[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Interest in collaborating on a standard Ed25519 key blinding scheme?



On Wed, Mar 22, 2017 at 6:15 AM, Nick Mathewson <nickm@xxxxxxxxxxxxxx> wrote:
Hi! I guess we could keep an eye on the process, though I don't know that I'd have much to contribute myself: I'm more of a crypto consumer than a crypto generator.  Maybe one of the developers who knows crypto better can join in here?

The main notable points of discussion so far have all been around preserving Ed25519's original "clamping" invariants. I didn't see any discussion of this in the current Tor spec.
 
As for adoption: we're on track to deploy next generation hidden services some time this year, ideally in the next 4 or 5 months, so the window to converge on a common system is small by standards-body standards. 

Yeah, that's a blink of an eye in the IETF timescale. However, I think if you incorporate some feedback into your current design and do end up shipping it before a draft standard undergoes the requisite bikeshedding, the "running code" aspect of Tor using it in the wild will probably help the standard converge around whatever you ship. Worked out for Ed25519 itself, anyway.

--
Tony Arcieri
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev