[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNUnet-developers] EcDSA signature scheme
|
From: |
Christian Grothoff |
|
Subject: |
Re: [GNUnet-developers] EcDSA signature scheme |
|
Date: |
Fri, 13 Jul 2018 22:43:49 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 |
On 07/13/2018 10:37 PM, Bernd Fix wrote:
> On 07/13/2018 04:50 PM, Christian Grothoff wrote:
>> On 07/13/2018 06:39 PM, Bernd Fix wrote:
>>> This constraint of course make things trickier, because that means we
>>> are stuck in using Ed25519 for ECDHE. A possible solution (again: not
>>> for GNUnet itself, but for implementators in general) for using Ed25519
>>> points with ECDHE is to use the bijective mapping between Ed25519 and
>>> Curve25519 and to do the ECDHE on Curve25519. Not nice probably, but
>>> that could work.
>>
>> Well, there is another possibility: simply have *two* versions of
>> ECDHE/X25519: one for Taler where we mix it with EdDSA, and another one
>> for GNUnet core/cadet KX where we do not rely on this property.
>
> And maybe even a third one: I stumbled across an approach to use
> Curve25519 keypairs for both ECDH and Ed25519 signatures
> [https://moderncrypto.org/mail-archive/curves/2014/000293.html].
>
> Would that be feasible also for Taler? Since Taler (afaik) relies on
> some GNUnet mechanisms, it seems preferable not to introduce YACS (Yet
> Another Crypto Scheme)...
I don't see why this would not be feasible, but I don't see an advantage
either. Maybe Jeff or Florian have an opinion here.
signature.asc
Description: OpenPGP digital signature