Thanks for the discovery and analysis of this, Bernd. 

I wonder if this would be feasible to try to make into the 0.11.0 release..?

Bernd Fix transcribed 1.1K bytes:
> The EdDSA signature implementation in GNUnet calls the 'gcry_pk_sign
> (&sig, msg, prv)' function not with the message itself, but with the
> SHA512 hash value of the message.
> 
> Due to the intricities of EdDSA signing this is not necessary (hashing
> is done in the sign function itself, as more than just the message is
> hashed for this).
> 
> Although the GNUnet approach is not breaking things technically, it
> produces unnecesary load: It is running an extra SHA512 - and because
> the signed message is usually rather small (from what I have seen until
> now the signed data is smaller than the 64 bytes of a SHA512 result),
> the sign functions even needs to hash more data than necessary.
> 
> I guess that changing the sign/verify procedure would break
> compatibility between new and old nodes and is therefore not feasable. I
> just want to mention this in case a major version change is considered.
> 
> Thanks for your attention, Bernd.
> 
> _______________________________________________
> GNUnet-developers mailing list
> GNUnet-developers@gnu.org
> https://lists.gnu.org/mailman/listinfo/gnunet-developers

Attachment: signature.asc
Description: PGP signature

_______________________________________________
GNUnet-developers mailing list
GNUnet-developers@gnu.org
https://lists.gnu.org/mailman/listinfo/gnunet-developers

Reply via email to