Keep the function definition closer to its short introduction (#69)

Move the paragraph about properties down, so that the definition of the function immediately follows its introduction.
cfrg · Dec 11, 2024 · f9f50ea · f9f50ea
1 parent 9f5e6f1
commit f9f50ea
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/draft-irtf-cfrg-aegis-aead.md b/draft-irtf-cfrg-aegis-aead.md
@@ -1628,15 +1628,16 @@ All AEGIS variants can be used to construct a MAC.
 
 For all the variants, the `Mac` function takes a key, a nonce, and data as input, and produces a 128- or 256-bit tag as output.
 
-This is the only function that allows the reuse of `(key, nonce)` pairs with different inputs.
-
-However, AEGIS-based MAC functions MUST NOT be used as hash functions. If the key is known, inputs causing state collisions can easily be crafted.
-Likewise, unlike hash-based MACs, tags MUST NOT be used for key derivation, as there is no guarantee that they are uniformly random.
-
 ~~~
 Mac(data, key, nonce)
 ~~~
 
+Security:
+
+- This is the only function that allows the reuse of `(key, nonce)` pairs with different inputs.
+- AEGIS-based MAC functions MUST NOT be used as hash functions: if the key is known, inputs causing state collisions can easily be crafted.
+- Unlike hash-based MACs, tags MUST NOT be used for key derivation, as there is no guarantee that they are uniformly random.
+
 Inputs:
 
 - `data`: the input data to authenticate (length MUST be less than or equal to `A_MAX`).