Updating auth app with modern transcript flow

src/tapir.md

@@ -61,10 +61,10 @@ I,I_e \rightarrow C \\\\
 P,P_e \leftarrow C \\\\
 \\\\
 k = \mathrm{KDF}({P_e}^{i} + {P}^{i_e} + {P_e}^{i_e}) \\\\
-c = \mathrm{E}(k, I) \\\\
+c = \mathrm{E}(k, transcript.Commit()) \\\\
 c \rightarrow C \\\\
 c_p \leftarrow C \\\\
-\mathrm{D}(k, c_p) \stackrel{?}{=} P \\\\ 
+\mathrm{D}(k, c_p) \stackrel{?}{=} transcript.LatestCommit() \\\\ 
 \\]
 
 The above represents a sketch protocol, in reality there are a few
@@ -85,10 +85,24 @@ key of the outbound connection.
 This strict ordering ensures both sides of the connection derive the *same*
 session key. 
 
+### transcript.Commit()
+
+The merlin transcript derived challenge is based on all the messages sent in
+the auth flow (and any that were sent prior to the Auth App) 
+
+	// Derive a challenge from the transcript of the public parameters of this authentication protocol
+	transcript := ea.Transcript()
+	transcript.NewProtocol("auth-app")
+	transcript.AddToTranscript("outbound-hostname", []byte(outboundHostname))
+	transcript.AddToTranscript("inbound-hostname", []byte(inboundHostname))
+	transcript.AddToTranscript("outbound-challenge", outboundAuthMessage)
+	transcript.AddToTranscript("inbound-challenge", inboundAuthMessage)
+	challengeBytes := transcript.CommitToTranscript("3dh-auth-challenge")
+
 #### Asymmetry 
 
 The client connection is guaranteed to possess the long term identity of the
-server connection through the propreties of the underlying tor v3 onion
+server connection through the properties of the underlying tor v3 onion
  connection.
  
 As such if the server attempts to send a different long term identity to the