View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005398 | GNUnet | util library | public | 2018-07-11 23:29 | 2023-09-25 14:26 |
| Reporter | bfix | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | closed | Resolution | reopened | ||
| Platform | i7 | OS | Debian GNU/Linux | OS Version | squeeze |
| Product Version | Git master | ||||
| Target Version | 0.12.0 | Fixed in Version | 0.19.4 | ||
| Summary | 0005398: redundant hash in EdDSA signature process | ||||
| Description | The EdDSA signature implementation in GNUnet calls the 'gcry_pk_sign (&sig, msg, prv)' function not with the message itself, but with the SHA512 hash value of the message. Due to the intricities of EdDSA signing this is not necessary (hashing is done in the sign function itself, as more than just the message is hashed for this). Although the GNUnet approach is not breaking things technically, it produces unnecesary load: It is running an extra SHA512 - and because the signed message is usually rather small (from what I have seen until now the signed data is smaller than the 64 bytes of a SHA512 result), the sign functions even needs to hash more data than necessary. I guess that changing the sign/verify procedure would break compatibility between new and old nodes and is therefore not feasable. I just want to mention this in case a major version change is considered. Thanks for your attention, Bernd. | ||||
| Additional Information | Should be fixed when we next break compatibility "big time". | ||||
| Tags | No tags attached. | ||||
|
|
Targeting release 0.12.0 for this. |
|
|
Code to fix this is already in Git, just an #if 1 needs to be toggled. Location is marked with the bug number. |
|
|
(btw, I measured, could not find any difference in performance) |
|
|
Fixed in 7bb0b3291..a6b9d2e18 |
|
|
0.12.0 released |
|
|
This bug in retrospect, does not make sense. Our implementation uses sodium for EdDSA, and the code annotated with this bug number (the "toggle") is only relevant for ECDSA. Needs review. |
|
|
798c82098..a78213f13 clarifies that hashing must not be done for EdDSA, but *must* be done for ECDSA. Fun API. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2018-07-11 23:29 | Christian Grothoff | New Issue | |
| 2018-07-11 23:30 | Christian Grothoff | Reporter | Christian Grothoff => bfix |
| 2018-07-11 23:30 | Christian Grothoff | Status | new => confirmed |
| 2019-02-12 09:01 | Christian Grothoff | Target Version | => 0.12.0 |
| 2019-02-12 09:01 | Christian Grothoff | Note Added: 0013670 | |
| 2019-02-24 08:01 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2019-02-24 08:01 | Christian Grothoff | Status | confirmed => assigned |
| 2019-02-24 08:02 | Christian Grothoff | Note Added: 0013976 | |
| 2019-02-24 08:02 | Christian Grothoff | Note Added: 0013977 | |
| 2019-12-07 14:41 | Christian Grothoff | Status | assigned => resolved |
| 2019-12-07 14:41 | Christian Grothoff | Resolution | open => fixed |
| 2019-12-07 14:41 | Christian Grothoff | Fixed in Version | => 0.12.0 |
| 2019-12-07 14:41 | Christian Grothoff | Note Added: 0015130 | |
| 2019-12-15 15:18 | schanzen | Note Added: 0015182 | |
| 2019-12-15 15:18 | schanzen | Status | resolved => closed |
| 2023-07-02 13:20 | schanzen | Status | closed => new |
| 2023-07-02 13:20 | schanzen | Resolution | fixed => reopened |
| 2023-07-02 13:21 | schanzen | Note Added: 0020327 | |
| 2023-07-02 13:21 | schanzen | Note Edited: 0020327 | |
| 2023-07-02 20:16 | Christian Grothoff | Note Added: 0020328 | |
| 2023-07-02 20:16 | Christian Grothoff | Status | new => resolved |
| 2023-07-02 20:16 | Christian Grothoff | Fixed in Version | 0.12.0 => 0.19.4 |
| 2023-09-25 14:26 | schanzen | Status | resolved => closed |
