From af67dd10cd22ddd084b2cab1c1c0bd0d9599a0e1 Mon Sep 17 00:00:00 2001
From: Fabio Scotoni <34964387+fscoto@users.noreply.github.com>
Date: Fri, 11 Jun 2021 20:37:46 +0200
Subject: [PATCH] doc: Use canonical spelling of BLAKE2(b)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit
Spelling according to Jean-Philippe Aumasson, Samuel Neves, Zooko
Wilcox-OâHearn, Christian Winnerlein. "BLAKE2: Simpler, Smaller, Fast as
MD5." ACNS 2013. Lecture Notes in Computer Science, vol 7954,
and also https://twitter.com/veorq/status/1396728032883322884
---
AUTHORS.md | 4 ++--
README.md | 4 ++--
doc/man/man3/advanced/crypto_chacha20.3monocypher | 2 +-
doc/man/man3/advanced/crypto_poly1305.3monocypher | 8 ++++----
.../advanced/crypto_sign_init_first_pass.3monocypher | 10 +++++-----
doc/man/man3/crypto_blake2b.3monocypher | 4 ++--
doc/man/man3/crypto_sign.3monocypher | 10 +++++-----
doc/man/man3/intro.3monocypher | 8 ++++----
8 files changed, 25 insertions(+), 25 deletions(-)
diff --git a/AUTHORS.md b/AUTHORS.md
index 91394d0..343aa1d 100644
--- a/AUTHORS.md
+++ b/AUTHORS.md
@@ -3,7 +3,7 @@ Designers
- **ChaCha20:** Daniel J. Bernstein.
- **Poly1305:** Daniel J. Bernstein.
-- **Blake2:** Jean-Philippe Aumasson, Christian Winnerlein, Samuel Neves,
+- **BLAKE2:** Jean-Philippe Aumasson, Christian Winnerlein, Samuel Neves,
and Zooko Wilcox-O'Hearn
- **Argon2:** Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich
- **X25519:** Daniel J. Bernstein
@@ -15,7 +15,7 @@ Implementors
- **ChaCha20:** Loup Vaillant, implemented from spec.
- **Poly1305:** Loup Vaillant, implemented from spec.
-- **Blake2b:** Loup Vaillant, implemented from spec.
+- **BLAKE2b:** Loup Vaillant, implemented from spec.
- **Argon2i:** Loup Vaillant, implemented from spec.
- **X25519:** Daniel J. Bernstein, taken and packaged from SUPERCOP
ref10.
diff --git a/README.md b/README.md
index 1b13569..5ef3106 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ Features
- [Authenticated Encryption][AEAD] with XChaCha20 and Poly1305
(RFC 8439).
-- [Hashing][HASH] with Blake2b.
+- [Hashing][HASH] with BLAKE2b.
- [Password Hashing][PWH] with Argon2i.
- [Public Key Cryptography][PKC] with X25519 (key exchange).
- [Public Key Signatures][PKS] with EdDSA (RFC 8032) and Ed25519.
@@ -206,7 +206,7 @@ is activated by compiling monocypher.c with the `-DBLAKE2_NO_UNROLLING`
option.
The `-DBLAKE2_NO_UNROLLING` option is a performance tweak. By default,
-Monocypher unrolls the Blake2b inner loop, because doing so is over 25%
+Monocypher unrolls the BLAKE2b inner loop, because doing so is over 25%
faster on modern processors. Some embedded processors however, run the
unrolled loop _slower_ (possibly because of the cost of fetching 5KB of
additional code). If you're using an embedded platform, try this
diff --git a/doc/man/man3/advanced/crypto_chacha20.3monocypher b/doc/man/man3/advanced/crypto_chacha20.3monocypher
index bcfd03f..af75913 100644
--- a/doc/man/man3/advanced/crypto_chacha20.3monocypher
+++ b/doc/man/man3/advanced/crypto_chacha20.3monocypher
@@ -357,7 +357,7 @@ that were deprecated in Monocypher 3.0.0.
ChaCha20 only protects against eavesdropping, not forgeries.
Most applications need protection against forgeries to be properly
secure.
