Re: [GNUnet-developers] EcDSA signature scheme

gnunet-developers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] EcDSA signature scheme

From:	Jeff Burdges
Subject:	Re: [GNUnet-developers] EcDSA signature scheme
Date:	Tue, 21 Aug 2018 17:51:30 +0200

> On 13 Jul 2018, at 22:37, Bernd Fix <address@hidden> wrote:
> And maybe even a third one: I stumbled across an approach to use
> Curve25519 keypairs for both ECDH and Ed25519 signatures
> [https://moderncrypto.org/mail-archive/curves/2014/000293.html].

I don’t think it breaks Taler per se, but it’s needlessly complex.. and it 
damages the deterministic signatures property of Ed25519.

Also, I’m not 100% sure that NaCL based libraries lack a suitable Edwards 
scalar multiplication.  They may not expose it, but Ed25519 signature 
verification involves a variable-time double scalar multiplication.   This 
variable-time operation suffices, except that it enables javascript side 
channel attacks.  You could prevent those using key splitting.  Ain’t pretty 
obviously.  :)

Jeff

signature.asc
Description: Message signed with OpenPGP

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [GNUnet-developers] EcDSA signature scheme, hyazinthe, 2018/08/12
- Re: [GNUnet-developers] EcDSA signature scheme, Christian Grothoff, 2018/08/12
  - Re: [GNUnet-developers] EcDSA signature scheme, hyazinthe, 2018/08/13
- Re: [GNUnet-developers] EcDSA signature scheme, Jeff Burdges, 2018/08/21
- Re: [GNUnet-developers] EcDSA signature scheme, Jeff Burdges <=

Prev by Date: Re: [GNUnet-developers] EcDSA signature scheme
Previous by thread: Re: [GNUnet-developers] EcDSA signature scheme
Index(es):
- Date
- Thread