doc: Use canonical spelling of BLAKE2(b)

Spelling according to Jean-Philippe Aumasson, Samuel Neves, Zooko
Wilcox-O’Hearn, Christian Winnerlein. "BLAKE2: Simpler, Smaller, Fast as
MD5." ACNS 2013. Lecture Notes in Computer Science, vol 7954,
and also https://twitter.com/veorq/status/1396728032883322884

diff --git a/AUTHORS.md b/AUTHORS.md
index 91394d010f6b8c1e2b4154d0a21706be3975c8ba..343aa1d968e558324e53ea6dda037c03dc5f9108 100644 (file)
--- a/AUTHORS.md
+++ b/AUTHORS.md
@@ -3,7 +3,7 @@ Designers
 
 - **ChaCha20:** Daniel J. Bernstein.
 - **Poly1305:** Daniel J. Bernstein.
-- **Blake2:**   Jean-Philippe Aumasson, Christian Winnerlein, Samuel Neves,
+- **BLAKE2:**   Jean-Philippe Aumasson, Christian Winnerlein, Samuel Neves,
                 and Zooko Wilcox-O'Hearn
 - **Argon2:**   Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich
 - **X25519:**   Daniel J. Bernstein
@@ -15,7 +15,7 @@ Implementors
 
 - **ChaCha20:** Loup Vaillant, implemented from spec.
 - **Poly1305:** Loup Vaillant, implemented from spec.
-- **Blake2b:**  Loup Vaillant, implemented from spec.
+- **BLAKE2b:**  Loup Vaillant, implemented from spec.
 - **Argon2i:**  Loup Vaillant, implemented from spec.
 - **X25519:**   Daniel J. Bernstein, taken and packaged from SUPERCOP
                 ref10.

diff --git a/README.md b/README.md
index 1b1356930aeeb486349d3e015d70b99c22a8c447..5ef3106a1831d4fdb308f137e8c44a4ec0d31004 100644 (file)
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ Features
 
 - [Authenticated Encryption][AEAD] with XChaCha20 and Poly1305
   (RFC 8439).
-- [Hashing][HASH] with Blake2b.
+- [Hashing][HASH] with BLAKE2b.
 - [Password Hashing][PWH] with Argon2i.
 - [Public Key Cryptography][PKC] with X25519 (key exchange).
 - [Public Key Signatures][PKS] with EdDSA (RFC 8032) and Ed25519.
@@ -206,7 +206,7 @@ is activated by compiling monocypher.c with the `-DBLAKE2_NO_UNROLLING`
 option.
 
 The `-DBLAKE2_NO_UNROLLING` option is a performance tweak.  By default,
-Monocypher unrolls the Blake2b inner loop, because doing so is over 25%
+Monocypher unrolls the BLAKE2b inner loop, because doing so is over 25%
 faster on modern processors.  Some embedded processors however, run the
 unrolled loop _slower_ (possibly because of the cost of fetching 5KB of
 additional code).  If you're using an embedded platform, try this

diff --git a/doc/man/man3/advanced/crypto_chacha20.3monocypher b/doc/man/man3/advanced/crypto_chacha20.3monocypher
index bcfd03fa717eacfe6c654739be76494a3ced45ec..af75913014bf569b66609f0644496df46eb48d83 100644 (file)
--- a/doc/man/man3/advanced/crypto_chacha20.3monocypher
+++ b/doc/man/man3/advanced/crypto_chacha20.3monocypher
@@ -357,7 +357,7 @@ that were deprecated in Monocypher 3.0.0.
 ChaCha20 only protects against eavesdropping, not forgeries.
 Most applications need protection against forgeries to be properly
 secure.
-To ensure the integrity of a message, use Blake2b in keyed mode, or
+To ensure the integrity of a message, use BLAKE2b in keyed mode, or
 authenticated encryption; see
 .Xr crypto_blake2b 3monocypher
 and

