@@ -383,7 +383,7 @@ The proposed mechanism has two significant vulnerabilities that (in my understan
383383 configuration mistakes). The mechanism for POT leverages "Shamir's
384384 Secret Sharing" scheme <xref target =" SSS" xref >.</t >
385385
386- <t >Shamir's secret sharing base idea: A polynomial (represented by its
386+ <t >Shamir's Secret Sharing base idea: A polynomial (represented by its
387387 coefficients) of degree k is chosen as a secret by the controller. A
388388 polynomial represents a curve. A set of k+1 points on the curve define
389389 the polynomial and are thus needed to (re-)construct the polynomial.
@@ -450,17 +450,17 @@ The proposed mechanism has two significant vulnerabilities that (in my understan
450450 <t >A controller generates a first polynomial (POLY-1) of degree k
451451 and k+1 points on the polynomial, corresponding to the k+1 nodes
452452 along the path. The constant coefficient of POLY-1 is considered the
453- SECRET, which is per the definition of the SSSS algorithm < xref
454- target =" SSS" xref >. The k+1 points are used to derive the Lagrange
455- Basis Polynomials. The Lagrange Polynomial Constants (LPC) are
456- retrieved from the constant coefficients of the Lagrange Basis
457- Polynomials. Each of the k+1 nodes (including verifier) are assigned
458- a point on the polynomial i.e., shares of the SECRET. The verifier
459- is configured with the SECRET. The Controller also generates
460- coefficients (except the constant coefficient, called "RND", which
461- is changed on a per packet basis) of a second polynomial POLY-2 of
462- the same degree. Each node is configured with the LPC of POLY-2.
463- Note that POLY-2 is public.</t >
453+ SECRET, which is per the definition of the Shamir's Secret Sharing
454+ algorithm < xref target =" SSS" xref >. The k+1 points are used to
455+ derive the Lagrange Basis Polynomials. The Lagrange Polynomial
456+ Constants (LPC) are retrieved from the constant coefficients of the
457+ Lagrange Basis Polynomials. Each of the k+1 nodes (including
458+ verifier) are assigned a point on the polynomial i.e., shares of the
459+ SECRET. The verifier is configured with the SECRET. The Controller
460+ also generates coefficients (except the constant coefficient, called
461+ "RND", which is changed on a per packet basis) of a second
462+ polynomial POLY-2 of the same degree. Each node is configured with
463+ the LPC of POLY-2. Note that POLY-2 is public.</t >
464464 </section >
465465
466466 <section title =" In Transit"
@@ -883,9 +883,8 @@ The proposed mechanism has two significant vulnerabilities that (in my understan
883883 number, etc.) and communicate the associated values (i.e. prime number,
884884 secret-share, LPC, etc.) to the nodes. The sum of all parameters for a
885885 specific node is referred to as "POT-Profile". For details see the YANG
886- model in <xref target =" YANG" xref >.This document does not define a
887- specific protocol to be used between Controller and nodes. It only
888- defines the procedures and the associated YANG data model.</t >
886+ model in <xref target =" YANG" xref >. This document defines the
887+ procedures and the associated YANG data model.</t >
889888
890889 <section anchor =" Procedure" title =" Procedure"
891890 <t >The Controller creates new POT-Profiles at a constant rate and
@@ -1264,7 +1263,7 @@ module ietf-pot-profile {
12641263
12651264 <section title =" Proof of Transit"
12661265 <t >Proof of correctness and security of the solution approach is per
1267- Shamir’ s Secret Sharing Scheme <xref target =" SSS" xref >.
1266+ Shamir' s Secret Sharing Scheme <xref target =" SSS" xref >.
12681267 Cryptographically speaking it achieves information-theoretic security
12691268 i.e., it cannot be broken by an attacker even with unlimited computing
12701269 power. As long as the below conditions are met it is impossible for an
@@ -1445,7 +1444,7 @@ module ietf-pot-profile {
14451444 need to be securely verified.</t >
14461445
14471446 <section title =" Node Ordering"
1448- <t >POT using Shamir's secret sharing scheme as discussed in this
1447+ <t >POT using Shamir's Secret Sharing scheme as discussed in this
14491448 document provides for a means to verify that a set of nodes has been
14501449 visited by a data packet. It does not verify the order in which the
14511450 data packet visited the nodes.</t >
@@ -1494,8 +1493,8 @@ module ietf-pot-profile {
14941493 <section title =" Acknowledgements"
14951494 <t >The authors would like to thank Eric Vyncke, Nalini Elkins, Srihari
14961495 Raghavan, Ranganathan T S, Karthik Babu Harichandra Babu, Akshaya
1497- Nadahalli, Erik Nordmark, Andrew Yourtchenko, Tom Petch and Mohamed
1498- Boucadair for the comments and advice.</t >
1496+ Nadahalli, Erik Nordmark, Andrew Yourtchenko, Tom Petch, Mohamed
1497+ Boucadair and Dhruv Dhody for the comments and advice.</t >
14991498 </section >
15001499
15011500 <section title =" Contributors"
@@ -1565,8 +1564,6 @@ module ietf-pot-profile {
15651564
15661565 &RFC3688;
15671566
1568- &RFC6020;
1569-
15701567 &RFC7665;
15711568
15721569 &RFC7950;
@@ -1579,15 +1576,16 @@ module ietf-pot-profile {
15791576
15801577 &I-D.ietf-sfc-ioam-nsh;
15811578
1582- <reference anchor =" SSS"
1583- target =" https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing"
1579+ <reference anchor =" SSS"
15841580 <front >
1585- <title >Shamir's Secret Sharing </title >
1581+ <title >How to share a secret </title >
15861582
1587- <author fullname =" Wikipedia " author >
1583+ <author fullname =" Shamir, A. " author >
15881584
1589- <date />
1585+ <date year = " 1979 " />
15901586 </front >
1587+
1588+ <seriesInfo name =" " value =" Communications of the ACM (22): 612-613"
15911589 </reference >
15921590 </references >
15931591
0 commit comments