Process review feedback #58

draft-dijkhuis-cfrg-hdkeys.md

@@ -243,7 +243,7 @@ The parameters of an HDK instantiation are:
   - BL-Blind-Private-Key(sk, tau, info): Outputs `sk` blinded with blinding factor `tau` and domain separation parameter `info`, both byte strings.
 - `ARKG`: An asynchronous remote key generation instantiation [I-D.draft-bradleylundberg-cfrg-arkg-02], encapsulating an asymmetric key blinding scheme instantiation `BL` and a key encapsulation mechanism `KEM`, and consisting of the functions:
   - ARKG-Derive-Public-Key(pk, info): Outputs `(pk', kh)` where `pk'` is a derived public key and `kh` is a key handle to derive the associated private key, based on an ARKG public seed `pk = (pk_kem, pk_bl)` and application-specific information `info`.
-  - ARKG-Derive-Private-Key(sk, kh, info): Outputs `sk'`, a blinded private key Scalar based on ARKG private seed `sk = (sk_kem, sk_bl)`, a key handle `kh`, and application-specific information `info`.
+  - ARKG-Derive-Private-Key(sk, kh, info): Outputs `sk'`, a blinded private key based on ARKG private seed `sk = (sk_kem, sk_bl)`, a key handle `kh`, and application-specific information `info`.
 - `HDK-Root(pk_device, seed)`: See [The HDK-Root function](#the-hdk-root-function).
 - `HDK-Derive-Remote(pk_device, (pk, sk, salt), kh)`: See [The HDK-Derive-Remote function](#the-hdk-derive-remote-function).
 - `HDK-Authenticate(sk_device, sk_hdk, reader_data)`: See [The HDK-Authenticate function](#the-hdk-authenticate-function).
@@ -467,8 +467,8 @@ The reader MUST verify the proof `device_data` using DSA-Verify with the HDK pub
 def HDK-Root(pk_device, seed):
     msg = serialize(pk_device)
     okm = expand(msg, ID || seed, Nk + Ns)
-    (_, sk') = key(okm[0:Nk])
-    pk' = EC-Add(pk_device, EC-Scalar-Base-Mult(sk'))
+    (pk_blind, sk') = key(okm[0:Nk])
+    pk' = EC-Add(pk_device, pk_blind)
     salt' = okm[Nk:]
     return (pk', sk', salt')