[tor-bugs] #22006 [Core Tor/Tor]: prop224: Validate ed25519 pubkeys to remove torsion component
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jun 27 18:18:08 UTC 2017
#22006: prop224: Validate ed25519 pubkeys to remove torsion component
-------------------------------------------------+-------------------------
Reporter: asn | Owner: asn
Type: defect | Status:
| needs_review
Priority: Medium | Milestone: Tor:
| 0.3.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-hs, prop224, ed25519, review- | Actual Points:
group-18 |
Parent ID: #21888 | Points:
Reviewer: nickm, isis | Sponsor:
| SponsorR-can
-------------------------------------------------+-------------------------
Comment (by catalyst):
It would be nice to have a summary of what security goals this validation
accomplishes, given that ed25519 signature verification already nulls out
the cofactor. (e.g., what can an adversary do with a non-canonical onion
address and no private key for it?) Also, I suspect that the HS and non-
HS cases have slightly different security goals, and these would be good
to distinguish.
Terminology nit: all the sources I can easily find define a torsion point
as one that has finite order. So as I understand it, all ed25519 points
are "torsion points". Maybe use "small-torsion component or "small-order
component" instead of "torsion component"?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22006#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list