrated to be begnin in <span>[<a href="#AHH21" class="cite xref">AHH21</a>]</span> for the case of Curve25519 and Curve448.
 This analysis however does not transfer to most curves in Short-Weierstrass form. As a result, we recommend rejection sampling if G is as in <a href="#CPaceWeierstrass" class="auto internal xref">Section 7.4</a>.<a href="#section-9.5-1" class="pilcrow">¶</a></p>
@@ -2469,13 +2469,18 @@ <h3 id="name-side-channel-attacks">
 <a href="#section-9.8" class="section-number selfRef">9.8. </a><a href="#name-side-channel-attacks" class="section-name selfRef">Side channel attacks</a>
         </h3>
 <p id="section-9.8-1">All state-of-the art methods for realizing constant-time execution SHOULD be used.
-In case that side channel attacks are to be considered practical for a given application, it is RECOMMENDED to pay special
-attention on computing
-the secret generator G.calculate_generator(PRS,CI,sid).
+Special care is RECOMMENDED specifically for elliptic curves in Short-Weierstrass form
+as important standard documents including <span>[<a href="#IEEE1363" class="cite xref">IEEE1363</a>]</span> describe curve operations with
+non-constant-time algorithms.<a href="#section-9.8-1" class="pilcrow">¶</a></p>
+<p id="section-9.8-2">In case that side channel attacks are to be considered practical for a given application, it is RECOMMENDED to pay special
+attention on computing the secret generator G.calculate_generator(PRS,CI,sid).
 The most critical substep to consider might be the processing of the first block of the hash that includes
 the PRS string.
 The zero-padding introduced when hashing the sensitive PRS string can be expected to make
-the task for a side-channel attack somewhat more complex. Still this feature alone is not sufficient for ruling out power analysis attacks.<a href="#section-9.8-1" class="pilcrow">¶</a></p>
+the task for a side-channel attack somewhat more complex. Still this feature alone is not sufficient for ruling out power analysis attacks.<a href="#section-9.8-2" class="pilcrow">¶</a></p>
+<p id="section-9.8-3">Even though the calculate_generator operation might be considered to form the primary target for side-channel attacks as information on long-term secrets might be exposed,
+also the subsequent operations on ephemeral values, such as scalar
+sampling and scalar multiplication should be protected from side-channels.<a href="#section-9.8-3" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="quantum-computers">
@@ -3053,10 +3058,10 @@ <h4 id="name-test-vector-for-isk-calculat">
 </div>
 </section>
 </div>
-<div id="corresponding-ansi-c-initializers">
+<div id="corresponding-c-programming-language-initializers">
 <section id="appendix-B.1.7">
-          <h4 id="name-corresponding-ansi-c-initia">
-<a href="#appendix-B.1.7" class="section-number selfRef">B.1.7. </a><a href="#name-corresponding-ansi-c-initia" class="section-name selfRef">Corresponding ANSI-C initializers</a>
+          <h4 id="name-corresponding-c-programming">
+<a href="#appendix-B.1.7" class="section-number selfRef">B.1.7. </a><a href="#name-corresponding-c-programming" class="section-name selfRef">Corresponding C programming language initializers</a>
           </h4>
 <div class="alignLeft art-text artwork" id="appendix-B.1.7-1">
 <pre>
@@ -3345,10 +3350,10 @@ <h4 id="name-test-vector-for-isk-calculatio">
 </div>
 </section>
 </div>
-<div id="corresponding-ansi-c-initializers-1">
+<div id="corresponding-c-programming-language-initializers-1">
 <section id="appendix-B.2.7">
-          <h4 id="name-corresponding-ansi-c-initial">
-<a href="#appendix-B.2.7" class="section-number selfRef">B.2.7. </a><a href="#name-corresponding-ansi-c-initial" class="section-name selfRef">Corresponding ANSI-C initializers</a>
+          <h4 id="name-corresponding-c-programming-">
+<a href="#appendix-B.2.7" class="section-number selfRef">B.2.7. </a><a href="#name-corresponding-c-programming-" class="section-name selfRef">Corresponding C programming language initializers</a>
           </h4>
 <div class="alignLeft art-text artwork" id="appendix-B.2.7-1">
 <pre>
