Thanks for the discovery and analysis of this, Bernd. I wonder if this would be feasible to try to make into the 0.11.0 release..?
Bernd Fix transcribed 1.1K bytes: > The EdDSA signature implementation in GNUnet calls the 'gcry_pk_sign > (&sig, msg, prv)' function not with the message itself, but with the > SHA512 hash value of the message. > > Due to the intricities of EdDSA signing this is not necessary (hashing > is done in the sign function itself, as more than just the message is > hashed for this). > > Although the GNUnet approach is not breaking things technically, it > produces unnecesary load: It is running an extra SHA512 - and because > the signed message is usually rather small (from what I have seen until > now the signed data is smaller than the 64 bytes of a SHA512 result), > the sign functions even needs to hash more data than necessary. > > I guess that changing the sign/verify procedure would break > compatibility between new and old nodes and is therefore not feasable. I > just want to mention this in case a major version change is considered. > > Thanks for your attention, Bernd. > > _______________________________________________ > GNUnet-developers mailing list > [email protected] > https://lists.gnu.org/mailman/listinfo/gnunet-developers
signature.asc
Description: PGP signature
_______________________________________________ GNUnet-developers mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gnunet-developers
