RFC Errata
RFC 7836, "Guidelines on the Cryptographic Algorithms to Accompany the Usage of Standards GOST R 34.10-2012 and GOST R 34.11-2012", March 2016
Source of RFC: INDEPENDENTSee Also: RFC 7836 w/ inline errata
Errata ID: 6198
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Billy Brumley
Date Reported: 2020-06-03
Verifier Name: Adrian Farrel
Date Verified: 2020-07-01
Section 4.3.1 says:
KEK_VKO (x, y, UKM) is calculated using the formulas: KEK_VKO (x, y, UKM) = H_256 (K (x, y, UKM)), K (x, y, UKM) = (m/q*UKM*x mod q)*(y*P),
It should say:
KEK_VKO (x, y, UKM) is calculated using the formulas: KEK_VKO (x, y, UKM) = H_256 (K (x, y, UKM)), K (x, y, UKM) = (m/q*(UKM*x mod q))*(y*P),
Notes:
For now the original text may be interpreted in the wrong way that both multiplications inside the brackets should be performed modulo q. However, multiplication by m/q must be a simple integer multiplication, without reduction modulo q, to eliminate small subgroup component of the input elliptic curve point. The proposed text modification clarifies the correct types and order of multiplication.