Script updating gh-pages from 1017f0d. [ci skip]

cfrg · Jan 5, 2025 · 69b206c · 69b206c
1 parent b6097cb
commit 69b206c
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/proofreading/draft-irtf-cfrg-aegis-aead.html b/proofreading/draft-irtf-cfrg-aegis-aead.html
@@ -3633,7 +3633,7 @@ <h4 id="name-multi-user-security">
         <h3 id="name-implementation-security">
 <a href="#section-10.2" class="section-number selfRef">10.2. </a><a href="#name-implementation-security" class="section-name selfRef">Implementation Security</a>
         </h3>
-<p id="section-10.2-1">If tag verification fails, the unverified plaintext and computed authentication tag <span class="bcp14">MUST NOT</span> be released. As shown in <span>[<a href="#VV18" class="cite xref">VV18</a>]</span>, even a partial leak of the plaintext without verification would facilitate chosen ciphertext attacks.<a href="#section-10.2-1" class="pilcrow">¶</a></p>
+<p id="section-10.2-1">If tag verification fails, the unverified plaintext and computed authentication tag <span class="bcp14">MUST NOT</span> be released. As shown in <span>[<a href="#VV18" class="cite xref">VV18</a>]</span>, even a partial leak of the plaintext without verification facilitates chosen ciphertext attacks.<a href="#section-10.2-1" class="pilcrow">¶</a></p>
 <p id="section-10.2-2">The security of AEGIS against timing and physical attacks is limited by the implementation of the underlying <code>AESRound</code> function. Failure to implement <code>AESRound</code> in a fashion safe against timing and physical attacks, such as differential power analysis, timing analysis, or fault injection attacks, may lead to leakage of secret key material or state information. The exact mitigations required for timing and physical attacks depend on the threat model in question.<a href="#section-10.2-2" class="pilcrow">¶</a></p>
 <p id="section-10.2-3">Regardless of the variant, the <code>key</code> and <code>nonce</code> are only required by the <code>Init</code> function; other functions only depend on the resulting state. Therefore, implementations can overwrite ephemeral keys with zeros right after the last <code>Update</code> call of the initialization function.<a href="#section-10.2-3" class="pilcrow">¶</a></p>
 </section>

diff --git a/proofreading/draft-irtf-cfrg-aegis-aead.txt b/proofreading/draft-irtf-cfrg-aegis-aead.txt
@@ -1905,8 +1905,8 @@ return tag
 
    If tag verification fails, the unverified plaintext and computed
    authentication tag MUST NOT be released.  As shown in [VV18], even a
-   partial leak of the plaintext without verification would facilitate
-   chosen ciphertext attacks.
+   partial leak of the plaintext without verification facilitates chosen
+   ciphertext attacks.
 
    The security of AEGIS against timing and physical attacks is limited
    by the implementation of the underlying AESRound function.  Failure