[Cryptography] More efficient and just as secure to sign message hash using Ed25519?

Werner Koch wk at gnupg.org
Thu Aug 6 03:43:18 EDT 2015


On Thu,  6 Aug 2015 04:30, peter at cryptojedi.org said:

> not pre-hashing depends on the length of the message. For signatures on
> short messages (like, e.g., public keys) the overhead is neglible, for
> very long messages it approaches a factor of 2.

There is another point to consider.  When using a smartcard it is
obviously better to implement the entire signature algorithm in the
smartcard.  The whole point of using a smartcard is to better protect
the private key.

Now, smartcards have a very limited I/O bandwidth and thus it is
impossible to feed the card with large data so that the EdDSA algorithm
in the card can do its work.  You want to feed the card only with a
hash.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



More information about the cryptography mailing list