#Libsodium sealed boxes: multiple (32) working secret keys for one public key
Is it considerable as a "bug"? ¯\_(ツ)_/¯
--> https://resolverblog.blogspot.com/2019/03/libsodium-sealed-boxes-multiple-32.html …
cc: @jedisct1 @bsimser
ccn: @arealshadow
-
-
This is by design. It ensures that the scalar is a multiple of the cofactor, so that the resulting point is either on the prime order group, or the identity. So you are always safe against small-order group attacks without having to explicitly validate public keys.
2 replies 1 retweet 3 likes -
Thanks for the explanation!
2 replies 0 retweets 0 likes
The top bit is the sign, which is useless in X25519, so it’s ignored.
11:05 AM - 8 Mar 2019
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.