parent_SK_to_lamport_PK

Inputs

parent_SK, the BLS Secret Key of the parent node index, the index of the desired child node, an integer 0 <= index < 2^32

Outputs

lamport_PK, the compressed lamport PK, a 32 octet string

Definitions

I2OSP is as defined in RFC3447 (Big endian decoding) flip_bits is a function that returns the bitwise negation of its input "" is the empty string a | b is the concatenation of a with b

Procedure

0. salt = I2OSP(index, 4) 1. IKM = I2OSP(parent_SK, 32) 2. lamport_0 = IKM_to_lamport_SK(IKM, salt) 3. not_IKM = flip_bits(IKM) 4. lamport_1 = IKM_to_lamport_SK(not_IKM, salt) 5. lamport_PK = "" 6. for i in 1, .., 255 lamport_PK = lamport_PK | SHA256(lamport_0[i]) 7. for i in 1, .., 255 lamport_PK = lamport_PK | SHA256(lamport_1[i]) 8. compressed_lamport_PK = SHA256(lamport_PK) 9. return compressed_lamport_PK