Open masomel opened 8 years ago
wbl
commented
8 years ago Do we want to use the pairing-based crypto approach on top of a vendored library? I think I can do that without too much trouble, and make a VUF library with a sane API (maybe not that Javaish).
masomel
commented
8 years ago Thanks for your suggestion! But the approach we prefer now is DL-based VRF. We describe a specific construction that @jcb82 designed specifically for CONIKS in Appendix A of our paper.
liamsi
commented
8 years ago In case you can consider using an existing implementation instead: Seems like @moxie and @trevp worked on a clean Java implementation (I'm not sure yet how much or if it differs from @jcb82's construction): https://github.com/WhisperSystems/curve25519-java/blob/f596383883d19304a91caeb723323c0892feda24/common/src/main/java/org/whispersystems/curve25519/Curve25519.java It is specified here: https://whispersystems.org/docs/specifications/xeddsa/
masomel
commented
8 years ago I'll definitely look into this implementation, and maybe ask Joe if he's had a chance to review it, but it would be great if we could just import it.
Currently the server only hashes the username string. Need to implement the VUF (per the paper) and have the client verify it during lookups.