[tor-bugs] #22006 [Core Tor/Tor]: prop224: Validate ed25519 pubkeys to remove torsion component

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jun 23 12:19:53 UTC 2017


#22006: prop224: Validate ed25519 pubkeys to remove torsion component
-------------------------------------------------+-------------------------
 Reporter:  asn                                  |          Owner:  asn
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.3.2.x-final
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-hs, prop224, ed25519, review-    |  Actual Points:
  group-18                                       |
Parent ID:  #21888                               |         Points:
 Reviewer:  nickm                                |        Sponsor:
                                                 |  SponsorR-can
-------------------------------------------------+-------------------------
Changes (by nickm):

 * status:  needs_review => needs_revision


Comment:

 I left some quick notes on the patch.  I need somebody mathy to look at
 the actual multiplication functions, since they're outside my comfort
 zone.

 The final functional commit, which makes all the keys get validated, can't
 stay -- it's too slow.  Let's do the discussed-above option instead.
 Please let me know if you need any help figuring out how to do the
 authority-side logic: the keypin functionality should make it easy.

 I don't think we can do decaf encoding on ed25519 identities: they are
 already published in descriptors and interpreted widely. For hidden
 services and decaf, I don't know how hard the transition would be. The
 only place to change the encoding would be in .onion addresses, and I
 don't know whether there's time/energy to do that in the current state of
 prop224.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22006#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list