Support Ed25519ph (HashEdDSA) RFC 8032 Section 5

dchest / tweetnacl-js

Port of TweetNaCl cryptographic library to JavaScript

https://tweetnacl.js.org

The Unlicense

1.75k stars 292 forks source link

Support Ed25519ph (HashEdDSA) RFC 8032 Section 5 #243

Closed zamicol closed 2 years ago

zamicol commented 2 years ago

See RFC 8032 Section 5.

The latest FIPS draft is requiring ed25519ph support.

https://csrc.nist.gov/publications/detail/fips/186/5/draft
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft.pdf See section 7.8

As another comparison, Go 1.19 will implemented ed25519ph.

PyNaCl is also working on high level support.

For comparison with other algorithms, ECDSA (ES224, ES256, ES384, ES512) uses the "post hash" design pattern.

dchest commented 2 years ago

This is probably out of scope for this project, since it's a port of the original TweetNaCl with some conveniences that don't involve changing or adding cryptographic primitives. However, I'll be happy to accept PRs in https://github.com/StableLib/stablelib for ed25519ph.

zamicol commented 2 years ago

That's a reasonable plan. 👍

Thank you for your work on this fantastic open source library.