Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
crypto/ed25519: Implement Ed25519ph #31804
The Ed25519ph variant specified in RFC 8032 allows signing/verifying a message that has already been hashed with SHA-512 without risking the collision-resistant properties of "PureEdDSA" when using the same keys for messages signed using both schemes.
This is useful in at least two scenarios:
This variant can be implemented minimally using the existing
Due to the additional internal hash initialization, there is no way to implement this without forking the package or upstreaming an implementation patch.
I will send a CL with a proposed implementation.