Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

change ed19 verify operator, to comply with ed spec #600

Merged
merged 7 commits into from
Jul 29, 2024

Conversation

luizstacio
Copy link
Member

When using EdDSA (Ed25519) to verify a signature, the payload is not limited by 32 bytes.

After merging, notify other teams

@Dentosal
Copy link
Member

This seems completely incorrect. The ED19 "payload" is a message hash, typically sha-2-256. Using the instruction with a non-hashed value is cryptographically unsound. The payload is not hashed again by the instruction. To use ED19 with any message of any size, you must first hash it, typically using S256 instruction to do so.

@luizstacio
Copy link
Member Author

luizstacio commented Jul 26, 2024

@Dentosal

https://en.wikipedia.org/wiki/EdDSA on Signature verification

$$ H(R \parallel A \parallel M) A $$

From my understanding the message is required by the algo to be able to perform the hash on the validation.
Forcing to hash the message is not an option as you can't control the environment where the signature is going to happen, ex.: Wallets.

@Dentosal Dentosal merged commit 6ebbe21 into master Jul 29, 2024
6 checks passed
@Dentosal Dentosal deleted the ls/fix/ed19_verify branch July 29, 2024 21:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants