[tor-dev] Interest in collaborating on a standard Ed25519 key blinding scheme?

Tony Arcieri bascule at gmail.com
Wed Mar 22 16:07:31 UTC 2017

On Wed, Mar 22, 2017 at 6:15 AM, Nick Mathewson <nickm at torproject.org>

> Hi! I guess we could keep an eye on the process, though I don't know that
> I'd have much to contribute myself: I'm more of a crypto consumer than a
> crypto generator.  Maybe one of the developers who knows crypto better can
> join in here?

The main notable points of discussion so far have all been around
preserving Ed25519's original "clamping" invariants. I didn't see any
discussion of this in the current Tor spec.

> As for adoption: we're on track to deploy next generation hidden services
> some time this year, ideally in the next 4 or 5 months, so the window to
> converge on a common system is small by standards-body standards.

Yeah, that's a blink of an eye in the IETF timescale. However, I think if
you incorporate some feedback into your current design and do end up
shipping it before a draft standard undergoes the requisite bikeshedding,
the "running code" aspect of Tor using it in the wild will probably help
the standard converge around whatever you ship. Worked out for Ed25519
itself, anyway.

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20170322/bf76bb28/attachment.html>

More information about the tor-dev mailing list