[Cryptography] Question about crypto_sign_open (in tweetnacl.c)

Patrick Chkoreff pc at fexl.com
Sun Oct 28 18:01:07 EDT 2018

> I'm thinking that the overwriting on line 791 is done simply for the
> purpose of "mixing it up" a bit prior to the call to crypto_hash on line
> 792, which computes the SHA-512 hash of m.  But knowing DJB's mindset as
> I do, it's probably not arbitrary, and most likely protects against some
> known possible weakness.  Can anyone elaborate on that?

Here's a response I got on the curvecp list:

See Ed25519 paper, page 10:

"the use of [public key in hashing] is an inexpensive way to alleviate
concerns that several
public keys could be attacked simultaneouslyā€¯


Dmitry Chestnykh

More information about the cryptography mailing list