[anti-censorship-team] obfs4proxy-0.0.12 (2021-12-31) fixes the Elligator2 bug
david at bamsoftware.com
Fri Jan 14 02:27:09 UTC 2022
The upstream obfs4 repository has a fix to the Elligator2 public key
representative leak (https://github.com/agl/ed25519/issues/27).
All releases prior to this commit are trivially distinguishable
with simple math, so upgrading is strongly recommended. The
upgrade is fully backward-compatible with existing
implementations, however the non-upgraded side will emit traffic
that is trivially distinguishable from random.
The file internal/README.md elaborates:
All existing versions prior to the migration to the new code
(anything that uses agl's code) are fatally broken, and trivial
to distinguish via some simple math. For more details see Loup
Vaillant's writings on the subject. Any bugs in the
implementation are mine, and not his.
Representatives created by this implementation will correctly be
decoded by existing implementations. Public keys created by this
implementation be it via the modified scalar basepoint multiply
or via decoding a representative will be somewhat non-standard,
but will interoperate with a standard X25519 scalar-multiply.
As the obfs4 handshake does not include the decoded
representative in any of it's authenticated handshake digest
calculations, this change is fully-backward compatible (though
the non-upgraded side of the connection will still be trivially
distinguishable from random).
More information about the anti-censorship-team