[Cryptography] Question about crypto_sign_open (in tweetnacl.c)
Patrick Chkoreff
pc at fexl.com
Sun Oct 28 18:01:07 EDT 2018
> I'm thinking that the overwriting on line 791 is done simply for the
> purpose of "mixing it up" a bit prior to the call to crypto_hash on line
> 792, which computes the SHA-512 hash of m. But knowing DJB's mindset as
> I do, it's probably not arbitrary, and most likely protects against some
> known possible weakness. Can anyone elaborate on that?
Here's a response I got on the curvecp list:
~~~
See Ed25519 paper, page 10:
"the use of [public key in hashing] is an inexpensive way to alleviate
concerns that several
public keys could be attacked simultaneouslyā€¯
https://ed25519.cr.yp.to/ed25519-20110926.pdf
--
Dmitry Chestnykh
https://www.codingrobots.com
~~~
More information about the cryptography
mailing list