BOLT 8: fix names of returned values of ECDH function

ref. http://noiseprotocol.org/noise.html#overview-of-handshake-state-machine
Change `ss` to `es`, `ee`, `se` according to each case.

08-transport.md

@@ -231,10 +231,10 @@ and 16 bytes for the `poly1305` tag.
 2. `h = SHA-256(h || e.pub.serializeCompressed())`
      * The newly generated ephemeral key is accumulated into the running
        handshake digest.
-3. `ss = ECDH(rs, e.priv)`
+3. `es = ECDH(rs, e.priv)`
      * The initiator performs an ECDH between its newly generated ephemeral
        key and the remote node's static public key.
-4. `ck, temp_k1 = HKDF(ck, ss)`
+4. `ck, temp_k1 = HKDF(ck, es)`
      * A new temporary encryption key is generated, which is
        used to generate the authenticating MAC.
 5. `c = encryptWithAD(temp_k1, 0, h, zero)`
@@ -258,10 +258,10 @@ and 16 bytes for the `poly1305` tag.
 4. `h = SHA-256(h || re.serializeCompressed())`
     * The responder accumulates the initiator's ephemeral key into the authenticating
       handshake digest.
-5. `ss = ECDH(re, s.priv)`
+5. `es = ECDH(re, s.priv)`
     * The responder performs an ECDH between its static private key and the
       initiator's ephemeral public key.
-6. `ck, temp_k1 = HKDF(ck, ss)`
+6. `ck, temp_k1 = HKDF(ck, es)`
     * A new temporary encryption key is generated, which will
       shortly be used to check the authenticating MAC.
 7. `p = decryptWithAD(temp_k1, 0, h, c)`
@@ -293,10 +293,10 @@ for the `poly1305` tag.
 2. `h = SHA-256(h || e.pub.serializeCompressed())`
      * The newly generated ephemeral key is accumulated into the running
        handshake digest.
-3. `ss = ECDH(re, e.priv)`
+3. `ee = ECDH(re, e.priv)`
      * where `re` is the ephemeral key of the initiator, which was received
        during Act One
-4. `ck, temp_k2 = HKDF(ck, ss)`
+4. `ck, temp_k2 = HKDF(ck, ee)`
      * A new temporary encryption key is generated, which is
        used to generate the authenticating MAC.
 5. `c = encryptWithAD(temp_k2, 0, h, zero)`
@@ -315,12 +315,12 @@ for the `poly1305` tag.
 3. If `v` is an unrecognized handshake version, then the responder MUST
     abort the connection attempt.
 4. `h = SHA-256(h || re.serializeCompressed())`
-5. `ss = ECDH(re, e.priv)`
+5. `ee = ECDH(re, e.priv)`
     * where `re` is the responder's ephemeral public key
     * The raw bytes of the remote party's ephemeral public key (`re`) are to be
       deserialized into a point on the curve using affine coordinates as encoded
       by the key's serialized composed format.
-6. `ck, temp_k2 = HKDF(ck, ss)`
+6. `ck, temp_k2 = HKDF(ck, ee)`
      * A new temporary encryption key is generated, which is
        used to generate the authenticating MAC.
 7. `p = decryptWithAD(temp_k2, 0, h, c)`
@@ -353,9 +353,9 @@ construction, and 16 bytes for a final authenticating tag.
 1. `c = encryptWithAD(temp_k2, 1, h, s.pub.serializeCompressed())`
     * where `s` is the static public key of the initiator
 2. `h = SHA-256(h || c)`
-3. `ss = ECDH(re, s.priv)`
+3. `se = ECDH(re, s.priv)`
     * where `re` is the ephemeral public key of the responder
-4. `ck, temp_k3 = HKDF(ck, ss)`
+4. `ck, temp_k3 = HKDF(ck, se)`
     * The final intermediate shared secret is mixed into the running chaining key.
 5. `t = encryptWithAD(temp_k3, 0, h, zero)`
      * where `zero` is a zero-length plaintext
@@ -383,9 +383,9 @@ construction, and 16 bytes for a final authenticating tag.
      * At this point, the responder has recovered the static public key of the
        initiator.
 5. `h = SHA-256(h || c)`
-6. `ss = ECDH(rs, e.priv)`
+6. `se = ECDH(rs, e.priv)`
      * where `e` is the responder's original ephemeral key
-7. `ck, temp_k3 = HKDF(ck, ss)`
+7. `ck, temp_k3 = HKDF(ck, se)`
 8. `p = decryptWithAD(temp_k3, 0, h, t)`
      * If the MAC check in this operation fails, then the responder MUST
        terminate the connection without any further messages.