[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Cryptography of GNU Name System
|
From: |
Bernd Fix |
|
Subject: |
Re: Cryptography of GNU Name System |
|
Date: |
Sun, 19 Jul 2020 12:08:57 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 |
On 7/18/20 1:36 PM, Jeff Burdges wrote:
> I do think GNS should ideally switch to Tor’s HDKD solution using
> Ed25519 instead of doing ECDSA over Ed25519 of course.
The signature computation as described in the Tor document is slightly
*different* from the EdDSA standard. EdDSA signing requires the private
key not to be the private scalar ('a' in Tor lingo), but the 'seed' s
from which the private key (as well as the constant 'r' in the signature
calculation) is derived from a hash of the seed.
I also think that the clamping of 'h' is not required; if the public key
is A=[a]B (assuming 'a' is clamped according to the EdDSA spec), than
the derived public key A'=[ha]B has a "non-clamped" scalar even if 'h'
is clamped first - the mod multiplication removes that property for sure...
Compared to the current GNS implementation this all boils down to
replacing ECDSA with a non-standard EdDSA - is it worth the trouble?
Cheers, Bernd.
- Cryptography of GNU Name System, Soatok Dreamseeker, 2020/07/14
- Re: Cryptography of GNU Name System, Giovanni Biscuolo, 2020/07/14
- Re: Cryptography of GNU Name System, Nikita Gillmann, 2020/07/14
- Re: Cryptography of GNU Name System, Christian Grothoff, 2020/07/14
- Re: Cryptography of GNU Name System, Jeff Burdges, 2020/07/14
- Re: Cryptography of GNU Name System, Jeff Burdges, 2020/07/18
- Re: Cryptography of GNU Name System,
Bernd Fix <=
- Re: Cryptography of GNU Name System, Jeff Burdges, 2020/07/19
- Re: Cryptography of GNU Name System, Bernd Fix, 2020/07/19
- Re: Cryptography of GNU Name System, Schanzenbach, Martin, 2020/07/19
- Re: Cryptography of GNU Name System, Jeff Burdges, 2020/07/19