-To ensure the integrity of a message, use Blake2b in keyed mode, or
+To ensure the integrity of a message, use BLAKE2b in keyed mode, or
authenticated encryption; see
.Xr crypto_blake2b 3monocypher
and
diff --git a/doc/man/man3/advanced/crypto_poly1305.3monocypher b/doc/man/man3/advanced/crypto_poly1305.3monocypher
index c0f25a1..a293f15 100644
--- a/doc/man/man3/advanced/crypto_poly1305.3monocypher
+++ b/doc/man/man3/advanced/crypto_poly1305.3monocypher
@@ -10,7 +10,7 @@
.\"
.\" Copyright (c) 2017-2019 Loup Vaillant
.\" Copyright (c) 2017-2018 Michael Savage
-.\" Copyright (c) 2017-2020 Fabio Scotoni
+.\" Copyright (c) 2017-2021 Fabio Scotoni
.\" All rights reserved.
.\"
.\"
@@ -40,7 +40,7 @@
.\"
.\" ----------------------------------------------------------------------------
.\"
-.\" Written in 2017-2020 by Loup Vaillant, Michael Savage and Fabio Scotoni
+.\" Written in 2017-2021 by Loup Vaillant, Michael Savage and Fabio Scotoni
.\"
.\" To the extent possible under law, the author(s) have dedicated all copyright
.\" and related neighboring rights to this software to the public domain
@@ -50,7 +50,7 @@
.\" with this software. If not, see
.\"
.\"
-.Dd March 31, 2020
+.Dd June 11, 2021
.Dt CRYPTO_POLY1305 3MONOCYPHER
.Os
.Sh NAME
@@ -215,7 +215,7 @@ Use authenticated encryption instead; see
.Xr crypto_lock 3monocypher .
If you are certain you do not want encryption, refer to
.Xr crypto_blake2b 3monocypher
-on how to use Blake2b to generate message authentication codes.
+on how to use BLAKE2b to generate message authentication codes.
.Ss Authentication key requirements
Poly1305 is a
.Em one-time
diff --git a/doc/man/man3/advanced/crypto_sign_init_first_pass.3monocypher b/doc/man/man3/advanced/crypto_sign_init_first_pass.3monocypher
index 73ab999..d7a6f05 100644
--- a/doc/man/man3/advanced/crypto_sign_init_first_pass.3monocypher
+++ b/doc/man/man3/advanced/crypto_sign_init_first_pass.3monocypher
@@ -50,7 +50,7 @@
.\" with this software. If not, see
.\"
.\"
-.Dd May 25, 2021
+.Dd June 11, 2021
.Dt CRYPTO_SIGN_INIT_FIRST_PASS 3MONOCYPHER
.Os
.Sh NAME
@@ -218,14 +218,14 @@ analysis and fault injection (glitching) \(en both of which require
physical access and appropriate equipment.
We inject additional randomness (at least 32 bytes) and
enough all-zero padding to fill the hash function's block size
-(128 bytes for both Blake2b and SHA-512).
+(128 bytes for both BLAKE2b and SHA-512).
Note that
.Fn crypto_sign_init_first_pass
already fills 32 bytes,
so randomness and padding must fill 32 bytes
.Em less
than the block
-size (96 bytes for Blake2b and SHA-512).
+size (96 bytes for BLAKE2b and SHA-512).
Access to a cryptographically secure pseudo-random generator is a
requirement for effective side channel mitigation.
Signing a message with increased power-related side channel mitigations:
@@ -264,9 +264,9 @@ crypto_wipe(sk, 32);
.Xr crypto_wipe 3monocypher ,
.Xr intro 3monocypher
.Sh STANDARDS
-These functions implement PureEdDSA with Curve25519 and Blake2b, as
+These functions implement PureEdDSA with Curve25519 and BLAKE2b, as
described in RFC 8032.
-This is the same as Ed25519, with Blake2b instead of SHA-512.
+This is the same as Ed25519, with BLAKE2b instead of SHA-512.