diff --git a/doc/man/man3/advanced/crypto_poly1305.3monocypher b/doc/man/man3/advanced/crypto_poly1305.3monocypher
index c0f25a1024ae85c77f49c171fc0465de533c0576..a293f15d439ce8628569cdfce4d15900fb49e258 100644 (file)
--- a/doc/man/man3/advanced/crypto_poly1305.3monocypher
+++ b/doc/man/man3/advanced/crypto_poly1305.3monocypher
@@ -10,7 +10,7 @@
 .\"
 .\" Copyright (c) 2017-2019 Loup Vaillant
 .\" Copyright (c) 2017-2018 Michael Savage
-.\" Copyright (c) 2017-2020 Fabio Scotoni
+.\" Copyright (c) 2017-2021 Fabio Scotoni
 .\" All rights reserved.
 .\"
 .\"
@@ -40,7 +40,7 @@
 .\"
 .\" ----------------------------------------------------------------------------
 .\"
-.\" Written in 2017-2020 by Loup Vaillant, Michael Savage and Fabio Scotoni
+.\" Written in 2017-2021 by Loup Vaillant, Michael Savage and Fabio Scotoni
 .\"
 .\" To the extent possible under law, the author(s) have dedicated all copyright
 .\" and related neighboring rights to this software to the public domain
@@ -50,7 +50,7 @@
 .\" with this software.  If not, see
 .\" <https://creativecommons.org/publicdomain/zero/1.0/>
 .\"
-.Dd March 31, 2020
+.Dd June 11, 2021
 .Dt CRYPTO_POLY1305 3MONOCYPHER
 .Os
 .Sh NAME
@@ -215,7 +215,7 @@ Use authenticated encryption instead; see
 .Xr crypto_lock 3monocypher .
 If you are certain you do not want encryption, refer to
 .Xr crypto_blake2b 3monocypher
-on how to use Blake2b to generate message authentication codes.
+on how to use BLAKE2b to generate message authentication codes.
 .Ss Authentication key requirements
 Poly1305 is a
 .Em one-time

diff --git a/doc/man/man3/advanced/crypto_sign_init_first_pass.3monocypher b/doc/man/man3/advanced/crypto_sign_init_first_pass.3monocypher
index 73ab9994d63c74411039fc5035bb10184439f3a7..d7a6f058bf1bd5e0696cee9a94348b8e20e55ded 100644 (file)
--- a/doc/man/man3/advanced/crypto_sign_init_first_pass.3monocypher
+++ b/doc/man/man3/advanced/crypto_sign_init_first_pass.3monocypher
@@ -50,7 +50,7 @@
 .\" with this software.  If not, see
 .\" <https://creativecommons.org/publicdomain/zero/1.0/>
 .\"
-.Dd May 25, 2021
+.Dd June 11, 2021
 .Dt CRYPTO_SIGN_INIT_FIRST_PASS 3MONOCYPHER
 .Os
 .Sh NAME
@@ -218,14 +218,14 @@ analysis and fault injection (glitching) \(en both of which require
 physical access and appropriate equipment.
 We inject additional randomness (at least 32 bytes) and
 enough all-zero padding to fill the hash function's block size
-(128 bytes for both Blake2b and SHA-512).
+(128 bytes for both BLAKE2b and SHA-512).
 Note that
 .Fn crypto_sign_init_first_pass
 already fills 32 bytes,
 so randomness and padding must fill 32 bytes
 .Em less
 than the block
-size (96 bytes for Blake2b and SHA-512).
+size (96 bytes for BLAKE2b and SHA-512).
 Access to a cryptographically secure pseudo-random generator is a
 requirement for effective side channel mitigation.
 Signing a message with increased power-related side channel mitigations:
@@ -264,9 +264,9 @@ crypto_wipe(sk,  32);
 .Xr crypto_wipe 3monocypher ,
 .Xr intro 3monocypher
 .Sh STANDARDS
-These functions implement PureEdDSA with Curve25519 and Blake2b, as
+These functions implement PureEdDSA with Curve25519 and BLAKE2b, as
 described in RFC 8032.
-This is the same as Ed25519, with Blake2b instead of SHA-512.
+This is the same as Ed25519, with BLAKE2b instead of SHA-512.
 .Pp
 The example for side channel mitigation follows the methodology outlined
 in I-D.draft-mattsson-cfrg-det-sigs-with-noise-02.

