Open antonio-fr opened 5 years ago
I understand your change for signing but,
Also, now it checks the signature parity flags during a verification, in virtually no time. This checks prevents transaction malleability, because anyone can trivially build a different signature, without knowing the private key, since the parity flag wasn't checked at verification time.
eosio isn't vulnerable to transaction malleability because the signature isn't part of a transaction's uniqueness, i.e. the signature doesn't make up part of the transaction ID. I don't follow what you're trying to accomplish for your changes on verification can you explain that further?
Well actually I don't know in details the transaction design in EOS. So maybe the issue about this point is not so big. Anyway, the change for the verification part is adding the check of the parity flag. I think this is an inprovement to verify all information provided in the signature, with virtually no added computation time.
78% of the time spent during a signature was used to computationally recover the parity of R.y, which was not even checked during the signature verification. This change reads ans saves the R.y parity to save a lot of time during a signature. Signatures are now 4.5 times faster. Also, now it checks the signature parity flags during a verification, in virtually no time. This checks prevents transaction malleability, because anyone can trivially build a different signature, without knowing the private key, since the parity flag wasn't checked at verification time.