On Friday, April 19, 2019 at 7:44:42 AM UTC-7, Marvin Renich wrote: > > * Dave Cohen <davec...@gmail.com <javascript:>> [190419 10:25]: > > I'm working on code that signs a message with an ed25519 key. > > > > I expected that when signing the same message over and over, I'd get a > > different signature each time. > > > > But I find when I run the test (below) more than once, I get the same > > signature bytes each time. Here's sample (identical) output from two > > consecutive tests: > > From Wikipedia (https://en.wikipedia.org/wiki/EdDSA): > > Like other discrete-log-based signature schemes, EdDSA uses a secret > value called a nonce unique to each signature. In the signature > schemes DSA and ECDSA, this nonce is traditionally generated > randomly for each signature.... In contrast, EdDSA chooses the > nonce deterministically as the hash of the private key and the > message. > > I've snipped quite a bit; you should read the link. From this I would > expect the signature to be the same each time for a given message. > > ...Marvin >
Thanks! That explains it perfectly. I was incorrectly assuming ed25519 signing used ECDSA, when its actually EdDSA, which importantly uses the deterministic nonce. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
