Note about MACs ordering

author Sergey Matveev <stargrave@stargrave.org>

Mon, 21 Apr 2025 15:41:40 +0000 (18:41 +0300)

committer Sergey Matveev <stargrave@stargrave.org>

Mon, 21 Apr 2025 15:41:40 +0000 (18:41 +0300)
author Sergey Matveev <stargrave@stargrave.org>
Mon, 21 Apr 2025 15:41:40 +0000 (18:41 +0300)
committer Sergey Matveev <stargrave@stargrave.org>
Mon, 21 Apr 2025 15:41:40 +0000 (18:41 +0300)
diff --git a/spec/cm/dem-xchapoly-krmr.texi b/spec/cm/dem-xchapoly-krmr.texi

index 989a5d3df7da199082201a012676feea0c7f35d5108dc5001e5bedfabbe7c6ed..f81264813b42bf069678c6c0c4a0a83cc9dab3d1396171953c3af1e99ab5bd54 100644 (file)
--- a/spec/cm/dem-xchapoly-krmr.texi
+++ b/spec/cm/dem-xchapoly-krmr.texi
@@ -27,6 +27,8 @@ randomised 192-bit nonce (initialisation vector) are derived from it.
  
  Nonce's lowest bit is set only if this is the last chunk we encrypting.
  
+MACs are ordered the same way as KEMs in the list.
+
  @code{/payload}'s chunk length equals to 128KiB+16+32*recipients bytes.
  
  HKDF is KDF algorithm,
author	Sergey Matveev <stargrave@stargrave.org>
	Mon, 21 Apr 2025 15:41:40 +0000 (18:41 +0300)
committer	Sergey Matveev <stargrave@stargrave.org>
	Mon, 21 Apr 2025 15:41:40 +0000 (18:41 +0300)