# DECO问题汇总 ## 3-party handshake - none ## Query Execution - compute `HMAC`, $\mathrm {HMAC}_H(k,m)=\mathrm H((k\oplus opad) ||\mathrm H((k\oplus ipad) || m))$, what is `opad` and `ipad`? - $\mathrm H(m_1||m_2) = f_\mathrm H(f_\mathrm H(\mathrm {IV},m_1),m_2)$, why are they equal? what is value of `IV`? ## Proof Generation - reveal a tls record, $\pi _\sigma=\mathrm {ZK-PoK}\{k^{\mathrm {Enc}}:\hat\sigma=\mathrm {CBC}(k^{\mathrm {Enc}}, \sigma)\}$, How to implement it in code? - reveal a record with redacted block. $\pi=\mathrm {ZK-PoK}\{B_i:f(s_{i-1}, B_i)=s_i\}$, How to implement this in code? - two stage parsing, $\mathcal G'=\{R':R'=\mathrm {Trans}(R), R\in \mathcal G\}$, how to transform concretely? ## AES - only understand CBC-HMAC, not understand how to adapt DECO to GCM in the above stage.