[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #25552 [Core Tor/Tor]: prop224: Onion service rev counters are useless and actually harmful for scalability



#25552: prop224: Onion service rev counters are useless and actually harmful for
scalability
-------------------------------------------------+-------------------------
 Reporter:  asn                                  |          Owner:  (none)
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.3.1.9
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-hs prop224 034-roadmap-proposed  |  Actual Points:
Parent ID:                                       |         Points:  4
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by asn):

 Replying to [comment:8 asn]:
 > Latest plan: According to RFC 8032:
 > {{{
 >    Some systems assume signatures are not malleable: that is, given a
 >    valid signature for some message under some key, the attacker can't
 >    produce another valid signature for the same message and key.
 >
 >    Ed25519 and Ed448 signatures are not malleable due to the
 >    verification check that decoded S is smaller than l.  Without this
 >    check, one can add a multiple of l into a scalar part and still pass
 >    signature verification, resulting in malleable signatures.
 > }}}
 >
 > We should check if our ed25519 implementations do the above check. If
 they do, it should be possible to just replay cache the `ED25519_SIG_LEN`
 bytes of our `ed25519_signature_t`. I plan to look at our implementation
 this week to see if the aboce check is done, then send an email to Ian
 Goldberg, and if he agrees that it's legit, proceed with this plan.

 Progressed with plan: https://lists.torproject.org/pipermail/tor-
 dev/2018-April/013074.html

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25552#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs