[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] EcDSA signature scheme

From: Jeff Burdges
Subject: Re: [GNUnet-developers] EcDSA signature scheme
Date: Tue, 21 Aug 2018 17:51:30 +0200

> On 13 Jul 2018, at 22:37, Bernd Fix <address@hidden> wrote:
> And maybe even a third one: I stumbled across an approach to use
> Curve25519 keypairs for both ECDH and Ed25519 signatures
> [].

I don’t think it breaks Taler per se, but it’s needlessly complex.. and it 
damages the deterministic signatures property of Ed25519.

Also, I’m not 100% sure that NaCL based libraries lack a suitable Edwards 
scalar multiplication.  They may not expose it, but Ed25519 signature 
verification involves a variable-time double scalar multiplication.   This 
variable-time operation suffices, except that it enables javascript side 
channel attacks.  You could prevent those using key splitting.  Ain’t pretty 
obviously.  :)


Attachment: signature.asc
Description: Message signed with OpenPGP

reply via email to

[Prev in Thread] Current Thread [Next in Thread]