View Issue Details

IDProjectCategoryView StatusLast Update
0005398GNUnetutil librarypublic2023-09-25 14:26
Reporterbfix Assigned ToChristian Grothoff  
Status closedResolutionreopened 
Platformi7OSDebian GNU/LinuxOS Versionsqueeze
Product VersionGit master 
Target Version0.12.0Fixed in Version0.19.4 
Summary0005398: redundant hash in EdDSA signature process
DescriptionThe EdDSA signature implementation in GNUnet calls the 'gcry_pk_sign
(&sig, msg, prv)' function not with the message itself, but with the
SHA512 hash value of the message.

Due to the intricities of EdDSA signing this is not necessary (hashing
is done in the sign function itself, as more than just the message is
hashed for this).

Although the GNUnet approach is not breaking things technically, it
produces unnecesary load: It is running an extra SHA512 - and because
the signed message is usually rather small (from what I have seen until
now the signed data is smaller than the 64 bytes of a SHA512 result),
the sign functions even needs to hash more data than necessary.

I guess that changing the sign/verify procedure would break
compatibility between new and old nodes and is therefore not feasable. I
just want to mention this in case a major version change is considered.

Thanks for your attention, Bernd.
Additional InformationShould be fixed when we next break compatibility "big time".
TagsNo tags attached.


Christian Grothoff

2019-02-12 09:01

manager   ~0013670

Targeting release 0.12.0 for this.

Christian Grothoff

2019-02-24 08:02

manager   ~0013976

Code to fix this is already in Git, just an #if 1 needs to be toggled. Location is marked with the bug number.

Christian Grothoff

2019-02-24 08:02

manager   ~0013977

(btw, I measured, could not find any difference in performance)

Christian Grothoff

2019-12-07 14:41

manager   ~0015130

Fixed in 7bb0b3291..a6b9d2e18


2019-12-15 15:18

administrator   ~0015182

0.12.0 released


2023-07-02 13:21

administrator   ~0020327

Last edited: 2023-07-02 13:21

This bug in retrospect, does not make sense. Our implementation uses sodium for EdDSA, and the code annotated with this bug number (the "toggle") is only relevant for ECDSA.
Needs review.

Christian Grothoff

2023-07-02 20:16

manager   ~0020328

798c82098..a78213f13 clarifies that hashing must not be done for EdDSA, but *must* be done for ECDSA. Fun API.

Issue History

Date Modified Username Field Change
2018-07-11 23:29 Christian Grothoff New Issue
2018-07-11 23:30 Christian Grothoff Reporter Christian Grothoff => bfix
2018-07-11 23:30 Christian Grothoff Status new => confirmed
2019-02-12 09:01 Christian Grothoff Target Version => 0.12.0
2019-02-12 09:01 Christian Grothoff Note Added: 0013670
2019-02-24 08:01 Christian Grothoff Assigned To => Christian Grothoff
2019-02-24 08:01 Christian Grothoff Status confirmed => assigned
2019-02-24 08:02 Christian Grothoff Note Added: 0013976
2019-02-24 08:02 Christian Grothoff Note Added: 0013977
2019-12-07 14:41 Christian Grothoff Status assigned => resolved
2019-12-07 14:41 Christian Grothoff Resolution open => fixed
2019-12-07 14:41 Christian Grothoff Fixed in Version => 0.12.0
2019-12-07 14:41 Christian Grothoff Note Added: 0015130
2019-12-15 15:18 schanzen Note Added: 0015182
2019-12-15 15:18 schanzen Status resolved => closed
2023-07-02 13:20 schanzen Status closed => new
2023-07-02 13:20 schanzen Resolution fixed => reopened
2023-07-02 13:21 schanzen Note Added: 0020327
2023-07-02 13:21 schanzen Note Edited: 0020327
2023-07-02 20:16 Christian Grothoff Note Added: 0020328
2023-07-02 20:16 Christian Grothoff Status new => resolved
2023-07-02 20:16 Christian Grothoff Fixed in Version 0.12.0 => 0.19.4
2023-09-25 14:26 schanzen Status resolved => closed