.Pp
The example for side channel mitigation follows the methodology outlined
in I-D.draft-mattsson-cfrg-det-sigs-with-noise-02.
diff --git a/doc/man/man3/crypto_blake2b.3monocypher b/doc/man/man3/crypto_blake2b.3monocypher
index 9473baf..4c54832 100644
--- a/doc/man/man3/crypto_blake2b.3monocypher
+++ b/doc/man/man3/crypto_blake2b.3monocypher
@@ -123,9 +123,9 @@ Length of
.Fa hash ,
in bytes.
Must be between 1 and 64.
-Anything below 32 is discouraged when using Blake2b as a general-purpose
+Anything below 32 is discouraged when using BLAKE2b as a general-purpose
hash function;
-anything below 16 is discouraged when using Blake2b as a message
+anything below 16 is discouraged when using BLAKE2b as a message
authentication code.
.It Fa key
Some secret key.
diff --git a/doc/man/man3/crypto_sign.3monocypher b/doc/man/man3/crypto_sign.3monocypher
index 8b5205d..3a9341b 100644
--- a/doc/man/man3/crypto_sign.3monocypher
+++ b/doc/man/man3/crypto_sign.3monocypher
@@ -10,7 +10,7 @@
.\"
.\" Copyright (c) 2017-2019 Loup Vaillant
.\" Copyright (c) 2017-2018 Michael Savage
-.\" Copyright (c) 2017, 2019-2020 Fabio Scotoni
+.\" Copyright (c) 2017, 2019-2021 Fabio Scotoni
.\" All rights reserved.
.\"
.\"
@@ -40,7 +40,7 @@
.\"
.\" ----------------------------------------------------------------------------
.\"
-.\" Written in 2017-2020 by Loup Vaillant, Michael Savage and Fabio Scotoni
+.\" Written in 2017-2021 by Loup Vaillant, Michael Savage and Fabio Scotoni
.\"
.\" To the extent possible under law, the author(s) have dedicated all copyright
.\" and related neighboring rights to this software to the public domain
@@ -50,7 +50,7 @@
.\" with this software. If not, see
.\"
.\"
-.Dd September 26, 2020
+.Dd June 11, 2021
.Dt CRYPTO_SIGN 3MONOCYPHER
.Os
.Sh NAME
@@ -197,9 +197,9 @@ if (crypto_check(signature, pk, message, 10)) {
.Xr crypto_lock 3monocypher ,
.Xr intro 3monocypher
.Sh STANDARDS
-These functions implement PureEdDSA with Curve25519 and Blake2b, as
+These functions implement PureEdDSA with Curve25519 and BLAKE2b, as
described in RFC 8032.
-This is the same as Ed25519, with Blake2b instead of SHA-512.
+This is the same as Ed25519, with BLAKE2b instead of SHA-512.
.Sh HISTORY
The
.Fn crypto_sign ,
diff --git a/doc/man/man3/intro.3monocypher b/doc/man/man3/intro.3monocypher
index 7a43dc8..d67b454 100644
--- a/doc/man/man3/intro.3monocypher
+++ b/doc/man/man3/intro.3monocypher
@@ -84,8 +84,8 @@ Whenever possible,
should be preferred, however.
.Ss Hashing
.Xr crypto_blake2b 3monocypher
-implements the Blake2b hash.
-Blake2b combines the security of SHA-3 and the speed of MD5.
+implements the BLAKE2b hash.
+BLAKE2b combines the security of SHA-3 and the speed of MD5.
It is immune to length extension attacks and provides a keyed mode
that makes it a safe, easy to use authenticator.
.Ss Password hashing and key derivation
@@ -111,9 +111,9 @@ as random noise.
.Xr crypto_sign 3monocypher
and
.Xr crypto_check 3monocypher
-implement EdDSA, with Curve25519 and Blake2b.
+implement EdDSA, with Curve25519 and BLAKE2b.
This is the same as the more famous Ed25519, with SHA-512 replaced by
-the faster and more secure Blake2b.
+the faster and more secure BLAKE2b.
.Pp
For highly specialised needs,
it is possible to use a custom hash function with EdDSA;
--
2.47.3