-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ed25519_sign() is significantly different from current libsodium/SUPERCOP ref10 implementations (and generates incompatible output) #10
Comments
@rdeker Please share any ideas and work. That will help everyone involved :-) |
I've forked this project and have one with a couple of fixes available at https://github.com/rdeker/ed25519 . To date I haven't heard anything in response to my pull request. |
Sorry for the late response. I finally got around to checking this. ref10 stores the private key by storing the seed (32 bytes) and public key (32 bytes) as the 'private key'. I instead straight up store the hashed seed (64 bytes) as the private key to not have to re-hash the seed on every sign operation. So if you simply use the 64 bytes from the ref10 'private key' as the private key in this library you will end up with incorrect results. If you wish to convert a ref10 private key to a private key for this library you can use:
|
See also this previous question about this exact topic: #1 (comment) |
@orlp Is it worth putting some info about this prominently on the main README.md? This tripped me up for quite a while, until I dug into closed issues. I imagine a lot of people will expect this to play nicely with other implementations. (Note: I completely understand why you do what you do, but it may be missed by many). |
In working with your implementation, I was doing some testing against other code I have that uses libsodium, and noted that the ed25519 signatures produced by each were entirely different. After some digging, I noted that the implementation of ed25519_sign() you provide does not match the current libsodium/SUPERCOP ref10 (20141124) implementations.
I have an updated version that is interoperable that I'd be happy to submit if you'd like.
The text was updated successfully, but these errors were encountered: