ed25519 uses SHA-512 in its signature algorithm. Since we already use BLAKE3 to hash files, we could use BLAKE3 as the digest in our signature algorithm instead. ed25519 requires a 512 bit digest, and BLAKE3 is 256 bits by default, but BLAKE3 is an XOF, so it's trivial to produce 512 bits of output.
Pros:
Remove dependency on SHA-512
Only depend on the security of one hash function
Cons:
Our signatures would no longer be standard ed25519 signatures
The con is a major one. We would lose compatibility with other ed25519 implementations, like libraries and hardware devices. This is probably not worth doing, but I wanted to create this issue to allow for some discussion.
ed25519 uses SHA-512 in its signature algorithm. Since we already use BLAKE3 to hash files, we could use BLAKE3 as the digest in our signature algorithm instead. ed25519 requires a 512 bit digest, and BLAKE3 is 256 bits by default, but BLAKE3 is an XOF, so it's trivial to produce 512 bits of output.
Pros:
Cons:
The con is a major one. We would lose compatibility with other ed25519 implementations, like libraries and hardware devices. This is probably not worth doing, but I wanted to create this issue to allow for some discussion.