[tor-dev] One Valid Next-Generation Onion Address per Private Key

teor teor2345 at gmail.com
Sun Mar 26 11:39:08 UTC 2017

Hi all,

Most onion service users expect that there is only one valid onion
address for their private key. (For example, one address is listed in
SSL certificates.)

I spoke with Ian, and he said that as part of validating the onion
address, we should check if it is a valid point.

He said we need to multiply the point by L, and make sure there's no
torsion component (that is, that the result is the identity).

This avoids the complexity of choosing a canonical point using some
lexicographic order, or the complexity of using something like decaf.

(Hopefully, Ian will write back if I transcribed things incorrectly.)

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
xmpp: teor at torproject dot org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20170326/dfe58888/attachment.sig>

More information about the tor-dev mailing list