@@ -3677,10 +3682,10 @@ <h4 id="name-test-vector-for-isk-calculation-">
 </div>
 </section>
 </div>
-<div id="corresponding-ansi-c-initializers-2">
+<div id="corresponding-c-programming-language-initializers-2">
 <section id="appendix-B.3.7">
-          <h4 id="name-corresponding-ansi-c-initiali">
-<a href="#appendix-B.3.7" class="section-number selfRef">B.3.7. </a><a href="#name-corresponding-ansi-c-initiali" class="section-name selfRef">Corresponding ANSI-C initializers</a>
+          <h4 id="name-corresponding-c-programming-l">
+<a href="#appendix-B.3.7" class="section-number selfRef">B.3.7. </a><a href="#name-corresponding-c-programming-l" class="section-name selfRef">Corresponding C programming language initializers</a>
           </h4>
 <div class="alignLeft art-text artwork" id="appendix-B.3.7-1">
 <pre>
@@ -3968,10 +3973,10 @@ <h4 id="name-test-vector-for-isk-calculation-p">
 </div>
 </section>
 </div>
-<div id="corresponding-ansi-c-initializers-3">
+<div id="corresponding-c-programming-language-initializers-3">
 <section id="appendix-B.4.7">
-          <h4 id="name-corresponding-ansi-c-initializ">
-<a href="#appendix-B.4.7" class="section-number selfRef">B.4.7. </a><a href="#name-corresponding-ansi-c-initializ" class="section-name selfRef">Corresponding ANSI-C initializers</a>
+          <h4 id="name-corresponding-c-programming-la">
+<a href="#appendix-B.4.7" class="section-number selfRef">B.4.7. </a><a href="#name-corresponding-c-programming-la" class="section-name selfRef">Corresponding C programming language initializers</a>
           </h4>
 <div class="alignLeft art-text artwork" id="appendix-B.4.7-1">
 <pre>
@@ -4282,10 +4287,10 @@ <h4 id="name-test-vector-for-isk-calculation-pa">
 </div>
 </section>
 </div>
-<div id="corresponding-ansi-c-initializers-4">
+<div id="corresponding-c-programming-language-initializers-4">
 <section id="appendix-B.5.7">
-          <h4 id="name-corresponding-ansi-c-initialize">
-<a href="#appendix-B.5.7" class="section-number selfRef">B.5.7. </a><a href="#name-corresponding-ansi-c-initialize" class="section-name selfRef">Corresponding ANSI-C initializers</a>
+          <h4 id="name-corresponding-c-programming-lan">
+<a href="#appendix-B.5.7" class="section-number selfRef">B.5.7. </a><a href="#name-corresponding-c-programming-lan" class="section-name selfRef">Corresponding C programming language initializers</a>
           </h4>
 <div class="alignLeft art-text artwork" id="appendix-B.5.7-1">
 <pre>
@@ -4608,10 +4613,10 @@ <h4 id="name-test-vector-for-isk-calculation-par">
 </div>
 </section>
 </div>
-<div id="corresponding-ansi-c-initializers-5">
+<div id="corresponding-c-programming-language-initializers-5">
 <section id="appendix-B.6.7">
-          <h4 id="name-corresponding-ansi-c-initializer">
-<a href="#appendix-B.6.7" class="section-number selfRef">B.6.7. </a><a href="#name-corresponding-ansi-c-initializer" class="section-name selfRef">Corresponding ANSI-C initializers</a>
+          <h4 id="name-corresponding-c-programming-lang">
+<a href="#appendix-B.6.7" class="section-number selfRef">B.6.7. </a><a href="#name-corresponding-c-programming-lang" class="section-name selfRef">Corresponding C programming language initializers</a>
           </h4>
 <div class="alignLeft art-text artwork" id="appendix-B.6.7-1">
 <pre>
@@ -4976,10 +4981,10 @@ <h4 id="name-test-vector-for-isk-calculation-par-2">
 </div>
 </section>
 </div>
-<div id="corresponding-ansi-c-initializers-6">
+<div id="corresponding-c-programming-language-initializers-6">
 <section id="appendix-B.7.7">
-          <h4 id="name-corresponding-ansi-c-initializers">
-<a href="#appendix-B.7.7" class="section-number selfRef">B.7.7. </a><a href="#name-corresponding-ansi-c-initializers" class="section-name selfRef">Corresponding ANSI-C initializers</a>
+          <h4 id="name-corresponding-c-programming-langu">
+<a href="#appendix-B.7.7" class="section-number selfRef">B.7.7. </a><a href="#name-corresponding-c-programming-langu" class="section-name selfRef">Corresponding C programming language initializers</a>
           </h4>
 <div class="alignLeft art-text artwork" id="appendix-B.7.7-1">
 <pre>