[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #12694 [Tor]: Upgrade to latest curve25519-donna32



#12694: Upgrade to latest curve25519-donna32
----------------------------------+------------------------------------
 Reporter:  nickm                 |          Owner:
     Type:  defect                |         Status:  new
 Priority:  major                 |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor                   |        Version:
 Keywords:  tor-relay curve25519  |  Actual Points:
Parent ID:                        |         Points:
----------------------------------+------------------------------------
 Adam Langley has updated the 32-bit curve25519-donna implementation so
 that it behaves the same as the 64-bit one (and the same as nacl) for all
 keys and scalars.  The old one had bounds-checking problems.  His commit
 message:
 {{{
     Correct bounds in 32-bit code.

     The 32-bit code was illustrative of the tricks used in the original
     curve25519 paper rather than rigorous. However, it has proven quite
     popular.

     This change fixes an issue that Robert Ransom found where outputs
 between
     2^255-19 and 2^255-1 weren't correctly reduced in fcontract. This
     appears to leak a small fraction of a bit of security of private keys.

     Additionally, the code has been cleaned up to reflect the real-world
     needs. The ref10 code also exists for 32-bit, generic C but is
 somewhat
     slower and objections around the lack of qhasm availibility have been
     raised.
 }}}

 To be clear, this does not seem to affect most private keys, and for the
 private keys it does affect, it doesn't actually appear to weaken them
 appreciably.  Still, it's not the kind of behavior that it seems okay to
 leave in our implementation.  So let's upgrade.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12694>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs