New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

S<l malleability #125

Closed

ghost opened this issue Mar 2, 2014 · 1 comment

ghost commented Mar 2, 2014

It's my understanding that this library uses SUPERCOP which uses Ref10 which omitted a check for S<l to prevent malleability.

Is this corrected in the nacl library?

http://stackoverflow.com/a/19162037/1382306
http://crypto.stackexchange.com/questions/14712/non-standard-signature-security-definition-conforming-ed25519-malleability/

Owner

jedisct1 commented Sep 25, 2014

The check was added in 4099618
I am not convinced that this is necessary, but I hardly see any practical downsides either.

This breaks compatibility with other implementations, though. So if none of them follow, this might be reverted before the next release is tagged.

jedisct1 closed this as completed

aep mentioned this issue

Ed25519 malleability vs libsodium dalek-cryptography/ed25519-dalek#20

Open

Repository owner locked and limited conversation to collaborators

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.