[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] gnunet-go status update

From: Jeff Burdges
Subject: Re: [GNUnet-developers] gnunet-go status update
Date: Sat, 7 Sep 2019 13:22:47 +0200

Really?  I would've expected ed25519 arithmetic should handle short scalars 
just fine.  Did you or anyone else track down how the arithmetic failed?

There are bad HDKD protocols that likely do this, which I’ve demonstrated very 
niche vulnerabilities one, but this might give a much bigger vulnerability if 
implemented in Go.


p.s.  This is link fun, although nobody would ever serialise curve points in 
projective coordinates.

> On 7 Sep 2019, at 10:37, Bernd Fix <address@hidden> wrote:
> After running more and longer tests I noticed that about every 16th
> ECDHE key exchanged failed (shared secret mimatch). The investigation
> lead to a problem in the copied and re-used package source from
> The interal scalar multiplication for a
> point returns the wrong result if the scalar has a bitlen <= 248 (that
> is, has the most significant byte of its binary representation set to zero).
> This bug does not "disturb" the EdDSA key generation (the private scalar
> is always large enough, because it is generated that way). Even the
> EdDSA signing and verification algos work OK with it.
> I filed an issue with the Golang people
> (, but I consider it unlikely
> that the "bug" will be fixed at all - I even believe that it is on
> purpose (optimization).
> So I wrote a functional, but less performant Ed25519 implementation by
> re-using the ECC stuff I did for the bitcoin package in the Gospel
> library. The new code is now also part of it
> (
> I am using that package in gnunet-go for now; all unit tests pass but I
> am certain there will be a few minor glitches when it comes to actually
> using it in processing GNUnet messages.
> Therefore I would appreciate feedback (and bug reports); anyone playing
> around with gnunet-go needs to update:
> $ go get -u
> $ cd gnunet-go
> $ git pull
> Cheers, Bernd.
> _______________________________________________
> GNUnet-developers mailing list
> address@hidden

Attachment: signature.asc
Description: Message signed with OpenPGP

reply via email to

[Prev in Thread] Current Thread [Next in Thread]