[Cryptography] More efficient and just as secure to sign message hash using Ed25519?

James Cloos cloos at jhcloos.com
Thu Aug 6 13:43:25 EDT 2015

>>>>> "A" == Allen  <allenpmd at gmail.com> writes:

A> P.S, I might add that for many applications it would be good to include:
A> Step 0.  A pseudo-random nonce is generated and appended to the message.

The recent thread on cfrg suggests that the nonce needs to be prepended
rather than apended to avoid attacks.

James Cloos <cloos at jhcloos.com>         OpenPGP: 0x997A9F17ED7DAEA6

More information about the cryptography mailing list