diff --git a/doc/man/man3/crypto_blake2b.3monocypher b/doc/man/man3/crypto_blake2b.3monocypher
index 9473bafb0422ec30e7c04fb642fab96609253236..4c5483265192af12058a230d3340af9c418472e1 100644 (file)
--- a/doc/man/man3/crypto_blake2b.3monocypher
+++ b/doc/man/man3/crypto_blake2b.3monocypher
@@ -123,9 +123,9 @@ Length of
 .Fa hash ,
 in bytes.
 Must be between 1 and 64.
-Anything below 32 is discouraged when using Blake2b as a general-purpose
+Anything below 32 is discouraged when using BLAKE2b as a general-purpose
 hash function;
-anything below 16 is discouraged when using Blake2b as a message
+anything below 16 is discouraged when using BLAKE2b as a message
 authentication code.
 .It Fa key
 Some secret key.

diff --git a/doc/man/man3/crypto_sign.3monocypher b/doc/man/man3/crypto_sign.3monocypher
index 8b5205d2a28aa507e89df303a45232800f93bba8..3a9341b0fca75cfcd0a2b5ab3e21ec9482a34527 100644 (file)
--- a/doc/man/man3/crypto_sign.3monocypher
+++ b/doc/man/man3/crypto_sign.3monocypher
@@ -10,7 +10,7 @@
 .\"
 .\" Copyright (c) 2017-2019 Loup Vaillant
 .\" Copyright (c) 2017-2018 Michael Savage
-.\" Copyright (c) 2017, 2019-2020 Fabio Scotoni
+.\" Copyright (c) 2017, 2019-2021 Fabio Scotoni
 .\" All rights reserved.
 .\"
 .\"
@@ -40,7 +40,7 @@
 .\"
 .\" ----------------------------------------------------------------------------
 .\"
-.\" Written in 2017-2020 by Loup Vaillant, Michael Savage and Fabio Scotoni
+.\" Written in 2017-2021 by Loup Vaillant, Michael Savage and Fabio Scotoni
 .\"
 .\" To the extent possible under law, the author(s) have dedicated all copyright
 .\" and related neighboring rights to this software to the public domain
@@ -50,7 +50,7 @@
 .\" with this software.  If not, see
 .\" <https://creativecommons.org/publicdomain/zero/1.0/>
 .\"
-.Dd September 26, 2020
+.Dd June 11, 2021
 .Dt CRYPTO_SIGN 3MONOCYPHER
 .Os
 .Sh NAME
@@ -197,9 +197,9 @@ if (crypto_check(signature, pk, message, 10)) {
 .Xr crypto_lock 3monocypher ,
 .Xr intro 3monocypher
 .Sh STANDARDS
-These functions implement PureEdDSA with Curve25519 and Blake2b, as
+These functions implement PureEdDSA with Curve25519 and BLAKE2b, as
 described in RFC 8032.
-This is the same as Ed25519, with Blake2b instead of SHA-512.
+This is the same as Ed25519, with BLAKE2b instead of SHA-512.
 .Sh HISTORY
 The
 .Fn crypto_sign ,

diff --git a/doc/man/man3/intro.3monocypher b/doc/man/man3/intro.3monocypher
index 7a43dc8d3f4681207ecf7b7fc424b79ffb26a053..d67b454214a2ff60686f57de5e3502f6645c29e2 100644 (file)
--- a/doc/man/man3/intro.3monocypher
+++ b/doc/man/man3/intro.3monocypher
@@ -84,8 +84,8 @@ Whenever possible,
 should be preferred, however.
 .Ss Hashing
 .Xr crypto_blake2b 3monocypher
-implements the Blake2b hash.
-Blake2b combines the security of SHA-3 and the speed of MD5.
+implements the BLAKE2b hash.
+BLAKE2b combines the security of SHA-3 and the speed of MD5.
 It is immune to length extension attacks and provides a keyed mode
 that makes it a safe, easy to use authenticator.
 .Ss Password hashing and key derivation
@@ -111,9 +111,9 @@ as random noise.
 .Xr crypto_sign 3monocypher
 and
 .Xr crypto_check 3monocypher
-implement EdDSA, with Curve25519 and Blake2b.
+implement EdDSA, with Curve25519 and BLAKE2b.
 This is the same as the more famous Ed25519, with SHA-512 replaced by
-the faster and more secure Blake2b.
+the faster and more secure BLAKE2b.
 .Pp
 For highly specialised needs,
 it is possible to use a custom hash function with EdDSA;