Hello all,
For Ed25519; what is the general use case for signing? I am working on an
implementation and wondering if it's useful to (only) sign messages of constant
length (i.e hashes of messages).
I have two reasons to favor constant-length messages:
- Simplicity: less things can go wrong with SHA-512 (input padding mostly).
- Storage constraints: Long messages will need to be send twice to the FPGA.
The downside is that any collision in the hash function used on the signers side
will lead to identical signatures.
- Wouter
_______________________________________________
Tech mailing list
Tech@cryptech.is
https://lists.cryptech.is/listinfo/tech
