The IETF work that is using Ed25519 is not using the pre-hash version. That
means that you need to be able to sign message, not hashes of messages.
See:
https://www.ietf.org/id/draft-ietf-curdle-pkix-05.txt
https://www.ietf.org/id/draft-ietf-curdle-cms-eddsa-signatures-07.txt
https://www.ietf.org/id/draft-ietf-curdle-ssh-ed25519-01.txt
Russ
> On Aug 23, 2017, at 6:44 AM, Wouter Kuhnen <[email protected]> wrote:
>
> Hello all,
>
> For Ed25519; what is the general use case for signing? I am working on an
> implementation and wondering if it's useful to (only) sign messages of
> constant
> length (i.e hashes of messages).
>
> I have two reasons to favor constant-length messages:
> - Simplicity: less things can go wrong with SHA-512 (input padding mostly).
> - Storage constraints: Long messages will need to be send twice to the
> FPGA.
>
> The downside is that any collision in the hash function used on the signers
> side
> will lead to identical signatures.
>
> - Wouter
_______________________________________________
Tech mailing list
[email protected]
https://lists.cryptech.is/listinfo/tech
