[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #8106 [Tor]: Make .onion addresses harder to harvest by directory servers



#8106: Make .onion addresses harder to harvest by directory servers
-----------------------------+----------------------------------------------
 Reporter:  asn              |          Owner:                    
     Type:  defect           |         Status:  new               
 Priority:  major            |      Milestone:  Tor: 0.2.5.x-final
Component:  Tor              |        Version:                    
 Keywords:  SponsorZ tor-hs  |         Parent:                    
   Points:                   |   Actualpoints:                    
-----------------------------+----------------------------------------------

Comment(by asn):

 Replying to [comment:1 rransom]:
 > Replying to [ticket:8106 asn]:
 >
 > > On actual solutions, Robert posted:
 > > https://lists.torproject.org/pipermail/tor-
 dev/2012-September/004026.html
 > > some months ago. I don't have the cryptographic skills to robustly
 analyze his idea, but if this is the only thing we have, we should point
 some cryptographers at it so that it gets some comments.
 >
 > For an Ed25519-based signature scheme with both the public-key group
 element and the base point blinded, the verification equation is
 equivalent to `S*B = (HB(nonce, B, A)^(-1))*R + H(R, HB(nonce, B, A)*B,
 HB(nonce, B, A)*A, M)*A`, where `R` is carefully chosen to be a uniform
 random group element and `HB(nonce, B, A)` is (computationally)
 independent of `R`.  This equation does not leak any more information
 about the log of `A` than the verification equation for unmodified Ed25519
 does, so this cryptosystem is obviously as safe as Ed25519.
 >

 Thanks for your last message (wrt onion address sizes using your scheme).

 Another question: how did you end up with `S*B = (HB(nonce, B, A)^(-1))*R
 + H(R, HB(nonce, B, A)*B, HB(nonce, B, A)*A, M)*A` as the verification
 equation of ed25519? How did the extra `HB(nonce, B, A)*B` get into H()?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8106#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs