Can you ask again without 6 layers of abstraction? What’s a specific example?
-
-
A server that I trust gave me a signed representation of my birth certificate. I want to give it to you, and I want you to trust it, and I know you trust that server. We both can't talk to that server right now.
1 reply 0 retweets 0 likes -
That sounds like a signature. Ed25519 it.
2 replies 0 retweets 1 like -
Replying to @lvh
Patrick Toomey Retweeted lvh
Pretty good thread . Thanks for the chat
@lvh.https://twitter.com/lvh/status/1005085612607787009 …Patrick Toomey added,
2 replies 0 retweets 2 likes -
Replying to @patricktoomey @lvh
No, don't use Ed25519. Use a probabilistic signature scheme that derives nonces from private key, message and some randomness.
2 replies 0 retweets 0 likes -
-
-
Incidentally, I thought the XEdDSA specification was going to be updated to move the random value so that the private key and the message weren't in the same hash block, but https://signal.org/docs/specifications/xeddsa/ … doesn't seem to have that change. I wonder if that is actually the latest version.
1 reply 0 retweets 1 like -
Replying to @BRIAN_____ @XorNinja and
If you care about fault injection attacks then I don't know that any variant of Ed25519 is good to use, because Ed25519 is usually implemented using x-coordinate only multiplication so you can't verify that the result is on the curve. (IDK if that's necessary or sufficient yet.)
2 replies 0 retweets 0 likes -
Replying to @BRIAN_____ @XorNinja and
relatedlypic.twitter.com/74Rh0njhNF
1 reply 0 retweets 0 likes
*ring* always does a a private-public consistency check when loading (private) keys, unless you opt out of it. Otherwise, I don't think it makes sense to talk about "Curve25519" when deciding these things as you might have different answers for X25519, Ed25519, etc.
-
-
Replying to @BRIAN_____ @XorNinja and
fair enough, i just love that gif whenever questions about x-only curve math pops up
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.