[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] EcDSA signature scheme

From: hyazinthe
Subject: Re: [GNUnet-developers] EcDSA signature scheme
Date: Sat, 14 Jul 2018 11:00:50 +0200

*Disclaimer: I'm not skillful in cryptography. I hope you can tolerate random 
input with intention to help GNUnet crypto in general. I hope that the input is 
helpful in any case and sorry if the input is not helpful in any case. More 
eyes see more. Sometimes also including the unskillful ones.*

When it comes to double application/hashing after the 1st round of it one 
should do "Xor" or in other words 'push down a bit/swap a bit/change a bit'

Nonce always have to be different and in being so unique - without any 

What crypto in general to use:
1. MRAE - (nonce)-misuse-resistant-authenticated-encryption:
Especially RIV - Robust Initialization Vector -
otherwise SIV - Synthetic Initialization Vector
But the downside of it is that it's slow/effortful, because it has to go over 
cleat text for 2 times
So, this crypto is not suitable for realtime applications/streaming
But it's the most secure crypto.
2. Robust authenticated encryption:
If one is dealing with realtime applications/streaming, one should go down one 
from MRAE to this Robust authenticated encryption.
Especially POET is a good choice, that's the successor generation of McOE-G.
Otherwise McOE-G or maybe COLM is a good pick.
That's the 2nd most secure crypto.

But in times of quantum computers - by 2018 NSA could have a decent one - it's 
probably better to increasingly consider Post-Quantum Cryptography (PQCrypto), 
because then ECDSA and ECDH are also no longer secure anymore.
I found this page to be useful for overview: .
For more details this page is very good:
Did you know that the TOR project planned to migrate to quantum resistant 
ciphers by version 0.2.9.x ( + ) ? But my impression is, 
that they've done the fatal mistake to postpone this to a far, far, undefined 
point in the future.

Bastian Schmidt

--- Urspr√ľngliche Nachricht ---
Von: Bernd Fix <address@hidden>
Datum: 13.07.2018 11:26:44
An: address@hidden
Betreff: Re: [GNUnet-developers] EcDSA signature scheme

> I think that most problems mentioned in my previous post originate in
> the '#define CURVE "Ed25519"' statement at curve_ecc.c:37. All
> key
> parameter definitions (EdDSA, ECDSA and ECDHE) use that value leading to
> the described problems. I think that the curve key parameter needs to be
> set individually for each purpose.
> I have created a new branch "new_crypto" to collect the changes
> I see
> fit for the EC crypto stuff. I hope to be able to push it later today
> (if not, I will not be able to do so before next Wednesday).
> As more changes in crypto are pending (iirc it was mentioned that the
> timestamp will be removed from the HMAC computation), we could collect
> these changes in that new branch.
> Any suggestions or comments?
> _______________________________________________
> GNUnet-developers mailing list
> address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]