[tor-bugs] #25552 [Core Tor/Tor]: prop224: Onion service rev counters are useless and actually harmful for scalability
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 18 13:18:30 UTC 2018
#25552: prop224: Onion service rev counters are useless and actually harmful for
scalability
-------------------------------------------------+-------------------------
Reporter: asn | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version: Tor:
| 0.3.1.9
Severity: Normal | Resolution:
Keywords: tor-hs prop224 034-roadmap-proposed | Actual Points:
Parent ID: | Points: 4
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by asn):
Replying to [comment:8 asn]:
> Latest plan: According to RFC 8032:
> {{{
> Some systems assume signatures are not malleable: that is, given a
> valid signature for some message under some key, the attacker can't
> produce another valid signature for the same message and key.
>
> Ed25519 and Ed448 signatures are not malleable due to the
> verification check that decoded S is smaller than l. Without this
> check, one can add a multiple of l into a scalar part and still pass
> signature verification, resulting in malleable signatures.
> }}}
>
> We should check if our ed25519 implementations do the above check. If
they do, it should be possible to just replay cache the `ED25519_SIG_LEN`
bytes of our `ed25519_signature_t`. I plan to look at our implementation
this week to see if the aboce check is done, then send an email to Ian
Goldberg, and if he agrees that it's legit, proceed with this plan.
Progressed with plan: https://lists.torproject.org/pipermail/tor-
dev/2018-April/013074.html
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25552#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list