[Cryptography] Question about crypto_sign_open (in tweetnacl.c)
Patrick Chkoreff
pc at fexl.com
Sat Oct 27 10:55:33 EDT 2018
I wrote:
> I noticed an intriguing technique used in crypto_sign_open in
> tweetnacl.c. On line 790 we have:
>
> FOR(i,n) m[i] = sm[i];
>
> That's straightforward. After that loop, m consists of the 64 byte
> signature followed by the (64-n) byte message that was signed. But then
> watch this on line 791:
>
> FOR(i,32) m[i+32] = pk[i];
>
> That loop overwrites the last 16 bytes of the signature with the first
> 16 bytes of the public key, and overwrites the first 16 bytes of the
> message with the last 16 bytes of the public key.
Sorry, I misinterpreted that loop. It overwrites the last 32 bytes of
the 64-byte signature with the contents of the 32-byte public key,
period. It does not overwrite the message at all.
-- Patrick
More information about the cryptography
mailing list