Re: [tor-dev] Interest in collaborating on a standard Ed25519 key blinding scheme?

Subject: Re: [tor-dev] Interest in collaborating on a standard Ed25519 key blinding scheme?

From: Tony Arcieri <bascule@xxxxxxxxx>

Date: Wed, 22 Mar 2017 09:07:31 -0700

Delivery-date: Wed, 22 Mar 2017 12:08:08 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=s7v8vKAfGhoN1wRFgBj60mzOzYfbHBjNPRj3W/D1slA=; b=jhOQvKX/DT7rdcpS8B+Z/oOZOv+roPVPs6xZdUEpwUc+36Qpyaw5xUy1qe4yfH5Ewh 1AstYp5WyQvJxC9YF29IzvA6ueyAqv8kj+tif4muPWQq978NCn1Tf3hBQywU0rhV+qOH dIAe5OYi13eoNLCjgzrjIbdlDn6VCsbPBkewMRnoBqINFTURg1SaDW0IswKX7HJVEL22 3mjkXgQPYB/5fAfEa/VsY2y919Kw97gl+Av2q5Osx4cEPKtJIjDGxUF+VpzXX3+3FR3h ub8+KNaAO14B5r/iKhoUDO/RWfisviKO7DfOSdmMCIB8Jd4TsISzgAwKE7LHRixfs9iq Nikw==

In-reply-to: <CAKDKvuyQjn1KRxxHOhXEgZFAu1OfSgz7L6oSKTcAQ2e_Fn8thA@mail.gmail.com>

List-archive: <http://lists.torproject.org/pipermail/tor-dev/>

List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>

List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>

List-post: <mailto:tor-dev@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>

References: <CAHOTMVJkB_f7Eo4K=KFP3FODeZj=dneaRBnBk14m58=+x+DYZQ@mail.gmail.com> <CAKDKvuyQjn1KRxxHOhXEgZFAu1OfSgz7L6oSKTcAQ2e_Fn8thA@mail.gmail.com>

Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On Wed, Mar 22, 2017 at 6:15 AM, Nick Mathewson <nickm@xxxxxxxxxxxxxx> wrote:

Hi! I guess we could keep an eye on the process, though I don't know that I'd have much to contribute myself: I'm more of a crypto consumer than a crypto generator. Maybe one of the developers who knows crypto better can join in here?

The main notable points of discussion so far have all been around preserving Ed25519's original "clamping" invariants. I didn't see any discussion of this in the current Tor spec.

As for adoption: we're on track to deploy next generation hidden services some time this year, ideally in the next 4 or 5 months, so the window to converge on a common system is small by standards-body standards.

Yeah, that's a blink of an eye in the IETF timescale. However, I think if you incorporate some feedback into your current design and do end up shipping it before a draft standard undergoes the requisite bikeshedding, the "running code" aspect of Tor using it in the wild will probably help the standard converge around whatever you ship. Worked out for Ed25519 itself, anyway.

Tony Arcieri

_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev