gnunet-developers
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] EcDSA signature scheme


From: hyazinthe
Subject: Re: [GNUnet-developers] EcDSA signature scheme
Date: Sat, 14 Jul 2018 11:00:50 +0200

*Disclaimer: I'm not skillful in cryptography. I hope you can tolerate random 
input with intention to help GNUnet crypto in general. I hope that the input is 
helpful in any case and sorry if the input is not helpful in any case. More 
eyes see more. Sometimes also including the unskillful ones.*

When it comes to double application/hashing after the 1st round of it one 
should do "Xor" or in other words 'push down a bit/swap a bit/change a bit'

Nonce always have to be different and in being so unique - without any 
exception.

What crypto in general to use:
1. MRAE - (nonce)-misuse-resistant-authenticated-encryption:
Especially RIV - Robust Initialization Vector - 
https://www.researchgate.net/publication/305421597_RIV_for_Robust_Authenticated_Encryption
otherwise SIV - Synthetic Initialization Vector
But the downside of it is that it's slow/effortful, because it has to go over 
cleat text for 2 times
So, this crypto is not suitable for realtime applications/streaming
But it's the most secure crypto.
2. Robust authenticated encryption:
If one is dealing with realtime applications/streaming, one should go down one 
step
from MRAE to this Robust authenticated encryption.
Especially POET is a good choice, that's the successor generation of McOE-G.
Otherwise McOE-G or maybe COLM is a good pick.
That's the 2nd most secure crypto.

But in times of quantum computers - by 2018 NSA could have a decent one - it's 
probably better to increasingly consider Post-Quantum Cryptography (PQCrypto), 
because then ECDSA and ECDH are also no longer secure anymore.
I found this page to be useful for overview: 
https://www.whonix.org/wiki/PQCrypto .
For more details this page is very good: https://pqcrypto.org/
Did you know that the TOR project planned to migrate to quantum resistant 
ciphers by version 0.2.9.x ( 
https://trac.torproject.org/projects/tor/ticket/17286 + 
https://trac.torproject.org/projects/tor/ticket/24985 ) ? But my impression is, 
that they've done the fatal mistake to postpone this to a far, far, undefined 
point in the future.


Greetings,
Bastian Schmidt

--- Urspr√ľngliche Nachricht ---
Von: Bernd Fix <address@hidden>
Datum: 13.07.2018 11:26:44
An: address@hidden
Betreff: Re: [GNUnet-developers] EcDSA signature scheme

> I think that most problems mentioned in my previous post originate in
> the '#define CURVE "Ed25519"' statement at curve_ecc.c:37. All
> key
> parameter definitions (EdDSA, ECDSA and ECDHE) use that value leading to
>
> the described problems. I think that the curve key parameter needs to be
>
> set individually for each purpose.
>
> I have created a new branch "new_crypto" to collect the changes
> I see
> fit for the EC crypto stuff. I hope to be able to push it later today
> (if not, I will not be able to do so before next Wednesday).
>
> As more changes in crypto are pending (iirc it was mentioned that the
> timestamp will be removed from the HMAC computation), we could collect
> these changes in that new branch.
>
> Any suggestions or comments?
>
> _______________________________________________
> GNUnet-developers mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/gnunet-developers
>





reply via email to

[Prev in Thread] Current Thread [Next in Thread]